Last week motherboard reported that hackers had claimed to breach a family owned and operated company, Gorilla Glue and that they had obtained over 500GB of documents.
Today those hackers, thedarkoverlord tweeted “A widely held belief is that gorillas are unintelligent. We’re starting to think that they may be right.” which was accompanied by a link to pastebin.
The post to pastebin contained with a short message stating that the dump mostly affects four employees and contains documents and emails from them.
We are releasing a small batch of the almost half terabyte of data we heisted from Gorilla Glue.
In this batch, you will find all human resources data, the email accounts of four Gorilla Glue employees, a collection of pictures we wanted to share, and just a smidgen of data for the fraudsters in the crowd. The employees in particular are: Joe Ragland (COO), LeAnn Smith (IT), Jeff Smith (CFO), and Jay Bruce (IT). We highly recommend checking out Joe’s emails. A brief search of “Bahamas” in his inbox is sure to elicit hearty laughter.
The leaked data was posted to mega and totals 49GB, contains four .pst archives (mail archives) and a humanresources.7z compressed folder that is split in to five parts and an archive of personal files from Joe Ragland, who is the Chief Operating Officer.
At time of publishing it appears the mega link is no longer working.
In the paste bin statement thedarkoverlord has also hinted that there may be more to come from this breach “Depending on a few outcomes, more may come.”.
After obtaining the data and sweeping over it partially its was clear that there is some very personal files within at least one of the compressed folders, that of Joe Ragland’s family and children, full tax returns for years 2013 and 2014, the 2014 tax return is password protected, but that is pretty pointless considering there is a file named tax_return_password.txt that contains the password to open the 2014 tax document.
New Products
After reaching out to thedarkoverlord and speaking to them for a bit they had offered me some what of an exclusive, which was in the form of a new product that Gorilla Glue has planned. The product which is planned to be named Crystal-clear and is a new special clear type glue that claims to be more transparent then any other on the current market.
(image removed)
One of the product pictures shows it being tested against a rival glue, loctite which is well known across many different industries as one of the best adhesives and epoxy based glues you can get.
(image removed)
Personal Files
When asked thedarkoverlord about the personal files from COO Joe Ragland’s family within this they replied with a statement that claims that this is Joe Ragland’s fault for not communicating with them after.
Isn’t it wrong to leave a friend hanging? Not even to respond to them? Isn’t it wrong to risk having decades of your coworkers work in the public? Wouldn’t it be the right thing to pay up and go back to normal? Joe did this to himself.
File Counts
- 869 docx
- 512 doc
- 469 xlsx
- 943 pdf
- 118 ppt/pptx
- there is also mov, mpg, png files to.
After extracting the files from the parted files named humanresources.7z.XXX there is 742 folders with 9,585 files of internal documents that totals 24.2GB. The files within this do not seem very critical to the overall operation of Gorilla Glue but they could be of use others with safety reports, staff information, internal training documents and templates.
Mail Files
At time of publishing this i had not had a chance to sweep over the mails, however thedarkoverlord has insisted this be looked into, they claim there is emails and conversations about bringing girls to the Bahamas and sexual related activities. So far as stated by thedarkoverlords there is four main employees who have hard their mail archives leaked and they are.
- Joe Ragland
- 24GB
- Jeff Smith
- 358MB
- LeAnn Smith
- 2.6GB
- Jay Bruce
- 377MB
The emails archives, as one can imagine are full of business related emails with the exception of a few. After converting the files with readpst to a more friendly format to search with, i was able to discover that there was many trashed conversations with password resets for login systems, passwords for team viewer sessions, virtual machines, internal and intranet systems, access to third party services and other internal discussions which leak the inner workings of Gorilla Glue.
The Breach
It is unclear exactly when the breach has happened on gorilla glue but looking at the file dates and times it seems some time around July and then maybe re-accessed or updated some time around the start of November, when i asked thedarkoverlord they said they had carefully relocated the documents from gorilla glue at a time recent enough for them to worry.
We carefully relocated Gorilla Glue’s internal documents at a time recent enough to worry them greatly.
The breach itself was carried out by unknown methods and thedarkoverlord would not comment on the method or procedure used but has stated that it was easier then expected.
We cannot comment on the technical details of operations. However, we will say that it was easier than we expected.
History of thedarkoverlord
This is not the first time thedarkoverlord have carried out these sorts of attacks, it often goes with a pattern of breaching the servers, contacting the victims and attempting to get payment not to release files or information about the company, in simple its extortion, but it is much different to the range of what they call ‘clients’ that they have dealt with in the past when i asked them why they picked this target the reply was
We approach a broad range of clients. Recently, we have been sifting through our extensive back log of clients.
Its not publicly recorded if thedarkoverlord have ever managed to get payment and when asked this they replied
Absolutely. No one hears about it as per our agreement we propose to all clients. We value discretion and non-disclosure.
Which is ironic that they value the discretion and non-disclosure of ‘clients’ who pay up but they will not value the discretion and non-disclosure of ‘clients’ who do not pay up and that seems to include the family members of them ‘clients’ as well.
What Next
thedarkoverlord has stated that they will be leaking more sensitive information depending on the outcome of leaking this current data, so stay tuned and there may be more to come.