How Hackers Held an Entire School District Hostage
A hacker group named The DarkOverlord achieved some notoriety last year when it hacked into a server and stole the new season of Orange Is the New Black, along with some other material, and attempted to shake Netflix down for ransom. Then, this fall, Dark Overlord hacked into a school district, essentially holding it hostage and terrorizing the local community for days.
No one seems to know for sure whether Dark Overlord is a single hacker, a group, or even a Russian teenager in his mother's basement. But DO is having a busy year, breaching security at medical businesses before moving onto Netflix. DO is fond of issuing "contracts" with its victims in pseudo-lawyerly language, though it also can run to pretty basic threats and worrying about its press coverage. In one instance, DO e-mailed the child of business executives to tell the child that Mommy and Daddy were about to be ruined.
When the hackers moved onto the Columbia Falls School District and the surrounding Flathead Valley, officials locked the entire school district down.The personal information (names, addresses, records-- just think about what a school district stores) mined by the hackers was held hostage, and the district was instructed via a long and ranty ransom note, to pay off DO in bitcoin.
But the hacker also proceeded to terrorize the community with emails containing graphic and physical threats to the children of the school district. School leaders called meetings with parents and thirty schools across the region, affecting thousands of students, were shut down for three days, with some families waiting even longer to be certain it was safe to send their children back.
"We are savage creatures," said one communique from the hacker. "If you decide to not entertain us and agree to one of our win-win business propositions, we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you."
The DarkOverlord is not shy, and contacted both the authorities and the local newspaper, the Flathead Beacon, which provided some excellent coverage. They also provide some of the public exposure the hacker so obviously seeks-- a difficult decision and one that the paper handled well. But some of the excerpts from the interview convey just how disturbing the episode was.
During the course of the conversation, [Beacon reporter Dillon] Tabish tried multiple times to understand who the suspect was, where he or she was from, why the individual was making the threats and why they were targeted at area schools.
The individual said on multiple occasions in various ways that he or she intended to kill people in large numbers. The suspect said they were heavily armed with “extensive training.”
“If you know anything about military weapons … it should scare your region,” the person said. When asked again why he or she was targeting the Flathead Valley, they responded that they wanted to scare people and harm as many people as possible.
“I wanted the public to exist in a state of fear before I make my move. This will allow the government protecting your children to look poorly in the light of the public,” the suspect said.
The individual later elaborated, “The quaint, small, backwoods region of the US like yours is prime hunting grounds. This incident is the last thing you will expect to happen here.”
Security experts suggest that the school district was not targeted and that the hackers simply sent out ransomware "en masse" to see what opportunities would present themselves.
It’s usually not a purposeful, planned attack. They’re just looking for low-hanging fruit, and if you’re not protected and don’t have the right defense in place, they will go after you.
The consensus also seemed to be that despite the threat of imminent physical attack, DarkOverlord is located overseas and was not actually kill anyone. That seems rational and reasonable, but when the death threats are landing in your in-box, it's hard not to freak out.
Montana U.S. Sen. Steve Daines raised the cyber-terrorism issue with the FBI in DC, referencing the attack just last week. The FBI didn't have much to say about the ongoing investigation, but everyone agrees this level of cyber-terrorism, spreading past corporations into hospitals and schools, is a problem.
This is one of the major arguments against large-scale data mining, as we see again and again and again-- just as criminals would rob banks because "that's where the money is," bad actors are going to go after any large collection of personal data.
Welcome to the 21st century. Hope your child's school district a good handle on its cyber-security.