Dark Overlord Hackers: We Punished ‘Orange Is the New Black’ Studio for Talking to FBI (Exclusive)

Hackers say the studio was “in great delinquency” of “the terms of our agreement”

Last Updated: June 20, 2017 @ 2:40 PM

The Dark Overlord, the hacker group that released the new season of “Orange Is the New Black” a month early, told TheWrap it leaked the Netflix prison series to punish one of its hacking victims for violating a “contract” the hackers imposed forbidding them to go the police.

The hackers stole the episodes from Larson Studios, a family-owned post-production business that works with Netflix, and demanded that Larson follows the terms of an “agreement” written out in the language and format of a legal contract.

Section 4 (c) (ii) of the “agreement,” which refers to the hacking victim as “the Client,” specifies, “If any attempts by the ‘Client’ and/or associated parties of the ‘Client’ are made to defraud this agreement after the understanding of this agreement, thedarkoverlord reserves the right to inflict harm and further adversarial action against by the ‘Client’ and/or associated parties of the ‘Client.'”

“We found Larson Studios was in great delinquency of the agreement after sources confirmed law enforcement cooperation,” the hackers told TheWrap, via an online encrypted messaging service.

“Our executive staff made the decision to proceed with a public release after a result of their clear non-cooperation. Additionally, they failed to meet expectations at several terms, but while that alone was not the cause of our reaction, we stand justified as per the terms of our agreement,” said the individual responding for Dark Overlord.

The statement to TheWrap seemed to serve a dual purpose for the hackers — giving their justification for releasing the episodes, and to scare off other victims from going to the police.

In a detailed account of the hack in Variety, studio owner Rick Larson said he filed an official police report on the compromised content after Dark Overlord said it possessed dozens of shows from Netflix, ABC, CBS and Disney. The hackers first contacted the studio in December.

The studio then met with the FBI in February, which advised them not to pay the hackers.

Dark Overlord initially demanded a $50,000 payment in Bitcoin from Larson Studios to prevent the release of its content — a fee Larson Studios paid, according to Variety.

“Our agreement covered cooperation with outside entities very clearly. Larson Studios was in direct violation of our agreement,” said an individual responding from Dark Overlord to TheWrap. “Cooperation with law enforcement is a direct violation of any client agreement we provide and we will take action for such a fraudulent position.”

But bowing to the ransom demands of hackers is not a sound move, said Zuly Gonzalez, a former cybersecurity expert with the NSA and co-founder and CEO of Light Point Security, a cybersecurity firm.

“My counterpoint to that would be, these are hackers. There’s no guarantee they’re not going to release the content anyway,” said Gonzalez to TheWrap. “Without knowing the details and being a third party outside of what’s happening, I’d say, yes, you want to go to the FBI. I’d also say don’t pay them. It’s not wise to pay them, because if you do, you’re a studio willing to pay money and they’re just going to keep hacking you.”

Gonzalez also said victims need to exercise caution, because hackers might be able to monitor any correspondence with authorities.

The public first learned of the Larson hack in April, when Dark Overlord leaked one episode of the upcoming season of “Orange is the New Black.” After Netflix declined to pay a ransom —  in addition to the one the studio paid — Dark Overlord released the entire season more than a month before the “Orange” season premiere.

Dark Overlord declined to tell TheWrap of other studios it has hacked, as well as upcoming shows it plans to release if their demands are not met. The group did not share where it is based, or how many people it includes.

Larson Studios owner Rick Larson did not immediately return TheWrap’s request for comment.

Matt Donnelly contributed to this report.