Access Management , Cybercrime , Fraud Management & Cybercrime

Dark Overlord Collaborator Sentenced to Three Years

Canadian Man Traded in Stolen Access, Identity Credentials
Dark Overlord Collaborator Sentenced to Three Years
Slava Dmitriev was accused of selling stolen personal data on the AlphaBay Market, an illegal online marketplace shut down by law enforcement authorities in July 2017.

A 29-year-old Canadian man has been sentenced to three years in prison for trading in stolen personal information, including transactions with an aggressive hacking and extortion group known as The Dark Overlord.

See Also: OnDemand Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know

Slava Dmitriev, of Vaughn, Ontario, pleaded guilty on Aug. 30, 2021, to a charge of fraud and related activity, according to a news release from the U.S. Attorney's Office for the Northern District of Georgia. He was arrested in September 2020 while traveling in Greece.

Dmitriev was accused of buying and selling stolen identity information, including Social Security numbers, names, birthdates, on the AlphaBay marketplace. AlphaBay was shut down by law enforcement authorities in July 2017. Prosecutors accused Dmitriev, who went by the nickname GoldenAce, of netting $100,000 from the sale of 1,764 items on the market from May 2016 through July 2017.

Dmitriev is also accused of interacting with The Dark Overlord hacking and extortion group. The group gained access to the computer networks of small businesses, schools and heath care organizations, aggressively demanding ransoms through harassment campaigns. It promoted its activity through social media and media interviews.

Forensic investigations into the group's attacks show it usually capitalized on poor security practices of its victims, such as misconfigurations or default remote access controls.

Prosecutors alleged Dmitriev supplied The Dark Overlord with access credentials for the network of a New York dentist in June 2016. Dmitriev bought the credentials on a criminal marketplace, prosecutors said. The dentist was breached and then extorted by The Dark Overlord.

About a month later, prosecutors say, Dmitriev received a spreadsheet from The Dark Overlord that contained 200,000 stolen identities. In May 2017, Dmitriev sold information that had been stolen by The Dark Overlord that contained the identity of a victim living in La Quinta, California, prosecutors say.

The Dark Overlord's antics, which started around 2016 and subsided around 2018, drew increasing attention from law enforcement authorities, particularly when the group turned to harassing schools and menacing parents.

In September 2017, the Columbia Falls School District in Montana shut down 30 schools for a week after the group texted threatening messages to parents and called some of them. Some 15,000 students were affected. The phone numbers of the parents were obtained through data breaches.

The group also successfully extorted Larson Studios, a post-production studio. The studio paid the group $50,000 in bitcoins after the group stole the forthcoming season of the TV series "Orange Is the New Black." It also tried to directly extort Netflix, where the series was going to air, but it refused (see: Hollywood Studio Hit By Cyber Extortion Says: 'Don't Trust Hackers').

The group's high-profile antics became of such concern that they surfaced at a Senate hearing in September 2017, with FBI Director Christopher Ray telling lawmakers that the agency was pursuing the group. But The Dark Overlord frustrated investigators due to its careful operational security, which made it difficult to identify the real-life identities of the perpetrators.

Court File: Slim on Details

Dmitriev's court file unfortunately does not shed more light on how investigators caught on to his association with The Dark Overlord. His indictment is only three pages, and it does not mention the group. The court file shows there are several documents still under seal. Only the press release mentions the hacking group.

Law enforcement agencies did have some success against some people on the group's periphery (see: Noose Tightens Around Dark Overlord Hacking Group).

One of those was Nathan Wyatt, who was extradited to the U.S. from Britain in December 2019. He pleaded guilty to conspiring to commit aggravated identity theft and computer fraud. Wyatt told investigators that he maintained virtual private network accounts for communication between victims and threat actors (see: 'Dark Overlord' Hacker Sentenced to 5-Year Prison Term).

Before he was extradited to the U.S., Wyatt served a three-year sentence in the U.K. He pleaded guilty there to 20 counts of fraud by false representation, two counts of blackmail and one count of possession of an identity document with intent to deceive (see: Fraudster Tied to 'The Dark Overlord' Jailed for 3 Years).

In May 2018, Serbian police announced the arrest of a male with the initials "S.S." born in 1980. But the disposition of that case isn't clear.

Also in 2018, the U.K. sentenced Grant West of Sheerness, England, to 10 years and eight months in prison. West, who went by the nickname Courvoisier, sold stolen credit card details and credentials. Authorities never publicly tagged West as part of The Dark Overlord, but one security researcher has said West was a person of interest during the investigation of the group and may have interacted with it.


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Executive Editor for Security and Technology for Information Security Media Group. He's the creator of "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware, the greatest crime wave the internet has ever seen.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.