No holds barred? TheDarkOverlord threatens students with physical violence to send FBI a message to back off

DataBreaches.net has been reporting on TheDarkOverlord (TDO) since they first burst on the scene in June, 2016. Since then, this site has reported on numerous attacks by them on health care entities, financial and business entities, a Hollywood post-production studio, and a defense contractor.
中国现在走出去或者到海外投资,要快也要稳,风险控管战略指导:
Now they have begun to  target the education sector, and an official at the the U.S. Department of Education tells DataBreaches.net it is looking into what it can do in response.
Upping the ante with threats of physical violence
In September, TDO attacked Flathead County schools in Montana, and hit them in a way that they have only rarely used before – reaching out to send highly personalized messages with threats of violence. More typical of TDO, they also sent a lengthy and detailed letter to the district that included excerpts of very personal and detailed information on students taken from records the hackers had managed to access and acquire. The message was clear:  the hackers were in possession of extremely sensitive information about children and werent above dumping it publicly if the district did not pay their extortion demands. And somewhat atypically for them: the hackers were reaching out to children to physically threaten them and their parents.
In response to the threats, Flathead –  not yet knowing who they were dealing with and understandably preferring to err on the side of safety – closed more than 30 schools for days while law enforcement investigated the threats.
写下您的密码并贴在屏幕旁可以让别人很容易窃取您的密码并进入您的电脑。把密码藏在键盘或鼠标下也好不到哪儿去,因为这些是人们经常藏密码的地方。
TDO had seemingly brought the district to its knees. Even weeks later, people in the community are still unnerved by the experience.
Would TDO actually resort to physical violence or try to so humiliate some children that the children might become depressed and/or suicidal? They have never done so to date to this bloggers knowledge, but DataBreaches.net believes its actually quite likely that they will  reveal students and parents most intimate and sensitive details that they were able to acquire if extortion demands are not met – because thats their usual pattern.  It may not get these victims to pay them, but they will likely do it anyway to serve as a warning to future victims.
Blame it on the FBI??
One important piece of this is that TDO seems to blame the  FBI for victims not paying up. It would not be surprising if districts did ask the FBI for information about these hackers or for advice about whether to pay extortion. But what is the FBI telling them?
When TDO hacked Larson Studios last year, the studio paid up – $50,000. And under the contract TDO had given them, TDO should not have further disclosed any data and should not have double-dipped or tried to get even more money. But months later, TDO did disclose the data after attempting to also extort Netflix over the episodes Larson Studios had been working on. When asked why they seemingly broke their word after Larson paid up, TDO claimed that Larson had paid but had violated the contract by cooperating with the FBI. TDO wanted victims to know that cooperating with the FBI or listening to the FBI if the FBI should tell them not to pay extortion was not okay with them.
So now TDO appears to be taking that message more directly to the FBI. As TDO told The Daily Beast, We’re escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us. They used slightly different words with DataBreaches.net, but the sense this site got from them was that if the FBI doesnt back off, children will be harmed. Were focusing on critical infrastructure to send a message to the FBI. We like to hit close to home, a spokesperson for TheDarkOverlord told DataBreaches.net.
Two more victim districts come forward
Flathead was not  the only school district recently hacked by TDO. Splendora ISD in Texas also was hacked by them. TDO acknowledged their responsibility for the hack in a tweet:
One of our favourite musical tracks is Youre Standing on My Neck by Splendora. Its a most splendid piece. We enjoy standing on necks.
— thedarkoverlord (@tdo_hackers) September 28, 2017
One of our favourite musical tracks is Youre Standing on My Neck by Splendora. Its a most splendid piece. We enjoy standing on necks.
Splendoras response was much more measured and lowkey than Flatheads response – probably because they learned from Flatheads experience.
Splendora ISD did not close schools.
Splendora ISD labeled the hackers early threats as a hoax, and told the parents they would keep them apprised. And if you had checked the districts web site, you would see no alarming messages from the district to parents about the situation. Indeed, the districts response was so understated that one person told KHOU:
“Everyone’s scared but we’re just going with the flow to see what happens,” said Elizabeth Taylor who is related to several students attending SISD schools.  “Nothing has happened over the years, so I don’t think anyone thinks anything is going to happen, just probably childish kids.”
Regardless of whether that characterization of childish kids is true (DataBreaches.net does not believe that it is), the hackers are likely in possession of all of Splendora ISDs personal and sensitive records and information about its students.
And TDO didnt stop with Flathead and Splendora. They also attacked Johnston Community School District in Iowa. Like Flathead,  Johnston closed down their schools while they investigated the threats. TDO subsequently publicly acknowledged that they were the attackers:
Were now publicly claiming responsibility for the threats that resulted in the closure of JCSD in Iowa and 7.200 children without school.
— thedarkoverlord (@tdo_hackers) October 4, 2017
With the student directory from JCSD we released, any child predator can now easily acquire new targets and even plan based on grade level.
— thedarkoverlord (@tdo_hackers) October 5, 2017
If TDO intended to cause alarm among parents by suggesting that they had now made children more likely targets for predators, they might have been disappointed at how many parents – and students – responded to their threats.  As reported first by Joe Cox, some students threatened individually and directly by TDO reacted by calling them back and leaving them their own obscenity-laced messages. TDO uploaded a number of messages they claim they received. Rather than responding with terror, at least some of the students seem to have decided to call TDO out and challenged them to show up at the school, calling them wusses and other names and threatening to fuck them up. One student calmly stated that he wanted to become a doctor, and that TDOs threats were not going to stop him from becoming a doctor.
And while at least some of the students did not appear to be intimidated at all by the bullying and threatening messages they had received,  some of the parents were similarly unintimidated, with one woman, likely a mother, leaving a voicemail that said:
“I don’t know who you are, but the shit that you are pulling, it kinda needs to stop, because the messages that you are sending to parents is pretty fucked up. If you have it out for that many children, then maybe you deserve to be in a hole.”

If TDOs intention was to intimidate the populace and thereby increase pressure on the school district to pay up, uploading voicemails from unafraid parents and students would not seem to be helpful. Its not clear to DataBreaches.net why the attackers would upload those responsive messages.
Meanwhile, in Washington and district offices….
Earlier this week, DataBreaches.net contacted Kathleen Styles, Chief Privacy Officer for the U.S. Education Department, to ask what the federal agency was doing to help schools protect themselves against these hackers. While federal law does not require k-12 districts to report data security breaches to the federal regulator, the agency is responsible for enforcing FERPA, the federal statute protecting the privacy of student records and has issued a number of guidances on security and privacy over the past few years.
The agency has not yet provided any formal statement in response to these attacks by TDO, but DataBreaches.net understands from ongoing contacts with the Department of Education that the agency has been working to address the threat and to provide support to schools. This post will be updated if and when the agency does issue some public statement.
But what are the victim districts doing to prepare children that their deepest and darkest secrets that they or their parents shared with the school may be dumped maliciously and become public fodder?  DataBreaches.net has sent inquiries to Flathead, Splendora, and Johnston asking whether children are being prepared for what might be a privacy nightmare and what supports the districts have in place should TDO dump the data.  This post will be updated if the districts reply.
漏洞常有,未来会更多,补丁修复也成常规动作,安全运维管理的流程要将定期的安全扫描同补丁管理和系统加固结合起来。

猜您喜欢

要在云服务撕开一个口子
信息安全知识评测
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
明年3月亮相 AMG GT Concept量产版谍照
ISTANBULBASKI TOPSAILCOC
信息安全第一课——丢弃毁坏的U盘