Serbian police have arrested a 38-year-old man from Belgrade on suspicion of being part of the infamous The Dark Overlord (TDO) hacking crew.
The arrest took place earlier today. Police did not release the suspect’s name, only his initials (S.S.), year of birth (1980), and city (Belgrade).
Serbia’s Criminal Police Directorate (UCC) made the arrest in collaboration with the US Federal Bureau of Investigation (FBI).
TDO is today’s top hacker group
TDO is one of most infamous hacking groups still in activity, behind many hacks and extortion attempts.
In a press release published by Serbia’s Ministry of Internal Affairs, the group is accused of hacking and stealing data from over 50 victims since June 2016, and making over $275,000 from successful extortions, which the group usually asked as Bitcoin transfers. Below is a small (and arguably incomplete) list with just some of the few hacks that got media coverage.
The hacker group also operated an active Twitter account where it would often issue threats against organizations or list their hacks. Here is just one of the tens of such tweets the group would often send out.
TDO generally targeted orgs in healthcare and education
TDO has been especially active in the past 2-3 years targeting the healthcare and educational sector especially, although, in conversations with this reporter, the group peddled various other breaches for which they wanted to get media coverage.
This reporter declined because by that time it became clear the group was using news outlets [1, 2] to put pressure on breached companies to pay extortion demands.
When hacking wasn’t enough, the group embarked on campaign of threatening the hacked victims with physical violence. Notorious was a campaign in 2017 that took place in the US, where the hacker group would breach high-schools, steal personal data, and ask for a ransom. If the school didn’t pay, they would use the stolen data to contact and threaten the school’s students and staff.
The hacks and threats got so bad that both the FBI and the US Education Department sent security alerts to schools warning of the hacker groups’ tactics.
FBI tried and fail to hack TDO members last fall
In conversations with this reporter, the group was well aware that the FBI was on its tail. In November 2017, the group bragged to a fellow reporter about dodging one of the hacking tools FBI agents tried to infect the hackers and identify their whereabouts.
It is unknown S.S.’ role in the larger TDO group, who claimed several times they were a collective. Without any info, S.S. could be the leader, a pawn, or just a hapless copycat.
A man signing extortion notes with the moniker “The Dark Overlords” (with an extra “s” at the end) was arrested last year in the UK. It is unclear if he’s a legitimate member of the actual TDO group, or just a copycat taking advantage of the group’s fame.