Earlier this year, Russian hackers known as Tsar Team stole nude patient photos from a plastic surgery clinic in Lithuania. They demanded ransoms from patients from all over the world, threatening to leak their compromising photos online if they didn't pay. Now, a British plastic surgery clinic that caters to the rich and famous has suffered a devastating copycat attack.
London Bridge Plastic Surgery (LBPS) is located near Marylebone in central London. The well-known clinic is popular with wealthy clients who desire the best work available. The surgery’s website says that it is “one of the leading plastic surgery clinics in the UK.”
Now, hackers known as the Dark Overlord have stolen a cache of photos from the celebrated clinic. The infamous hackers, who previously leaked season five of Orange Is The New Black (much to fans’ delight), are threatening to publish those images online.
Nude Celebrity Surgery Photos
The stolen photos include pictures taken before, during, and after procedures. As such, they include compromising images of wealthy clients and celebrities who elected to undergo procedures such as breast enlargements and genital enhancements. Among those affected by the lude cyberattack is British celebrity Katie Price, AKA Jordan.
The timing of the attack may raise some eyebrows. Why? Because Jordan recently publicly thanked LBPS for a successful facelift she underwent at the clinic. As Jordan isn’t particularly well-known outside of the UK, could this mean that the Dark Overlord hackers are located in Britain?
Deeply Compromising Material
The copycat plastic surgery attack first emerged when Dark Overlord hackers contacted US-based news website The Daily Beast with the following message:
“We have TBs [terabytes] of this shit. Databases, names, everything. There are some royal families in here.”
Along with that message, the Daily Beast received a nest-egg of photos that allegedly contains images of patients in the process of receiving surgical alterations.
“The world has never seen a medical dump of a plastic surgeon to such degree,” the hackers boasted.
After looking at the photos, the Daily Beast has reported that:
“Many are highly graphic and close-up, showing surgery on male and female genitalia. Others show apparent patients’ bodies post-operation, and some include faces.”
The hackers are threatening to leak the photos online. The Daily Beast has confirmed that they certainly appear to be the real deal.
Penetration Confirmed
The London-based clinic has used cybersecurity experts to confirm that it was penetrated in advance of the Dark Overlord’s claims:
“Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised.”
This makes is seem likely that the cache of photos is indeed new material, as opposed to re-hashed photos from the Lithuanian clinic being used to blackmail another surgery.
LBPS has released a statement on its website that says:
“Security and patient confidentiality has always been of the utmost important importance to us … We are profoundly sorry for any distress this data breach may cause our patients and our team are available around the clock to speak to anyone who has any concerns by calling 020-3858 0664.”
Modern Attack Vector
This kind of cyberattack is a novel form of extortion-based hacking that has only arisen this year. The most common method of cyber-extortion involves using malware to lock up a person’s computer or smartphone device.
Ransomware, as it is known, incapacitates the victim’s device with encryption until the victim pays a sum, usually in Bitcoins, to the hackers. The biggest attack ever of this kind - the Wannacy attack - also happened this year. It affected thousands of computers worldwide, including many corporations, government agencies, and hospitals.
In both of this year’s plastic surgery hacks, the cybercriminals have discovered a way to extort their victims in a more personal - and one might say traditional - way. Blackmailing either the victim or the clinic (or both) in order to protect their reputations, is a worrying trend.
Royals Involved?
The hackers' bold claim that they have images of the Royal family likely means that the full force of the UK’s intelligence - including GCHQ and the new National Cyber Security Centre (which was opened by the Queen herself in February) - will be used to try and find them.
The claim is also delightfully seasonal, with the UK gearing up to celebrate the foiling of the Gunpowder Plot on 5 November. If the hackers are discovered, will they be the next group to face charges of High Treason to the Crown? Luckily for the Dark Overlords, High Treason hasn't carried an execution sentence since 1998, so their fate won't be quite as grim as that of Guy Fawkes.
Opinions are the writer's own.
Title image credit: puhhha/Shutterstock.com
Image credits: Joe Seer/Shutterstock.com, Sergey Nivens/Shutterstock.com, Elina Leonova/Shutterstok.com