In a highly unusual hacking case, an entire school district in Montana shut down for three days following a data breach of student and faculty records. Investigators say that parents received “extremely graphic threats via text messages” and that hackers sent the school board a ransom note demanding bitcoin payments in exchange for the destruction of hacked data.
The Flathead County Sheriff’s department released a statement on Facebook Monday night that included six pages of the ransom note from hackers going by the name TheDarkOverlord Solutions. From Thursday through Monday, classes and extracurricular activities for the 15,700 students of Columbia Falls School District were canceled. Authorities recommended that the schools return to business as usual on Tuesday, saying that they believed citizens were safe and those believed to be responsible for the threats “have frequently failed to live up to their promises to not release the stolen data in the past, even when their ransom demands have been met.”
TheDarkOverlord Solutions is a name that has been used by hackers in connection with recent high profile ransom-based attacks on Netflix and ABC. No evidence has been released that confirms the same group is actually behind all of these incidents. Flathead County Sheriff Chuck Curry told reporters on Monday that authorities believe whoever is responsible for the threats is based overseas. It appears that part of the reason for the suspension of school activities was threats of violence, something that is fairly abnormal in hacking cases. Police brought in the FBI over the weekend for help after failing to identify a local suspect.
According to the Flathead Beacon:
The letters are targeting Columbia Falls after the hackers successfully infiltrated the school district’s server. The suspects, described as skilled computer hackers who have concealed their location through highly sophisticated means, infiltrated the school district server last week and obtained information about past and present students, parents and staff members, including names, medical records and addresses.
Over the weekend, the individual began sending extremely graphic threats via text messages to specific individuals. The entire server and communication system was shut down temporarily.
No details of what was included in the threatening text messages have been released to the public. The ransom note released by police included the usual troll-ish taunting that hackers commonly use in these situations. The message also contained several references to the 2012 Sandy Hook Elementary School shooting and redacted passages that were allegedly personal information about students obtained from the server breach. The hackers threatened to reveal embarrassing details about authorities’ incompetence if their demands aren’t met.