Bright new year, slimy return of The Dark Overlord (TDO), a well-known group of highly self-amusing cyberextortionists who’ve now chosen 9/11-related firms to pick on.
The group announced on Pastebin (content now removed) on New Year’s Eve that it had hacked a law firm that handled cases relating to the 11 September 2001 terrorist attacks.
It threatened to publicly release what it claimed are gigabytes of confidential, litigation-related documents:
E-mails, retainer agreements, non-disclosure agreements, settlements, litigation strategies, liability analysis, defence formations, collection of expert witness testimonies, testimonies, communications with government officials in countries all over the world, voice mails, dealings with the FBI, USDOJ, DOD, and more, confidential communications, and so much more.
The gang is apparently expanding its repertoire to include capitalizing on conspiracy theories. It tweeted on Monday about “providing many answers” about such conspiracies with the document cache.
Come and get ’em, TDO said to terrorists and enemy states:
If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.
Then, on Wednesday morning, TDO announced on Pastebin (content now removed) that it had released a teaser’s worth of documents to verify its claims. It presented a tiered plan to “release each layer of damaging documents that are filled with new truths, never before seen.”
Each layer contains more secrets, more damaging materials, more SSI [Sensitive Security Information], more SCI [Special Compartment Information], more government investigation materials, and generally just more truth. Consider our motivations (money, specifically Bitcoin), we’re not inclined to leak the juiciest items until we’re paid in full.
As of yesterday afternoon, the group’s bitcoin wallet had received three payments. Also yesterday, Twitter suspended an account, @tdo_h4ck3rs, that recently began selling access to stolen legal documents.
In its post on Monday, the crooks said that they had hacked New York-based real estate developer Silverstein Properties – one of the companies mentioned in 9/11 conspiracy theories – along with insurers Hiscox Syndicates and Lloyds of London, among several other insurers and legal firms.
Hiscox told the Financial Times [paywalled content] that any of its documents claimed by TDO came from an old breach:
The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach.
As part of the hack, TDO allegedly got at a trove of documents printed on letterhead paper from Blackwell Sanders Peper Martin, now Husch Blackwell.
Though TDO published images from 16 documents that involve filings from “In re Terrorist Attacks on September 11, 2001” litigation, the Blackwell Sanders attorneys involved in that litigation left the firm in 2002, taking the matter with them.
Husch Blackwell says:
Several documents bearing the letterhead of a predecessor law firm to Husch Blackwell were made public earlier this week by a cyber terrorist group. After a thorough review Husch Blackwell can confirm that no documents were obtained from Husch Blackwell and that there was no unauthorised access to Husch Blackwell systems, client files, documents or data.
Information available to us indicates that any breach relating to the documents recently made public occurred at another firm.
Whatever actually happened, and however TDO came upon its allegedly ill-gotten data, the hacking group claimed that some law firm paid a ransom and then went to the police…
…but going to the police was not part of the deal, so TDO said it would release the information anyway, once its bitcoin wallet was full of cash.
Extorting money and then publishing stolen documents anyway is par for the course for the gang.
TDO, which held an entire school district for ransom and issued death threats to children, has also gone after healthcare organizations. And as its puffed-up prose gleefully lectures readers, it was also responsible for trying to extort money from Netflix, though the company refused to pay.
It likes to do things like that: threaten the lives of children, and spoil the release of Season 5 of Orange Is the New Black.
Despite receiving 50 bitcoins (worth about $50,000 at the time) from an audio post-production studio in Hollywood, TDO went right ahead and released the show anyway.
The FBI is reportedly investigating the theft of the 9/11-related documents. It has declined to comment.
Note. This article was updated at 2019-01-03T19:00Z and 2019-01-04T00:15Z to include Husch Blackwell’s statement that its own networks were not hacked in this data breach.