Earlier this week, the Johnston Community School District in Iowa closed several of its schools, after parents received text messages threatening to harm or kill their children, according to multiple local media reports. Now, a group of hackers, who have traditionally tried to extort money from targets through blackmail or intimidation, has claimed sending the messages and has released a set of alleged voicemails seemingly from affected students and concerned parents.
Although it’s not totally clear if this new incident is part of an extortion effort, the news signals an unusual, and worrying, tactic when it comes to cybercriminals: making direct threats against children. Authorities believe those threats don’t appear to be genuine.
“We’re escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us,” someone from the hacking group, called The Dark Overlord, told The Daily Beast.
The Dark Overlord has previously tried to extort Netflix after hacking a production studio. The group started in mid-2016 by targeting a slew of medical centers across the U.S., before moving on to a number of private companies, such as commercial adhesives manufacturer Gorilla Glue. Since around last month, the group has shifted focus to schools, and threatening messages caused dozens to close for days at a time.
Often the group will hack a target and demand some sort of ransom payment in exchange for not distributing any stolen data. Then, The Dark Overlord may approach media outlets with details of the data breach or other activity, likely in an attempt to put pressure on the target. It is not clear how successful The Dark Overlord has been in extorting funds from victims, and the group representative said that the FBI has told victims not to pay. The group declined to elaborate when asked if the attack on this latest school district was part of a financially driven campaign.
In this case, The Dark Overlord says it hacked the Johnston Community School District, obtained a cache of data, and then used stolen contact details to send out threatening messages en masse. “I’m going to kill some kids at your son’s high school,” some of the texts said, according to local media reports. On Monday in response, the district decided to cancel classes.
The Dark Overlord said they received voicemails, SMS messages, and phone calls to the number they used to send the messages. The group shared just under a dozen of the alleged voicemails with The Daily Beast, before dumping them online.
“I don’t know who you are, but the shit that you are pulling, it kind of needs to stop,” one voicemail from a woman says. “Because the messages you are sending to parents is pretty fucked up. If you have it out for that many children, then maybe you deserve to be in a hole.”
Other voicemails appear to be from affected students.
“You’re a fucking pussy, you won’t do shit. I’m sitting outside school tomorrow; fucking do it,” a child’s voice says in one message.
The Dark Overlord also published an alleged student directory from Johnston Community School District, and claimed it had hacked the Splendora Independent School District in Texas in a message posted to Pastebin. At the end of September local media reported hackers had stolen student information from the district.
A spokesperson for the city of Johnston did not respond to a request for comment.
Doug Levin, president of consultancy EdTech Strategies told The Daily Beast in an email, “As schools are increasing their reliance on IT services, they are exposing themselves and their communities to new threats. Designed as they are to target children and families and generate fear, this series of attacks represents a significant evolution of the types of online threats facing schools.”
After The Dark Overlord targeted a Montana school district in September, Sen. Steve Daines raised concerns about the group with FBI Director Christopher Wray, the Flathead Beacon reported.
The general problem was not just an issue for Fortune 500 companies, but also hospitals and schools, Wray said.
“It’s a threat that is growing,” he said.
Update: This piece has been updated to include additional comment.