Ever since the hacker identifying themselves as TheDarkOverlord released most of the upcoming fifth season of Netflix’s “Orange Is the New Black” on file sharing networks this past weekend, two questions have been left unanswered: Who are these guys? And why did they do it?
The honest answer to question No. 1 is: We don’t really know, as TheDarkOverlord has successfully managed to keep their identity a secret. Here is how security blogger Graham Cluley put it some seven months ago: “No one knows who TheDarkOverlord is. No one even knows if he or she is one lone hacker, or a group of hackers.”
Here is what we do know, thanks in part to bloggers like Cluley. TheDarkOverlord first appeared online last summer, and has been very busy in the past few months breaking into corporate networks. From what we know, those break-ins all followed a clear pattern: TheDarkOverlord would gain access to a network, copy sensitive data, and then approach the affected company with a ransom demand, threatening to otherwise release the data online — much like it did now with Larson Studios, the company that was doing post-production audio work on “Orange Is the New Black” season 5.
However, Larson seems to be its first entertainment industry target. For a long time, it looked like TheDarkOverlord was specializing in health care hacks instead. Before targeting Hollywood, the hacker or group of hackers broke into the networks of a cancer clinic, two orthopedic clinics, a dentist’s network, a health information management company, and a health insurance provider. In all of these cases, TheDarkOverlord was seemingly able to copy patient data.
But TheDarkOverlord didn’t stop there. They also attacked a plastics manufacturer, an investment bank, a linen supplier, and a construction services provider. Some of these hacks were relatively small, while others may have affected the data of tens of thousands of customers. TheDarkOverlord’s best-known target up until the “Orange Is the New Black” hack apparently was Gorilla Glue.
We don’t know if any of the targeted companies ever gave in to the extortion demands, but TheDarkOverlord’s Twitter account would like us to believe that some have done so.
Which brings us to the second question: Why?
The short answer: for the money. TheDarkOverlord is demanding payments via the cryptocurrency Bitcoin from affected companies. They apparently asked Larson Studios for 30 Bitcoin, which at current exchange rates equals about $45,000, to not release any of the movies and TV shows it got hold of. Larson didn’t pay, and TheDarkOverlord decided to take its demands directly to Netflix and other affected networks and studios, only to release ten episodes of “Orange Is the New Black” this past weekend.
That again raises the question: Why? TheDarkOverlord is known for targeting smaller companies that could get into serious legal and possibly financial trouble if their data was to be released online. Larson Studios fits that bill.
Netflix doesn’t, and the chance that a public company like Netflix would respond to an extortion attempt was close to zero — if only for the fact that any such thing would ring some serious alarm bells with shareholders. Case in point: Netflix’s shares went up significantly on Monday despite the leak.
Chances are, TheDarkOverlord didn’t really expect Netflix to pay up, but was simply issuing public threats for publicity’s sake. The group has frequently contacted bloggers and journalists in the past, hoping that stories about the damage it could inflict would persuade future would-be targets to give in to ransom demands — much to the chagrin of some of those bloggers, who have struggled to walk a fine line between writing about documented data breaches and helping TheDarkOverlord’s agenda.
Getting one of the biggest shows from the biggest streaming provider out there significantly raises TheDarkOverlord’s profile, which could help the group with its future exploits. The group is known for pretending to work with a corporate-like structure, signing its public statements with “Professional Adversary, World Wide Web, LLC,” and even calling them “press releases.”
It’s likely that the group followed its semi-corporate playbook in this case as well, and that release of “Orange Is the New Black” was just the giant marketing stunt of a professional extortionist.