On Wednesday, authorities in Serbia announced the arrest of a suspected member of The Dark Overlord, a notorious hacking group that has wreaked havoc across the US and UK, breaching everything from a Netflix-linked production studio to a plastic surgery with celebrity customers.
But it appears The Dark Overlord, or at least some members of it, are still operational, raising questions around how effective this particular arrest may be at stopping the group.
“We’re still here,” someone in control of an email account long used by the group told Motherboard in a brief message on Thursday.
Asked by Motherboard how anyone can be sure that whoever is in control of the email account is in fact a member of The Dark Overlord—and not, say, an undercover officer—the person said "You'll know it's us when we continue to slay away at the plethora of companies deserving of our visit. However, it's us, and we're all still here."
In their press release, Serbian authorities say they arrested one person with the initials S. S., aged 38. The announcement adds that charges will be brought against the individual for unauthorized access to a protected computer and other hacking and extortion offenses.
In its announcement, Serbian authorities said it acted as part of an investigation conducted by the FBI. The FBI declined to comment.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on email@example.com, or email firstname.lastname@example.org.
The Dark Overlord first appeared in summer 2016, when it targeted medical centres in the US. The group’s general modus operandi was to advertise data on the dark web—not to sell it, but to pressure victims into paying a ransom. Soon, the group became much more intertwined with the media, dishing out ‘exclusives’ and access to certain data sets, with the intent of that coverage also squeezing victim’s wallets. The Dark Overlord also hacked commercial companies such as Gorilla Glue. In all, the hacking group has compromised at least 50 victims since June 2016, according to a Google translated version of the Serbian authorities’ announcement.
Dark Overlord members even write-up psuedo-contracts for their victims, detailing the amount to be paid, and that the victim should not communicate with law enforcement. Most famously, this sort of arrangement is apparently why the group published yet-to-be-aired episodes of Orange Is the New Black as part of its extortion campaign against Netflix. The victim, a production studio called Larson Studios, assisted the FBI in its investigation irking the hacking crew, Variety reported at the time.
This isn’t the first time law enforcement have made arrests around The Dark Overlord’s orbit. Last year, court documents showed the FBI was investigating a security researcher for his communications with the gang (it appears that was a dead-end; the researcher, who was facing unrelated charges, is now free). British authorities also arrested a man allegedly using the handle ‘Crafty Cockney’ who was somehow connected to the group. This person allegedly tried to sell hacked photos of the British royal family in 2016.
In their emails to Motherboard, The Dark Overlord distanced themselves from the man Serbian authorities arrested, as well as another cybercriminal, Grant West, who used the handle Courvoisier. Earlier this month, British authorities released CCTV footage of West's arrest. West is awaiting sentencing.
"The alleged S.S. and Grant West are not associated with thedarkoverlord organisation," the person behind the email account wrote.
"We've lost no one to any arrests," they added.
Update: This piece has been updated to include more information from the person in control of The Dark Overlord email account.