First it was Larson Studios. Then an attempt to extort its clients, like Netflix. And now it’s Line 204. Lest there be any doubt, TheDarkOverlord wants you to know it is serious about attacking Hollywood “with prejudice.” And despite what Line 204’s owner claimed, the hack on Line 204 was not last week. It occurred one year ago, and the hackers have updated their loot periodically, without the studio ever noticing, the hackers claim.
It can take decades to grow a business, but in a matter of minutes, its viability can be threatened. How you respond may make a critical difference, and often, the entity’s response in the first minutes or hours makes that critical difference.
On October 26, Line 204 found itself joining the ever-growing ranks of those who had been hacked by TheDarkOverlord (TDO). Despite the fact that TDO has attacked dozens and dozens of entities since they first emerged under the TDO moniker last June, no one really knows for sure whether TDO is one person or a collective, although they have always maintained to this blogger that they are a large – and growing – organization that is highly cellularized. Most people involved in following their activities seem to believe that they are not located in the U.S.
TDO uses a variety of means to contact their victims, including email and SMS. Given how many scams there are these days via phone and SMS, it’s not surprising that a recipient of one of their messages might initially react with disbelief. That appears to be what happened with Line 204’s owner, Alton Butler. According to a spokesperson for the hackers, “As we were informing the bloke about our soiree, he stated, and we quote, ‘Riiiiight’ as if he didn’t believe us. We were left with the impression that he didn’t much believe our claims.”
Eventually, Butler did come to believe that his firm had been hacked, but in his initial statements to the media, Butler seemed to be claiming that the hack occurred on October 26. As DataBreaches.net pointed out in previous coverage of this incident and based on TDO’s tweets and previous statements to this site, Butler appeared to be in error. In an encrypted chat last night, a spokesperson for TheDarkOverlord confirmed that the breach first occurred last year: “We’ve maintained access and control to their computer network for a year, regularly updating our stash of the loot we heisted from their computer network.” They also confirmed that they had first reached out to Butler more than one month prior to October 26, although their message may have wound up in trash or a recycle bin.
But at some point – on October 26 – Butler realized that TDO was not kidding about the hack, although it appears he had not yet discovered the extent of the hack.”When we eventually convinced him of our little soiree, he immediately fell into a deep silence towards us,” a spokesperson informed DataBreaches.net. The deep silence may have reflected the FBI’s influence:
“We were prudently examining the FBI’s response to our friends at Line 204. A special agent, whom we won’t name at this time, carefully instructed Alton to heed his warning about working with us.”
Asked what kind of payment TDO had demanded from the firm, the spokesperson explained that they hadn’t negotiated a specific amount of internet money, but had asked Butler to maintain a timely response to their communications. This was the “basic request” TDO would subsequently refer to in a tweet rebuking Line 204 that they should have complied.
As they have done in numerous other hacks, TDO provided DataBreaches.net with an extensive sample of documents and files that they had exfiltrated, including bank deposit information, customer credit card numbers (truncated), and other client information, including information on celebrity clients. Among the customer and client records was a file with comments that were likely never intended to see the light of day, such as, “Payment up front is STRONGLY suggested.” and “****DO NOT RENT TO THIS COMPANY!!!!****”
The sample was only a portion of what they claimed to have acquired. “We took everything we identified as being succulent. In the case of Line 204 this was over one terabyte,” they informed this site. Some of the data, they say, includes sensitive images. DataBreaches.net was not provided any sample of sensitive images, but was provided with some images from two events: a 40th birthday party and a birthday carnival for a 1-year-old child. How those might be related to any extortion demand is unclear to this site as they look relatively innocuous and may not be related at all.
Not surprisingly, perhaps, to those familiar with their TTP, TDO reached out to contact individual employees – and clients. “Upon Alton’s decision to fall silent on our requests, we proceeded to contact several clients of Line 204’s and begin negotiations with them directly,” the spokesperson claimed. TDO’s spokesperson would not indicate what clients they were contacting individually or what kind of sensitive information they had on those clients. Nor would they directly answer a question as to whether any of the clients they claim to have contacted indicated any willingness to negotiate with them or pay any extortion. “We’re unwilling to answer that question,” the spokesperson answered this blogger.
In the past, TDO has used the media – including this site – to try to increase pressure on intended victims by calling public attention to a situation as a veiled warning that if they don’t pay up, more might be revealed to the media or dumped publicly on public paste sites.
“When a client of ours refuses to comply with our requests, we escalate by involving our client’s clients. In the vast majority of cases, this amounts to a great loss for our uncooperative clients,” a spokesperson informed this site, adding: “If you’ve been a partner or a client of either Line 204 Studios or London Bridge Plastic Surgery, you should be very concerned. We’re coming for you next.”
TDO’s most recent tweet, on October 31, almost seems to suggest that they may have gone after – or may be going after – 21st Century Fox:
Hollywood’s top twenty films of the last century are quite good. We’d like to make twentieth in the list.
— thedarkoverlord (@tdo_hackers) October 31, 2017
Hollywood’s top twenty films of the last century are quite good. We’d like to make twentieth in the list.
Time will tell, I guess.
But if you think that TDO is just a group of bragging blackhats, think again. By now, there appear to be a number of agencies investigating them and yet not one person has apparently been caught even after more than one year. There have also been some high-level attempts to deploy NITs against them, they claim, and this blogger may be eating humble pie for the next few days or weeks because based on wallets they showed me, it appears that they have made a bundle of money through their extortion schemes. I’ll have details on all of these developments and claims in an exclusive report on DataBreaches.net this week, so stay tuned.
I would assume/guess that FBI reads my site, although I don’t check access logs to my sites so I don’t know that for sure.