A hacker, or group of hackers, has wrecked havoc across the United States since last summer. Going by the handle The Dark Overlord, the group has stolen data from over a dozen companies and organizations, and then attempted to aggressively extort the victims.
Someone who has criss-crossed with that ongoing story is Justin Shafer, a security researcher who reportedly discovered exposed and sensitive data on the open internet. And as it turns out, the FBI is investigating links between Shafer and The Dark Overlord.
"As part of their case, FBI Atlanta is investigating Justin Shafer as a co-conspirator of 'TheDarkOverlord'," an affidavit filed in the Northern District of Texas last week reads. Databreaches.net first reported on the document, but with another focus: the complaint accuses Shafer with cyberstalking crimes.
To be absolutely clear, Shafer has not been charged with any crime related to The Dark Overlord's operations. He has, however, been charged for allegedly harassing a specific FBI agent and their family online with tweets and Facebook posts including personal information.
But the complaint still gives some insight into the FBI's ongoing investigation of a prolific cybercrime group, and goes into some detail of the perceived links between Shafer and The Dark Overlord.
In May of last year, the FBI raided Shafer's house in Texas after he found patient data on a public server. Then in January, the FBI did the same again, and found Shafer was in possession of a medical database that The Dark Overlord had advertized for sale on the dark web.
"So.. The Dark Lord sent me the Farmington MO database," Shafer told Motherboard in a Twitter message last year. Shafer also said he sent a copy of the data to the FBI. (In his research, Shafer has previously shown that a company was allegedly misleading its customers about properly securing their data).
During that January raid, the affidavit claims Shafer was in a chat session with The Dark Overlord. Multiple FBI Divisions have allegedly found other links between Shafer and the group, including IP addresses, emails, and social media accounts, the affidavit continues.
The Dark Overlord has claimed responsibility for around 15 major data breaches, and the sale of one million customer records, the document adds. As Motherboard has reported, those include large companies such as Gorilla Glue, and The Dark Overlord also apparently targeted a clinic for cancer victims.
"In most cases, 'TheDarkOverlord' extorted his victims with verbose, condescending, and abusive language, and taunted victim companies, their employees, and (in at least one case) the children of victim employees," the affidavit continues. Indeed, the hackers seem to enjoy projecting a whimsical and yet intimidating image, with long Pastebin posts mocking their targets.
"Existence is a series of footnotes to a vast, obscure, unfinished masterpiece," the group tweeted in December.
The Dark Overlord has also deliberately tried to leverage the media as a weapon against the hackers' targets, by providing information on data breaches to journalists, and then using subsequent articles to apply pressure to extortion victims.
"We'd like to elaborate on a particular question(s) you asked earlier," someone from The Dark Overlord recently told Motherboard, when talking about an alleged (and currently not publicly reported) data breach of another company. "We are very disappointed that [company] decided not to cooperate. However, we found a bright [sic] to all this. We can now share with the public the interesting data we retrieve from their systems."
Shafer did not respond to a request for comment (he is temporarily detained at the time of writing), and The Dark Overlord could not be reached for comment.