A hacking collective known as The Dark Overlord announced on New Year’s Eve that it had broken into the computer systems of a law firm and obtained files related to the September 11 attacks – threatening to publicly release a large cache of internal files unless a hefty ransom was paid, according to Motherboard.
Dark Overlord’s demands targeted several insurers and legal firms, including Lloyds of London, Silverstein Properties and Hiscox Syndicates. It is unclear what exact files were stolen by the group, however the hacking collective tweeted “We’ll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak from @HiscoxComms and others.”
— thedarkoverlord (@tdo_h4ck3rs) 31 December 2018
“Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers,” the group’s announcement reads.
According to a spokesperson for the Hiscox Group, the hackers had breached a law firm which advised the company and had likely stolen files linked to litigation tied to the 9/11 attacks.
“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the spokesperson told Motherboard in an email.
“Once Hiscox was informed of the law firm’s data breach, it took action and informed policyholders as required. We will continue to work with law enforcement in both the UK and US on this matter,” they added.
The hacking group published a small set of letters, emails and other documents that mention various law firms, as well as the Transport Security Administration (TSA) and Federal Aviation Administration (The TSA could not provide a statement in time for publication, and the FAA told Motherboard in an email it was investigating.) Those documents themselves appear to be fairly innocuous, but the group says it may release more.
In its extortion note, The Dark Overlord included a link for a 10GB archive of files it allegedly stole. The group also provided a link to this archive to Motherboard before publishing its announcement. The cache is encrypted, but the hackers are threatening to release the relevant decryption keys, unlocking different sets of files at a time, unless the victims pay the hackers an undisclosed ransom fee in Bitcoin. –Motherboard
“Pay the fuck up, or we’re going to bury you with this. If you continue to fail us, we’ll escalate these releases by releasing the keys, each time a Layer is opened, a new wave of liability will fall upon you,” reads the demand letter.
The hacking collective is also offering to sell the data on the dark web hacking forum, and has reportedly attempted to blackmail individuals mentioned in the documents themselves.