author photo
By Bruce Sussman
Thu | Dec 19, 2019 | 11:32 AM PST

The Dark Overlord hacking group specializes in committing cybercrimes and then using what they hack to create fear, helplessness, and a sense of terror.

The SecureWorld team just read through newly unsealed court documents against a member of The Dark Overlord, which reveal previously unknown details on how the group terrorizes its victims.

The Dark Overlord: member arrested, standing trial in the U.S.

Nathan Wyatt, 39, was extradited from the United Kingdom to the United States where he appeared in a St. Louis courtroom and pleaded not guilty to a list of cyber-related crimes. 

According to the court documents, Wyatt played a key part in the group's efforts to extort and intimidate cybercrime victims.

The Dark Overlord hacking group: documents reveal tactics

What did one of this hacking group's tactics look like in the real world?

First, the group hacked and stole valuable data and files from organizations.

Next, they emailed some of the stolen data to the organization, demanding a Bitcoin ransom to avoid the data being released or destroyed.

Then, if demands were not met, the group stepped up the intimidation, sending angry text messages and threatening tweets, and even calling victims with a disguised voice and screaming at them to pay up or face the consequences.

Let's look at the case of a medical clinic in Missouri, which the group hacked. Here is an example of the text intimidation revealed in the court documents:

"A phone account registered by WYATT... to the daughter of one of the owners [of the medical clinic]

"hi... you look peaceful... by the way did your daddy tell you he refused to pay us when we stole his company files in 4 days we will be releasing for sale thousands of patient info. Including yours... "

A second text said:

"hmm maybe your [sic] just a dumb rich girl who dosent [sic] understand the dangers here... im gonna try Chels... she may have an iq... stay hot Babe... "

A third text to the clinic owner's daughter said:

" ...could be averted if daddy wasn't such a fkin idiot. Firstly for not taking care of his patients... then for not paying when he had a small problem." 

This is just one example. The indictment repeatedly lists cases where The Dark Overlord compromised an organization's network and then began intimidating the victims.

The group often wrote things similar to this:

"Considering punishment by purging some of your data and possibly
leaking some of this entire fiasco."

The Dark Overlord indictment, more specifics

The U.S. federal indictment accuses Wyatt of registering a number of phone numbers, and links those numbers to the following:

  • Gmail accounts used by the group
  • VPNs used by the group
  • a PayPal account used by the group to move extortion payments from its victims
  • numbers used to text threats to the group's hacking victims
  • a Twitter account used by the group
The Dark Overlord, more arrests ahead

We recently interviewed security researcher, penetration tester, and author Vinny Troia about The Dark Overlord on our podcast, The SecureWorld Sessions.

He communicates with a variety of hackers, regularly, under various screen names. This includes another member of The Dark Overlord, who is still free somewhere in the world.

"He's got this really like arrogant personality where he's like king of the universe, nobody's better than him.

One of the things whenever we talk, frankly, he won't shut up about is that how the CIA and the NSA tried to come after him, but they failed miserably.

And because he's so smart, and he operates on so many levels of operational security, and blah, blah, blah, and he just won't stop talking about it. So it's almost like this grandiose personality, right.

I've had very long conversations with him sometimes, you know, nearing four hours at a time. And he just goes on and on about these magnificent and glorious hacks that he's done and things like terrorizing the school children."

Yes, The Dark Overlord is proud of terrorizing school children and their parents. Troia explains:

"In 2017, they were able to keep about 1,500 kids out of Montana Falls School for about a week. They were sending death threats to the parents, and they were using those death threats as a way to try to extort the schools, saying if you pay us money we will stop threatening your students.

And as a result, I think that actually branded them as actual terrorists. I know there was a whole Senate hearing committee on them. And that really kind of put them on a different radar. It wasn't a smart move on their part because that escalated them from cybercrime to more terror based attacks."

Troia tells SecureWorld that more members of The Dark Overlord are going to face justice and this is just the start.

The U.S. Department of Justice seems to be sending that same message:

"Cyber criminals who harm victims in the Eastern District of Missouri cannot hide behind international borders to evade justice," said U.S. Attorney Jeffrey B. Jensen of the Eastern District of Missouri. "Today's case demonstrates the United States' commitment to unmasking criminal hackers and bringing them to justice, no matter where they may be located."

Read it for yourself: The Dark Overlord arrest and indictment of Nathan Wyatt

Comments