TheDarkOverlord reveals three more attacks, with more to be revealed
Maybe they gave up on the healthcare sector in their extortion attempts, but since the summer, it appears TheDarkOverlord has turned his/its attention to other sectors. There was the WestPark Capital hack and Gorilla Glue attack, and now, in the past month, three more companies – one of which has some defense contracts.
Pre-Con Products Ltd in Simi Valley, whose site is currently offline “for maintenance” at the time of this writing, has been providing precast concrete and construction services since 1963.
On December 17, in a “press release” on a public paste site, TDO wrote:
This is usually the part where we’ll write an exposé about Precon Products but we’re quite busy with targets that are far more interesting than them. So we’re going to leave you with some data from Precon Products which include contracts and a disturbing video and pictures of an accident that occurred at Precon Products. Don’t they say that a picture is worth a thousand words anyway?
We’re going to give Precon Products the opportunity to stop the bleeding and walk away from this with only a few scratches, an opportunity that these poor people weren’t given. All they have to do is work with us, and we’re looking forward to doing just that.
DataBreaches.net is not publishing the links to the leaked files or their contents, but the materials contain video and still photos of what appears to have been a fatal accident. The leaked files also included a dump of what is described as the operation manager’s iPhone. The dump included a lot of pictures of children. Although some of the files related to work PreCon did for the Navy, including designs or schematics, none of the files in the sample were marked “Secret,” “For Official Use Only (FOUO)” or “Classified.”
On Christmas, TDO tweeted:
Any parties interested in source code classified as SECRET? Use it to get an edge over the US Navy and defence contractors! Emails included!
— thedarkoverlord (@tdohack3r) December 25, 2016
“Any parties interested in source code classified as SECRET? Use it to get an edge over the US Navy and defence contractors! Emails included!”
Although at first blush, that tweet might appear to relate to Pre-Con, in a private encrypted chat with DataBreaches.net, TDO stated that the tweet had nothing to do with Pre-Con.
TDO issued a second “press release”on Christmas, in which he announced two other firms that they claim to have hacked:
DRI Title & Escrow in Omaha, Nebraska, provides title insurance and settlement services in a six state region throughout the Midwest and through affiliates on a national level. Although there was some personal information in the leaked samples such mortgage closing documents, much of the information in the files would be public property records. Other files in the sample leak included information about the firm’s clients and invoices.
GS Polymers, Inc. in Mira Loma, California manufactures specialty polyurethane and epoxy products. According to its web site, the firm was founded in 1987 by Jerry Salladin, a polyurethane and epoxy chemist. Documents in the leaked sample files included consignments inventory, routine kinds of corporate correspondence, and two personal files relating to the founder.
In the “press release,” TDO wrote:
In other news, we come bearing more companies and consequentially more data. We have not one but two companies to bring to the slaughterhouse. First up, G.S. Polymers Inc. (www.gspolymers.com).
G.S. Polymers has shown us they are disinterested in working with us when we only wish for the very best for all parties involved. As a result of this unacceptable behaviour from G.S. Polymers – more specifically, Gerald Salladin – we are releasing a small set of sample documents from his corporation. If Gerald does not come to his senses, you can expect a full release to materialise for the public.
Secondly, DRI Title & Escrow (www.drititle.com). Like G.S. Polymers, DRI Title & Escrow exhibited the same behaviour which, as you all know, is a big no-no in our book. And like G.S. Polymers, we are also releasing a small set of sample documents from their company and providing them the opportunity to come to their senses before they make a mistake that cannot be undone.
As with Pre-Con, DataBreaches.net is not linking to the leaked files or describing their content in greater detail.
None of the three firms (see UPDATE below) responded to inquiries from DataBreaches.net asking when and how they discovered the hack. Nor has it been revealed how much money TDO was demanding to not release the files publicly. However, if TDO is consistent with their past business approach, they will be releasing more files and/or putting them up for sale on the dark web if the firms continue to refuse to meet the ransom demands.
But with the attack on Pre-Con, TDO has made itself a higher priority for law enforcement. Attacking medical clinics and leaking or selling patient databases is bad enough, but if they have acquired any documents related to defense contracts that could help the country’s enemies, then that is likely to really make them a target for intensive law enforcement activity.
DataBreaches.net understands that there is a lot more to come – more files to be dumped from the three companies named above, but also from other companies not yet disclosed.
Update: DRI’s President, Troy Padraza, sent the following statement to DataBreaches.net:
On Christmas Eve, Deed Research, Inc. received an email from an entity calling itself The Dark Overlord, who claimed to have accessed sensitive information from our computer systems and containing an extortion demand.
Deed Research, Inc. takes the privacy and security of personal information very seriously, and has undertaken a thorough response to this incident. We immediately acted to secure our IT systems and are taking steps to further strengthen our security procedures and protect the personal information in our systems. Deed Research Inc. deeply regrets any inconvenience or concern this incident may cause.
Updated Mar. 1: DRI also notified clients. A copy of their notification can be viewed here.