A cyber crime group calling itself “The Dark Overlord” is offering stolen celebrities’ cosmetic surgery photographs to the media to bolster an extortion campaign targeting the celebs themselves.
A report by the UK’s National Cyber Security Centre (NCSC) has warned that the group leaks “snippets of data to the media” which “increases the pressure on the victim to pay the ransom”.
Sky News has seen material hosted on a third party website by the criminals as evidence of the hacks.
The material purported to show sensitive information about gender reassignment surgery and documents relating to insurance claims around the 9/11 terror attacks, as well as from private sector logistics and defence companies.
This material has since been deleted on the third party site and was not downloaded by Sky News.
The Dark Overlord’s media operations have grown more sophisticated since first reported by tech news publication Vice Motherboard in 2016, increasingly using corporate communications tactics.
Despite two arrests linked to the group, one in Serbia and another in the UK – of the man who hacked Pippa Middleton’s iCloud account and signed off his threatening email as “The Dark Overlords [sic]” – the group appears to be still active.
When it announced a range of victims on New Year’s Eve it seemed specifically designed to maximise attention to the group and put pressure on victims to pay extortion demands.
The group said it made the announcement then “because [it] forces about a dozen Fortune 500 companies in the UK and USA to build damage control and COA plans on their new years holiday, robbing them of any pleasure and bringing in their new year at a new low”.
Speaking to Sky News the group refused to answer any questions which could have provided clues about its members’ identities, although its communications were written in competent English.
Despite this secrecy, The Dark Overlord’s engagement with the media and the public – including lengthy press releases – have been significant.
The most recent batch of press releases began on New Year’s Eve, when it conducted an AMA or “Ask Me Anything” thread on the controversial image board 4chan.
Researchers say 4chan has “emerged as one of the most impactful generators of online culture” over the past decade and the forum’s history of posting stolen intimate photographs of female celebrities has made it notorious.
The group stole customer data from the London Bridge Plastic Surgery (LBPS) clinic in 2017 and demanded money from the clinic to not publish images of breast enhancement and other forms of genital modification.
However, it told Sky News: “We’re now extorting celebrity clients of LBPS due to LBPS failing to co-operate wit [sic] us. The public may expect celebrity surgery photo leaks very soon to include […] and […], among many others.”
Since this communication, the group has published documents including personal contact information, and censored photographs, belonging to exclusively female celebrities and it is attempting to crowdfund money to release more.
A spokesperson for the clinic confirmed that there had been no new data breach since the original intrusion in October 2017, when the matter was reported to the police.
“We continue to liaise with the cyber crime unit of the Metropolitan Police, whose investigation is ongoing, and we also worked closely with the Information Commissioner’s Office.
“And we’d like to reiterate, and reassure patients, that there has been no new data breach since the intrusion in 2017.
“We have taken further extensive and robust measures to increase our security in order to protect patient data,” the clinic said.
“Once again, we are saddened by news of the latest threats and we condemn the actions of the individuals responsible,” added the spokesperson.
A spokesperson for London’s Metropolitan Police Service said: “We are aware of a cyber hacker using the name ‘The Dark Overlord’. No recent activity has been reported. No reports of any data theft have been received.”
Sky News understands that at least one extortion attempt has been reported to the Met Police, but that the force doesn’t record them as coming from The Dark Overlord as it is not a legally recognisable entity.
The NCSC said: “We are aware of reports of activity by this hacking group. The NCSC strongly encourages anyone who believes they have been a victim of this or other similar activity to report it to Action Fraud.
“We work closely with law enforcement to build our understanding of cyber security threats and mitigate the risk to UK businesses and individuals.”
Sky News attempted to contact the FBI for a statement but was informed that the US Department of Justice system may not be functioning due to the American government shutdown.
Authorities generally advise against paying extortion demands as they could encourage the criminals to know that victims are a “willing” customer.
Advisories about the group have been issued by law enforcement in the UK and the US.
But despite a number of arrests in connection with the group’s activities, it told Sky News: “We’re speaking about the current times. What we can say about this is that we’re still going strong, without any loss.”