The hacking collective known as The Dark Overlord threatened on New Year’s Eve to release a large cache of 18,000 documents that it claims will reveal the truth about what really happened on 9/11 unless they are paid a ransom in Bitcoin. The group obtained the documents from several insurers and legal firms, including Hiscox Syndicates Ltd, Lloyds of London and Silverstein Properties.
Here’s their tweet on the threat. Since posting it their Twitter account has been suspended.
A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm that advised the company, and likely stolen files related to litigation around the 9/11 attacks.
“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the spokesperson wrote in an email.
“Once Hiscox was informed of the law firm’s data breach, it took action and informed policyholders as required. We will continue to work with law enforcement in both the UK and US on this matter,” they added. Lloyds of London did not respond to a request for comment.
The hacking group published a small set of letters, emails and other documents that mention various law firms, as well as the Transport Security Administration (TSA) and Federal Aviation Administration (The TSA could not provide a statement in time for publication, and the FAA told Motherboard in an email it was investigating.) Those documents themselves appear to be fairly innocuous, but the group says it may release more.
In its extortion note, The Dark Overlord included a link for a 10GB archive of files it allegedly stole. The group also provided a link to this archive to Motherboard before publishing its announcement. The cache is encrypted, but the hackers are threatening to release the relevant decryption keys, unlocking different sets of files at a time, unless the victims pay the hackers an undisclosed ransom fee in Bitcoin.
“Pay the fuck up, or we’re going to bury you with this. If you continue to fail us, we’ll escalate these releases by releasing the keys, each time a Layer is opened, a new wave of liability will fall upon you,” the extortion note reads.
The Dark Overlord is also claiming to be offering to sell the data on a dark web hacking forum, and is attempting to blackmail individuals who may be included in the documents themselves.
“If you’re one of the dozens of solicitor firms who was involved in the litigation, a politician who was involved in the case, a law enforcement agency who was involved in the investigations, a property management firm, an investment bank, a client of a client, a reference of a reference, a global insurer, or whoever else, you’re welcome to contact our e-mail below and make a request to formally have your documents and materials withdrawn from any eventual public release of the materials. However, you’ll be paying us,” the group’s post reads.
As The Dark Overlord’s announcement notes, the breach itself was previously reported in vague terms by a specialist legal publication, and Hiscox Group pointed Motherboard to the firm’s own April 2018 announcement of a data breach.
“Hiscox recently learned of an information security incident affecting a specialist law firm in the US that provided advice to Hiscox or its policyholders on some of its US commercial liability insurance claims. The incident involved illegal access to information stored on the law firm’s server, which may have included information relating to up to 1,500 of Hiscox’s US-based commercial insurance policyholders,” that earlier announcement reads.