You may have never heard of Flathead Valley in Montana. I’ll admit that I had never heard of it until tonight when I received a tip to go look at a post on their sheriff’s Facebook page. And that’s when I learned that Flathead County schools had not only been hacked and threatened if they didn’t pay the hackers, but parents had received messages threatening to kill their children. The threats were taken seriously enough that 30 schools were closed for days while the county and federal law enforcement investigated the threats.
We are now in the realm of TheDarkOverlord v2.0, it seems.
For those who, like this blogger, have followed the criminal activities of TheDarkOverlord, reading a report of them thoroughly hacking an entity and then writing a lengthy demand letter threatening to expose confidential files or personal information – well, that’s nothing new. But contacting parents of school children and threatening their children’s physical safety?
It is TheDarkOverlord on steroids, at the very least. But is it a real threat?
As The Flathead Beacon reported after the situation escalated:
The individual apparently gained access to the Columbia Falls School District’s electronically stored directory and began contacting and threatening families individually.
How do you terrorize an entire community? You raise the spectre of Sandy Hook. And you show that you know details about the children and the school.
TheDarkOverlord are masters at doing their research, and were aiming to create significant terror in their targets. I think it’s pretty clear that they accomplished that – at least in the short-term. But is this approach likely to result in more payments from victims, or has TheDarkOverlord misunderstood the psychology of its intended victims? There is certainly no indication that Flathead Valley will be paying them any money.
What the people of Flathead County may not know, but what law enforcement should certainly know, is that this is not the first time TheDarkOverlord has threatened physical violence against a victim. DataBreaches.net is not reproducing an earlier threat missive, but it, too, was designed to terrorize its target by threatening physical violence against the victim’s family. And the Flathead case is not the first case where TheDarkOverlord has contacted its victims by phone or SMS to threaten them or deliver obscenity-laden messages.
And maybe that’s the first thing law enforcement could have done to reassure the community: to recognize from the style and writing that this was/is the work of TheDarkOverlord and they’ve threatened physical violence before but never followed up on it – at least, not to date.
Of course, if TheDarkOverlord is really outside of the U.S., as the sheriff apparently told the community, then actual physical violence seems less likely. But should the county be telling the public that TheDarkOverlord is outside of the U.S.? It’s a reasonable hypothesis, but do they actually have any hard proof of that? If they don’t have actual proof, wouldn’t it be more honest to say, “We believe that they’re outside of the U.S.” than to assert that they are?
I am all for reassuring a nervous public. I am not for lying to them to reassure them. So DataBreaches.net sent two queries to the Sheriff’s office. The first question asked why the public was being told that TheDarkOverlord is outside of the U.S. – if law enforcement has actual hard proof of that – and if not, why the public are being told that they are?
The second question asked why law enforcement is telling the public that TheDarkOverlord has a history of often failing to keep their promises. The Flathead Beacon reported:
Curry said all indications are that the hackers do not fulfill their promises if people do pay the ransom.
“We have also discovered that they have frequently failed to live up to their promises to not release the stolen data in the past, even when their ransom demands have been met,” Curry said.
“All indications?” “Frequently failed to live up to their promises?” What does the sheriff know that I don’t? This site is aware of only one incident in which TheDarkOverlord dumped data after victims made the required payment – the Larson Studios incident. On what basis is Sheriff Curry stating that “all indications” are that the hackers do not fulfill their promises?
I am obviously not suggesting that the county (or any victims, for that matter) should pay any ransom or extortion demand by TheDarkOverlord. I just want to see some data that supports any government statements in this case. Law enforcement is welcome to contact me to discuss these questions. This post will be updated if I get a response from the sheriff or someone in law enforcement involved in the case.
In the meantime, the Flathead Beacon has done a truly admirable job of reporting on the situation as it has evolved, and you can get caught up on the details by reading their reports (in reverse chronological order, below:)
- Authorities: Overseas Hackers Seeking to Extort Community with Cyber Threats
- Flathead County Schools to Resume Classes Tuesday Following Cyber Threats
- Authorities Communicating with Suspect in School Threats Investigation
- Flathead Valley Schools Closed Friday, Events Canceled Through the Weekend
- Flathead Valley Schools to Remain Closed Friday Amid Threat Investigation