All schools in Flathead County, Montana schools were closed on September 14 and 15 and all extracurricular activities and athletic events cancelled as a result of a ransom threat from the well known hacker(s) called The Dark Overlord.
This was not a ransomware attack where the district’s data would have been encrypted, demanding a ransom to decrypt it.
Instead the hackers broke into the district’s server (the district has 15,000 students; I suppose it is possible that it only has one server, or at least the server they hacked had those records in it) and stole addresses, medical records, behavioral records, and other data from past and present students, staff and parents.
They sent threatening messages to parents saying that the hackers would kill as many people as possible if the ransom was not paid.
The hackers demanded $75,000 in Bitcoin if paid quickly, $100,000 in Bitcoin if someone wrote an embarrassing letter and $150,000 in Bitcoin if paid out over a year.
Given that the ransom notes were sent to parents, the cat was out of the bag. The Sheriff decided, as a result, to release the ransom note sent to the District Board.
Historically, The Dark Overlord – if that who is really doing this – has not resorted to threatening to kill people. This would be a new low.
After several days, the police, working with other law enforcement agencies, decided that the hacker(s) were not local to northern Montana and therefore, as a result, would not realistically be able to carry out the threat to kill children and schools resumed after being closed Thursday and Friday and sports and extracurricular events being cancelled on Saturday and Sunday as well.
The hacker(s) contacted the Flathead Beacon, the local newspaper and in a conversation, the hacker(s) said the goal was to kill as many people as possible in a place where no one would expect.
The hacker said that he wanted people to live in a state of fear before he makes his move.
When asked if this was politically motivated, the hacker claimed that the goal was to exterminate human life and smear the government.
Law enforcement said that all district schools were taking necessary precautions to ensure that no data breach occurs. I am somewhat skeptical of this claim, unless they turned off and unplugged all the other computers, since the district was already breached.
Law enforcement said that they feel that there is no threat to the physical safety of our children.
This is totally a crap shoot on their part. The odds are in their favor, which is a good thing, but there are no guarantees.
That fact is a problem. I am going to side with them and hope this is an empty threat. At least this time.
As long as organizations make it as easy as taking candy from a baby to break into their computer networks, they are making it easy for the hackers. Once hackers are armed with stolen data (either by encrypting it or actually stealing it), they have many more options than before.
Hopefully, this is a one-off and not a trend and hopefully this is one mentally deranged individual, but whether that is true is unknown.
Whatever this is, it is certainly an escalation of hostilities. *IF* this an indication of what hackers might do in the future, that represents a scary future.
Assuming this was a target of opportunity, and it likely was – a small school district in rural Montana is unlikely to be a strategic target – then our objective has to be to make it difficult for that random cyber attack to succeed.