News & Features

Authorities: Overseas Hackers Seeking to Extort Community with Cyber Threats

Hackers send ransom letter seeking electronic currency to end threats, destroy personal information that was gathered in breach

Law enforcement has identified the source of recent cyber threats as an overseas hacking organization that is seeking to extort local residents.

Flathead County Sheriff Chuck Curry released a statement Monday night explaining the latest details of the investigation, including a seven-page ransom letter. Hackers emailed the lengthy ransom letter to members of the Columbia Falls school board and the superintendent on Monday.

Curry said the hacking organization, identified in the letter as TheDarkOverlord Solutions, is an overseas group. The organization is the subject of other investigations across the U.S., Curry said, and has been tied to high-profile hacking incidents, including a breach of Netflix.

Curry said the group is seeking payment via bitcoin, a cryptocurrency and digital payment system. Law enforcement has advised the recipients of the ransom letter to not engage with the hackers.

“We understand that our valley has been terrorized due to the extremely emotionally charged, seemingly real, physical threats to the students of our area schools,” Curry said. “We have made the unusual decision to release the ransom demand letter. We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money.”

»»» Click here to read the ransom letter released by the sheriff’s office

Curry said the FBI and other law enforcement continues to investigate the case. Classes are resuming across the Flathead Valley on Tuesday with heightened police presence.

“We fully understand the concern and fear that has resulted from this cyber-attack, and want the community to know that all the valley law enforcement agency heads feel there is no threat to the physical safety of our children,” Curry said. “As previously stated, the safety of our children has always, throughout this investigation, remained our paramount concern. We will continue to work around the clock to bring those responsible to justice, and remain fully committed to this investigation, even though we now know the physical threat to our children does not exist.”

The ransom letter exposes the hackers’ ultimate goal from this multi-day situation.

“We prefer to prey upon the likes of institutions such as your own, but not because we have anything against children, but rather for much more interesting reasons which you will soon come to understand,” the ransom letter states.

»»» Click here to read an editorial explaining why the Beacon posted excerpts of its conversation with the suspect

The hackers later seek various payments of bitcoin in exchange for them destroying the data and information they gathered, as well as ending the threats.

“If you decide to not entertain us and agree to one of our win-win business propositions, we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you,” the hackers state.

The letters are targeting Columbia Falls after the hackers successfully infiltrated the school district’s server. The suspects, described as skilled computer hackers who have concealed their location through highly sophisticated means, infiltrated the school district server last week and obtained information about past and present students, parents and staff members, including names, medical records and addresses.

Over the weekend, the individual began sending extremely graphic threats via text messages to specific individuals. The entire server and communication system was shut down temporarily.

Curry said all indications are that the hackers do not fulfill their promises if people do pay the ransom.

“We have also discovered that they have frequently failed to live up to their promises to not release the stolen data in the past, even when their ransom demands have been met,” Curry said.

Columbia Falls Police Chief Clint Peters, left, and Steve Bradshaw, Columbia Falls Schools superintendent, address concerns about recent cyber threats during a community meeting on Sept. 18, 2017. Greg Lindstrom | Flathead Beacon

 

Monday’s events marked a bizarre twist in a saga that has cast a pall over the Flathead Valley in the last six days as families and schools try to regain a semblance of normalcy after anonymous hackers sent menacing electronic messages.

Classes resumed Sept. 19 at more than 30 area schools with heightened police presence and preparations among staff in the event of a situation while a robust collection of law enforcement resources, including the FBI, continued to work around the clock investigating the complicated cyber threat.

Authorities have been communicating with the individual for several days and developed intelligence that indicated the threat was not immediate or in the area, according to officials.

Yet the series of electronic messages that emerged last week threatening to harm a large number of people prompted significant concern among local families and disrupted school and activities for several days for more than 15,700 students across Flathead County.

The day before classes resumed, hundreds of parents from across the Flathead Valley attended informational meetings at local schools, hearing from school administrators and law enforcement about the ongoing situation.

“A lot of thought has gone into what is the right thing to do, and the consensus among local and federal law enforcement is to go back to our lives and stop giving him or her power,” Jordan Venezio, school resource officer at Kalispell Middle School, told a crowd of nearly 200 people gathered at an informational meeting.

“I know this is a very scary time … We need your trust. We need you as a community to know we would not put your kids in danger.”

School officials echoed a similar message at several meetings around the valley, saying the safety of students was paramount and that staff were trained and ready if an incident did occur.

“Trust our teachers,” Tryg Johnson, principal at KMS, said. “Our teachers are coached up.”

Mark Flatau, superintendent of Kalispell Public Schools, said families can keep their students home until they feel safe.

“If you need a couple more days, if you need the rest of the week, that’s fine,” he said. “We will work with you. But the goal is, of course, in the days to come to get us back into a normal routine moving forward.”

Flatau said teachers would talk with students about the situation in a sensitive manner depending on the grade level and try to help students understand what occurred.

“There’s a really bad bully who is bullying our schools, and that’s how we are going to talk to them at the younger grades, and the sophistication of that conversation moves forward with the age appropriateness,” he said.

Electronic threats were delivered to schools across the valley late Sept. 13 and early Sept. 14. The cyber threats prompted widespread school closures across Flathead County on Sept. 14 and Sept. 15 and impacted roughly 15,700 students. Extracurricular activities and athletic events were canceled through the weekend.

The Beacon has also been in communication with the suspect since Friday after the individual contacted the newspaper seeking an interview via electronic message through a secured line. The Beacon contacted law enforcement after receiving the request and later shared details of the conversation in the interest of public safety. Law enforcement confirmed that the secure line sent to the Beacon was the suspect’s.

The Beacon is publishing portions of the conversation with the suspect to shed light on the threat and investigation. Much of what the individual stated was extremely graphic in nature, and the Beacon is not going to print a majority of those statements at this time.

Beacon reporter Dillon Tabish along with Editor in Chief Kellyn Brown communicated with the suspect via electronic messages.

“As a journalist I’m compelled to tell you that if this devolves into inflammatory statements or threats, I will not engage in that kind of conversation,” Tabish told the suspect. “Why are you doing this?”

During the course of the conversation, Tabish tried multiple times to understand who the suspect was, where he or she was from, why the individual was making the threats and why they were targeted at area schools.

The individual said on multiple occasions in various ways that he or she intended to kill people in large numbers. The suspect said they were heavily armed with “extensive training.”

“If you know anything about military weapons … it should scare your region,” the person said.

When asked again why he or she was targeting the Flathead Valley, they responded that they wanted to scare people and harm as many people as possible.

“I wanted the public to exist in a state of fear before I make my move. This will allow the government protecting your children to look poorly in the light of the public,” the suspect said.

The individual later elaborated, “The quaint, small, backwoods region of the US like yours is prime hunting grounds. This incident is the last thing you will expect to happen here.”

Tabish asked if the individual was politically motivated, and the individual responded, “My only two purposes are to exterminate human life and smear your government.”

The person expressed pride in the closure of schools, asking, “When was the last time schools were closed this long because of a ‘threat’?”

Tabish asked if there was anything that could be done to change the individual’s mind, and he or she responded, “I might consider an immense donation to my mental health recovery fund. It could fix my mental health issues.”

Tabish asked about the individual’s mental health issues and if they were receiving help.

The individual responded with a threatening statement about murdering people and then added, “Does it sound like I am getting help? Do you think I am foolish? Of course I am not mentally unhealthy. I am of clear mind. I just like to kill people.”

Later in the interview, the suspect asked if the Beacon was going to publish the conversation.

Tabish responded, “I will discuss this with my editor and determine what is relative to our community. We’re not in the business of fear mongering, though. If you want to talk without inflammatory speech, contact me again.”

The individual said if the Beacon was not willing to publish his or her words, they would go to another media outlet.

“That’s your choice,” Tabish responded.

Students and community members arrive at Columbia Falls High School for a community meeting on Sept. 18, 2017, as law enforcement officials and school administrators address concerns about recent cyber threats. Greg Lindstrom | Flathead Beacon

 

There has been no indication that any other school districts’ data systems were breached, according to law enforcement, and all school districts in the Flathead Valley are taking necessary precautions to ensure that no data breach occurs.

“This person is only trying to gain power and self satisfaction through fear and intimidation,” Columbia Falls police officials said in an announcement over the weekend.

Columbia Falls Police Chief Clint Peters added, “I would also like to commend our community for refusing to be paralyzed by fear and continuing your day to day lives in the face of this threat. The resolve and strength of Columbia Falls is unmatched and it truly makes us proud to serve this city. The law enforcement agencies will continue to investigate every lead, will continue to protect our citizens, and will stand strong around the clock to support our communities.”

 

Comments

comments