DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Caribbean Island Properties “pillaged” by TheDarkOverlord

Posted on December 4, 2018 by Dissent

In recent months, we’ve seen the return of threat actors calling themselves TheDarkOverlord (TDO), although some sources have speculated that arrests announced in May may have damaged the group.  As some journalists and others have noted in conversations, certainly this incarnation of TDO does not seem to know of some events or statements they’ve made in the past and most of their offerings have been old hacks and data breaches. So is it the same TDO with just a new spokesperson, or is this a different TDO?

If today’s development is any indicator, TDO is still standing, and whoever is posting as TDO appears to be the real thing.

Consider what they have claimed to have done to a firm called Caribbean Island Properties.

In a fairly typical long and insulting communication, TDO claims to have wiped out all their files, a data protection disaster enabled by what TDO notes appears to be incredibly sloppy passwords:

We actually did it, although they got in your e-mail because your password was ‘12345’. We pwned your entire infrastructure. Your Domain Admin password was ‘CiP@12345’. Now, let’s just start with what we know: you found our Support user that was exfiltrating loads of your data, and you deleted the files we were stealing from you. We weren’t going to delete all your files originally, but since you’ve deleted ours, we deleted all of yours. Now, mind you: we were able to recover ours, but you won’t be able to recover yours. So now we’re the only ones with copies of your files. Right, onto the goods.

The above would be enough to make most site owners or administrators thoroughly nauseous and alarmed.

The firm was then offered various options for payment to recover their data, with the first option being:

You, our client, accord and satisfy a complete transfer of 100.000 GBP of Bitcoins (BTC) over a twelve calendar month period of time with your first transfer to be a thirty percent down-payment transfer of 30.000 GBP of BTC to be made by the date and time of 2018-12-25 23:59 UTC. Follow-up transfers of approximately 5.833 GBP of BTC will be made by the end of each calendar month for the next twelve months, in order to accord and satisfy this proposed option. A primary benefit of this arrangement is that you know we want the Bitcoins and we’ll not be motivated to go ill on our arrangement because we’ll be motivated to hold out. While we’re providing you a guarantee we won’t go ill on our word, we realise this option may appear attractive due to your prejudice against us believing we’re cyber-baddies.

The entire missive to “Cindy and David” appears at the bottom of this post, as does a copy of the contract that TDO posted on Pastebin.

Long-time followers of TDO will recognize much of the concept and the text, as those options and approach have been used before by TDO.

As someone who has followed their work since June 2016, and who had read the Larson documents and contract, as well as their communications to other victims, yes, this is the writing of TheDarkOverlord.  But is it someone just copying/pasting their past work?  A lot of what I read today could have been just changing the names of the victims and dates, so are we looking at new writing or a template from the past?

My impression is that this is still TDO and not copycats. If you think otherwise, you are welcome to use the Comments section below to explain why you think so.

And yes, I know that some journalists have opted not to report on TDO so that they (other journalists) are not somehow complicit in putting any pressure on TDO’s victims to pay up. This site continues to try to balance that concern with a strong sense that the public needs to be kept informed about threat actors so that more businesses and entities will take steps to protect themselves from attacks.

In the meantime, CIPcaribbean.com did not respond immediately to an email asking them for a comment about the claimed hack and what steps they are taking, but a check on the BTC wallet specified in the contract, 152r8afrWfq7xxGFTpsBgyHChPP8fmHfpz, shows no transactions as yet.

This post may be updated as more information becomes available.   And this is not the only newly revealed hack by TDO today. DataBreaches.net received an email from another firm claiming that TDO had hacked them. This site may have more on that one later today.

About Us - Caribbean Island Properties uhmBuqij_CIP

 

Category: Business SectorHackOf Note

Post navigation

← AU: Commonwealth Bank customers’ medical data exposed in potential privacy breach
Medical Informatics sued by multiple states over 2015 breach →

1 thought on “Caribbean Island Properties “pillaged” by TheDarkOverlord”

  1. Trent says:
    December 4, 2018 at 5:41 pm

    Yeah, the way that’s written, that’s got to be the same front man at least.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.