It appears that law enforcement has caught up with “Lifelock.” DataBreaches.net had reported exclusively on “Lifelock” back in April of 2018, and then again in June and July of 2018.
At the time, I pointed out some of the striking similarities between “Lifelock” and “thedarkoverlord” (or the one I refer to as the first spokesperson for TDO). The timeframe of his attacks was consistent, and so was his approach of hacking and attempting to extort, using lengthy communications that reflected someone with education. And those were just some of the similarities I had noticed.
Today, the man known to me only as “Lifelock” made his first appearance in federal court in Idaho. He was indicted in Georgia for attacks on unnamed healthcare entities in Atlanta and Florida and the city of Newnan in Georgia.
Has law enforcement got thedarkoverlord in custody? The press release makes no mention of thedarkoverlord or any connection to thedarkoverlord. And yet, there are so many coincidences, and now even more that he is linked to attacks on healthcare entities in Atlanta area. His LinkedIn profile lists him as an IT Database Analyst at Central District Health.
Here is the press release from the U.S. Attorney’s Office for the Northern District of Georgia:
NEWNAN, Ga. – Robert Purbeck, of Meridian, Idaho, made his initial appearance before a U.S. Magistrate Judge in Boise, Idaho. Purbeck was indicted in the Northern District of Georgia on March 2, 2021 for computer fraud and abuse, access device fraud, and wire fraud.
“This alleged cyber-criminal and extortionist targeted the City of Newnan as well as medical clinics in our District, stealing over 60,000 records containing personal information of our citizens,” said Acting U.S. Attorney Kurt R. Erskine. “He then allegedly attempted to extort a Florida orthodontist, threatening to sell the social security number of his minor child unless the orthodontist submitted to a payment demand. Now, this defendant must answer for his alleged crimes in the Northern District of Georgia.”
“The charges against Purbeck highlight the need to remain vigilant in our cybersecurity efforts,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “The theft of intellectual property to be used to extort citizens is a very serious crime and one the FBI will diligently pursue, no matter if you are hiding behind a computer screen.”
According to Acting U.S. Attorney Erskine, the charges, and other information presented in court: Between June 23, 2017 and April 28, 2018, Purbeck allegedly purchased, on a criminal marketplace, the username and passwords to computer servers belonging to multiple Georgia victims. He then allegedly used these credentials to access the victims’ computers and stole sensitive personally identifiable information, including:
- Medical records and other documents that contained names, addresses, birth dates, and social security numbers of over 43,000 people from a Griffin, Georgia, medical clinic;
- Police reports and other documents containing personal information of over 14,000 people from the City of Newnan; and
Personal information of over 7,000 people from a Locust Grove, Georgia, medical practice.
On June 25, 2018, Purbeck allegedly hacked into the computers of an orthodontist in Florida and stole medical records of over 1,800 people. Purbeck then allegedly threatened, harassed, and attempted to extort the orthodontist, demanding a ransom payment in Bitcoin. Purbeck also allegedly threatened to disclose and sell the stolen patient and personal information unless the orthodontist paid the ransom demand. Purbeck allegedly identified the name and social security number of the orthodontist’s minor child and threatened to disclose and sell their personal information as well. During the course of this attempted extortion, Purbeck allegedly sent numerous harassing e-mails and text messages to the orthodontist and his patients.
Robert Purbeck, a/k/a Lifelock, a/k/a Studmaster, 41, of Meridian, Idaho, was indicted by a federal grand jury in the Northern District of Georgia on March 2, 2021. Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges, and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.
This case is being investigated by the Federal Bureau of Investigation, Atlanta Field Office, with valuable assistance provided by the FBI Boise Resident Agency.
Assistant U.S. Attorneys Michael Herskowitz, Chief of the Cyber and Intellectual Property Crimes Section and Nathan Kitchens, Chief of the Public Integrity and Special Matters Section, and the U.S. Department of Justice Computer Crimes and Intellectual Property Section (CCIPS) are prosecuting the case. The U.S. Attorney’s Office for the District of Idaho has also provided valuable assistance in this case.
For further information please contact the U.S. Attorney’s Public Affairs Office at [email protected] or (404) 581-6016. The Internet address for the U.S. Attorney’s Office for the Northern District of Georgia is http://www.justice.gov/usao-ndga.
Update 7:11 pm. The exact charges in the indictment are:
- 18:1030(a)(2)(C), 1030(c)(2)(B)(i) and 1030(c)(2)(B)(iii) and Section 2 FRAUD ACTIVITY CONNECTED WITH COMPUTERS (1-3)
- 18:1030(a)(7)(B) and 1030(c)(3)(A) and Section 2 FRAUD ACTIVITY CONNECTED WITH COMPUTERS (4)
- 18:1343 and Section 2 FRAUD BY WIRE, RADIO, OR TELEVISION (5-8)
- 18:1029(a)(2) and (c)(1)(A)(i) and Section 2 PRODUCES/TRAFFICS IN COUNTERFEIT DEVICE
(9-11)
The location of Central District Health was in error and has been deleted post-publication.