Right at the tail end of 2018, Motherboard reported that a hacking group called The Dark Overlord had stolen files related to litigation around the 9/11 attacks, and dumped a selection of them online.
The release of the files was part of an extortion scheme against The Dark Overlord’s hacking victims, and followed the group’s established technique of stealing information and then approaching media outlets with the files in an attempt to exert further pressure on the group’s targets. The Dark Overlord also distributed a set of encrypted folders, ready to be unlocked at a later date, and which they claimed contained more 9/11-linked material.
Now, around two months after the first data dump, someone has released another encryption key for the third layer of stolen material, which appears to contain thousands of emails, at least some of which are between different law firms.
“You want the True [sic] about 9/11. Here is you change,” a message posted on a popular paste website reads, along with a link to the material and the new decryption key.
Motherboard verified that the decryption key works by using it to unlock the files distributed and downloaded months earlier.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
The newly decrypted folder contains around 5GB of material, including over 8,000 apparent emails. In early January, cybersecurity researcher Vinny Troia claimed The Dark Overlord shared a portion of this layer of files with him; now anyone can decrypt the layer themselves.
In its original extortion message published on New Years Eve, The Dark Overlord claimed it had hacked different insurers and legal firms, including Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
At the time, a spokesperson for the Hiscox Group told Motherboard that hackers had compromised a law firm that advised the company.
“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the spokesperson wrote in an email.
“Once Hiscox was informed of the law firm’s data breach, it took action and informed policyholders as required. We will continue to work with law enforcement in both the UK and US on this matter,” they added.
After the publication of its initial data dump, The Dark Overlord encouraged others to crowdsource funds so the group would release more files. They published another cache in early January, after raising 3 bitcoin or around $11,000.
Hiscox did not immediately respond to a request for comment. The Dark Overlord did not immediately respond either.
Subscribe to our new cybersecurity podcast, CYBER .