Montana Public Radio

Expert Skeptical 'Dark Overlord' Responsible For Flathead Cyber Attack

Oct 2, 2017

“Cyber terrorism is an emerging threat that has become all too real in Montana.”

That’s Senator Steve Daines talking to FBI Director Chris Wray about last month’s cyber threats that shook the Flathead Valley.

Hackers breached Columbia Falls school district servers September 13th, stealing personal information belonging to students and staff, demanding payment of a digital currency called bitcoin in exchange for its safe return.

The culprits then proceeded to threaten physical violence against several targets including Flathead Valley Schools.

“This forced the closure of over 30 schools across multiple school districts and affected over 15,000 Montana school children," Daines said. "It’s unprecedented. We’ve not seen that before in my home state of Montana. The culprit’s been identified as the ‘Dark Overlord’, an overseas criminal organization.” 

But cyber security expert Nick Bilogorskiy isn’t convinced Dark Overlord really was behind the attack.

Bilogorskiy was Facebook’s chief malware expert before leaving to start a California-based anti-malware company called Cyphort.

More on his theory in just a moment.

First, let’s find out more about The Dark Overlord.

Bilogorskiy says the hacking group has rapidly gained international notoriety over the past year and a half.

“What I think is really unique about the Dark Overlord is the way they communicate and the way they use journalists and PR to their advantage," he said. 

The Dark Overlord basically portrays itself as more a James Bond kind of criminal mastermind than a petty street thief.

For instance, the group uses unique language in its press releases and ransom notes.

“It’s very verbose, very literary," Bilogorskiy said. "It definitely stands out among other hacker groups. Their goal is to create significant terror in their targets and have their brand associated with high-skilled, very scary cyber criminals. They’ve really succeeded in that. They understand the psychology of their intended victims very well.”

Bilogorskiy used the word "terror," but does not believe Dark Overload is a terrorist organization. Its motive, he points out, is financial, not ideological.

“They’re not terrorists in the sense that they will actually go after people and cause physical harm or blow up buildings or cause significant damage to infrastructure," he said. "I haven’t seen that in their motives yet.”

Since rising to prominence Dark Overlord’s targets have included hospitals, medical clinics and even entertainment titans. This spring the group electronically stole ten episodes of the Netflix hit ‘Orange is the New Black’ from a post-production contractor. The company paid the $50,000 ransom, but also went to the FBI. Dark Overlord viewed that as a violation of its so-called ‘contract’ and released the un-aired shows to a popular pirating site.

Why would a group known for hacking high value medical and entertainment companies suddenly target a rural Montana school district?

Cyphort’s Nick Bilogorskiy doesn’t have an answer. He’s not part of the Montana investigation, but has read about it and is trained to find patterns the bad guys leave behind.

He says the patterns in the Flathead Valley hack don’t necessarily jibe with The Dark Overlord’s MO.

For one, the hackers in the Montana case identified themselves as Dark Overlord Solutions:

“It is possible it wasn’t (The Dark Overlord) and it was another group trying to use their name which is very common in cyber-criminal circles, basically do a copy-cat," he said. "You bank on another established name which people can Google and be afraid of and that way any group can do it as well.”

Hackers are opportunistic. Bilogorskiy says someone or some group seems to have randomly stumbled across vulnerable servers in the Columbia Falls school district. But again, he says The Dark Overlord group has never shown interest in scamming small-fry schools.

The open threat of violence was another uncharacteristic first:

“So my guess is they researched the community and their goal was to strike terror and fear in their targets to get them to be more likely to pay," he said. 

The federal investigation into the Flathead Valley school breach continues.

Bilogorskiy, meanwhile, believes that no one’s data - from federal agencies to mom and pop stores - is safe from getting compromised. He says skilled and dedicated hackers have unlimited time and plenty of financial motivation to crack almost any network.

“And they will get in sooner or later, almost no matter what you do," he said. "Focus not so much on defending networks, but getting ready to respond to incidents and protecting them after the fact by securing your data and encrypting it.”