On 31st December 2018, the New Year's eve, The Dark Overlord hacker group announced on Pastebin that it had breached a law firm handling cases related to the September 11 attacks, and threatened to leak the documents unless their ransom demands were met. The firms hacked by the Dark Overlord includes Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
“Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet, insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers,” the announcement reads.
The Dark Overlord hacker group has breached several legal firms and threatened to publicly release the documents related to the September 11 attacks unless they receive ransom payment. However, the documents stolen by the hacker group remains unknown.
“We'll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak from HiscoxComms and others,” The Dark Overlord tweeted.
“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the spokesperson wrote in an email to Motherboard.
“Once Hiscox was informed of the law firm’s data breach, it took action and informed policyholders as required. We will continue to work with law enforcement in both the UK and US on this matter,” the spokesperson added.
The Dark Overlord has published a small set of letters, emails and other documents that pointed out several law firms, as well as the Transport Security Administration (TSA) and the Federal Aviation Administration. Those documents appear to be harmless, however, the hacker group said that it may release more.
The Federal Aviation Administration told in an email to Motherboard that it was investigating into the matter.
Ransom demanded in Bitcoin
The hacker group in its extortion note included a link for a 10GB archive of files it has stolen. Before publishing its announcement, the group provided a link to this archive to Motherboard. The cache is encrypted, but the group is threatening to release the relevant decryption keys, unlocking different sets of files at a time, unless the victims pay ransom payment in Bitcoin. The hacker group is also claiming to sell the documents on a dark web hacking forum.
“Pay the f*** up, or we're going to bury you with this. If you continue to fail us, we'll escalate these releases by releasing the keys, each time a Layer is opened, a new wave of liability will fall upon you,” the extortion note reads.
“If you're one of the dozens of solicitor firms who was involved in the litigation, a politician who was involved in the case, a law enforcement agency who was involved in the investigations, a property management firm, an investment bank, a client of a client, a reference of a reference, a global insurer, or whoever else, you're welcome to contact our e-mail below and make a request to formally have your documents and materials withdrawn from any eventual public release of the materials. However, you'll be paying us,” the group’s post reads.
Not a new attack?
On reading between the lines, The Dark Overlord’s announcement hints that the breach itself was previously reported but not widely covered in media. Moreover, the Hiscox Group also made a data breach announcement in April 2018.
In the earlier announcement, Hiscox stated, “Hiscox recently learned of an information security incident affecting a specialist law firm in the US that provided advice to Hiscox or its policyholders on some of its US commercial liability insurance claims. The incident involved illegal access to information stored on the law firm’s server, which may have included information relating to up to 1,500 of Hiscox’s US-based commercial insurance policyholder.”