On Monday, New Year’s Eve, a hacker group announced it had breached a law firm handling cases related to the September 11 attacks, and threatened to publicly release a large cache of related internal files unless their ransom demands were met.
The news is the latest public extortion attempt from the group known as The Dark Overlord, which has previously targeted a production studio working for Netflix, as well as a host of medical centres and private businesses across the United States. The announcement also signals a slight evolution in The Dark Overlord’s strategy, which has expanded on leveraging the media to exert pressure on victims, to now distributing its threats and stolen data in a wider fashion.
In its announcement published on Pastebin, The Dark Overlord points to several different insurers and legal firms, claiming specifically that it hacked Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
“Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers,” the announcement reads.
It is unclear what exact files the group has stolen, but it is trying to capitalize on conspiracy theories around the 9/11 attacks.
“We’ll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak,” the group tweeted on Monday.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm that advised the company, and likely stolen files related to litigation around the 9/11 attacks.
“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the spokesperson wrote in an email.