A California investment bank appears to have been targeted by hackers, who reportedly stole and leaked sensitive internal documents, as part of an apparent elaborate extortion scheme. The hacker/hacker group going by the name The Dark Overlord leaked the internal files after their initial ransom offer was rejected by the bank's CEO.
The hackers have already leaked around 20 internal files online from Los Angeles-based WestPark Capital, as retaliation for the bank's CEO not accepting their "handsome proposal". The Dark Overlord wrote in a post on Pastebin: "WestPark Capital is a 'full service investment banking and securities brokerage firm' whose CEO, Richard Rappaport, spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced."
Lastline security consultant Jamie Moles told IBTimes UK: "This story stands out from this year's higher profile reports in a number of ways. TheDarkOverlord have reported themselves that they managed to hack Westpark Capital and others not through the common technique of phishing emails and malware attacks but by taking advantage of a bug in the Microsoft Remote Desktop Protocol – this is traditional hacking and not something we see reported so much nowadays."
The leaked files include internal presentations, non-disclosure agreements, internal reports and contracts. One of the leaked documents includes a signed agreement from an unnamed company. The legitimacy of the contents of this particular document has been confirmed by the firm, indicating that the hackers may indeed have breached the bank's network.
The Dark Overlord has also been recently implicated in a series of US healthcare hacks. The hacker/hackers claimed to have put troves of healthcare records, including personal details like names, address and SSNs (Social Security Numbers) of scores of patients, on sale on the popular dark web marketplace – The Real Deal.
"We made a handsome proposal to Mr Rappaport that would involve us withholding this news. However, Mr Rappaport chose to not cooperate with us in what could have been a very clean and quiet business opportunity for himself," a spokesperson for The Dark Overlord told Motherboard.
The hackers' exploits first came to light in June, after they listed a series of alleged patient records from various healthcare organisations for sale on the dark web. In these cases, the hackers would steal sensitive data, with the primary intention of extorting a ransom from the victims, with the assurance that the firm's data would not be leaked and/or sold if the ransom was paid.
It appears that the hackers may be following a similar approach in extorting WestPark Capital. The hackers said: "We are open and available for further communications with Mr Rappaport if he chooses to mitigate what may be to come."
According to Moles, the language used by hackers, both in their interview, as well as their pastebin post is indicative of their geo-location. Moles explained: "The language that TheDarkOverlord have used in publishing the Westpark Capital data – describing their extortion attempt as a 'handsome business proposal' to withhold news of the hack which would have been a 'quiet business opportunity' for the company CEO. This demonstrates the deluded outlook that there is a familiar hallmark of many of the Eastern European/Russian criminal gangs who use technology to extort money from legitimate businesses – by framing their efforts in normal business language they are attempting to add a veneer of legitimacy to their criminal activities."