Police still in contact with hackers
The Flathead County Sheriff’s Office has continued to be in contact with a group of international cyber hackers who released a ransom note directed at the Columbia Falls School District Monday evening.
Although law enforcement officials do not believe there is an immediate safety threat as students Tuesday returned to class for the first time since Sept. 13, they continue to put every available resource into the case.
“We have been in contact with [the cyber hackers] in the last 24 hours and at this point we are continuing to deal with them,” Flathead County Sheriff Chuck Curry said Tuesday.
“At this point, it’s inappropriate to comment on the discussion,” he added.
Meanwhile, the FBI is using computer forensics to find out the extent of a security breach that compromised personal information for students and staff within the Columbia Falls School District.
“We don’t know everyone whose information was accessed or how many,” Columbia Falls Police Chief Clint Peters said Tuesday morning.
The group of cyber hackers reportedly used information — including phone numbers, addresses and emails — stolen from the school district to threaten staff and community members before sending an extortion letter to district officials. The initial threats prompted a valleywide school closure for three days while law enforcement investigated the case.
Columbia Falls Superintendent Steve Bradshaw hopes to find out within 48 hours exactly what information was obtained in order to notify families.
“We’re trying to find out as fast as we can,” Bradshaw said in efforts to help parents prepare.
Until authorities obtain more information about the school district security breach, students and parents associated with Columbia Falls schools, past and present, should “be aware and know it is potentially out there,” Curry told the Inter Lake.
Police Chief Peters advised community members to keep an eye on their bank accounts, credit scores, etc.
The group of cyber hackers that gained access to Columbia Falls School District computers are known as the Dark Overlord or DarkOverlord Solutions.
They gained a reputation in 2016 for extortion attacks against health-care organizations. They also have a reputation for hacking into Hollywood studios and releasing shows ahead of the scheduled airing time.
The group typically contacts a victim organization to inform them that their information has been stolen before demanding a ransom payment in exchange for confidentiality of the stolen information.
“They’ve claimed a lot of data and information across the country,” Curry said.
The message sent by the cyber hackers to the Columbia Falls School District Officials claims “We have successfully attacked and breached your districts internal and ‘secure’ infrastructure and we proceeded to pillage your computer network of very valuable data and information,” The letter goes on to say, “Let’s just keep everything about this event between us, okay?”
The seven-page ransom letter orchestrated by the cyber hackers demands Columbia Falls “satisfy one of our business propositions, otherwise we will wreak havoc upon your district or your personal lives.”
It gives the district 48-hours to respond to the terms of competing a transfer of three “payment plans” from $75,000 to $150,000 United States dollars of Bitcoin (BTC) — an online currency or digital payment system.
“It’s crypto-currency. It’s not a physical thing,” Curry said of Bitcoin.
The sheriff said his office is working with the FBI to pinpoint other organizations who have been victimized by the DarkOverlord Solutions.
“We are gathering information and are attempting to coordinate those investigations,” he said.
The cyber hackers have made threats to organizations in the past, but targeting schools appears to be a fairly new thing for the cyber criminals, Curry said.
“I don’t know if they consistently threaten harm to others. I don’t know their tactics. But I do know the general consensus is that they are here for the ransom.” he said.
Tracking a group of criminals behind a computer screen, from potentially across the globe involves a unique set of strategies and techniques. The effort to keep one step ahead of cyber criminals is a constant process.
“In the government we are always working to ensure the safety of our networks,” said Lee Johnson, a supervisor with the Division of Criminal Investigation in the Montana Department of Justice. “The threat is always there.”
Cyber hackers have the potential of gaining access to informational systems wherever there is a vulnerability. If they do get into the system, tracking cyber criminals is an in-depth process, and one that is not easy.
“It’s a form of terrorism,” Johnson said. “There is a lot of layers to it.”
According to the FBI, the threat from cyber attacks is incredibly serious — and growing. Cyber intrusions are becoming more commonplace, more dangerous and more sophisticated.
The FBI doesn’t support paying a ransom in a cyber attack because paying a ransom doesn’t guarantee an organization that it will get its data back, according to the FBI’s Cyber Crime website, Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity, the website states.
“For many agencies, including our agency, it is a relatively new arena of crime,” Curry said. “We, along with other agencies, are continuing to develop better skills in this area. That is one of the things the FBI brings to the table and one of the reasons we are working so closely with them. They have experience and assets we might not necessarily have.”
Columbia Falls Police Chief Peters said as the investigation into threats against Flathead Valley schools progressed, it started to become clear that the perpetrators were not in Montana.
“Our investigation led us to the determination that these folks were not local, and that was essentially confirmed once the ransom came in,” Peters said. “They switched their conversation with our negotiators from saying they were threatening us — to what we are really after is money.”
Local law enforcement officials said they made the decision to release the ransom letter sent to the school district on Monday to give the community piece of mind that students were safe to return to school.
“They need to be able to make an informed decision and they need to be able to trust that we are keeping the community safe,” he said. “At this point we figured it was best that the public know as much information as we can possibly give them.”
Peters said he was impressed and grateful for how other law enforcement agencies quickly jumped in to help as soon as the threats were made.
“It’s been humbling, the response we’ve gotten. Every single law enforcement agency in the valley has come together and worked with us.”
Whitefish City Manager Adam Hammatt said he did his best to serve as a liaison between city officials and residents over the course of the investigation.
Hammatt said some community members expressed frustration with unanswered questions regarding the situation.
“I understand the desire to know what’s going on. But there’s a fine balance between the public’s desire to know and not jeopardizing the case,” he said.
“It took everyone by surprise, ‘Why Columbia falls? Why Flathead Valley?’ I know that’s something a lot of people are struggling with. But it’s a fantastic community. We are returning back to our normal routine and we need to let these guys know that we aren’t going to let them scare us,” Hammatt said.