Serbian police have arrested a 38-year-old man from Belgrade on suspicion of being part of the infamous The Dark Overlord (TDO) hacking crew.
The arrest took place earlier today. Police did not release the suspect's name, only his initials (S.S.), year of birth (1980), and city (Belgrade).
Serbia's Criminal Police Directorate (UCC) made the arrest in collaboration with the US Federal Bureau of Investigation (FBI).
TDO is one of most infamous hacking groups still in activity, behind many hacks and extortion attempts.
In a press release published by Serbia's Ministry of Internal Affairs, the group is accused of hacking and stealing data from over 50 victims since June 2016, and making over $275,000 from successful extortions, which the group usually asked as Bitcoin transfers. Below is a small (and arguably incomplete) list with just some of the few hacks that got media coverage.
The hacker group also operated an active Twitter account where it would often issue threats against organizations or list their hacks. Here is just one of the tens of such tweets the group would often send out.
TDO has been especially active in the past 2-3 years targeting the healthcare and educational sector especially, although, in conversations with this reporter, the group peddled various other breaches for which they wanted to get media coverage.
When hacking wasn't enough, the group embarked on campaign of threatening the hacked victims with physical violence. Notorious was a campaign in 2017 that took place in the US, where the hacker group would breach high-schools, steal personal data, and ask for a ransom. If the school didn't pay, they would use the stolen data to contact and threaten the school's students and staff.
In conversations with this reporter, the group was well aware that the FBI was on its tail. In November 2017, the group bragged to a fellow reporter about dodging one of the hacking tools FBI agents tried to infect the hackers and identify their whereabouts.
It is unknown S.S.' role in the larger TDO group, who claimed several times they were a collective. Without any info, S.S. could be the leader, a pawn, or just a hapless copycat.
A man signing extortion notes with the moniker "The Dark Overlords" (with an extra "s" at the end) was arrested last year in the UK. It is unclear if he's a legitimate member of the actual TDO group, or just a copycat taking advantage of the group's fame.
UPDATE: Post this article's publication, TDO hackers have taken to social media to downplay the police's arrest.
Law enforcement has proven to be most incompetent.— thedarkoverlord (@tdo_hackers) May 17, 2018
We've not endured the loss of any members of our organisation. Law enforcement continues to fail in their hunt for our organisation.— thedarkoverlord (@tdo_hackers) May 18, 2018