This article is more than 1 year old
Hacker cyber-gang: Give us cyber-cash for cyber-cache of 18,000 stolen Sept 11th insurance docs
Law firm computers raided, siphoned of info – and companies can pay to redact files, it is claimed
The hackers who claim to have breached a British insurer last year say their cache of pilfered files include confidential documents on the September 11 terrorist attacks.
The Dark Overlord group claims a collection of 18,000 files, lifted from British insurance company Hiscox, include insurance claims that Lloyd's of London* and Silverstein Properties handled in the aftermath of the 2001 attacks that killed 2,977 innocent people and 19 terrorists during the destruction of both towers at New York City's World Trade Center and the attack on the Pentagon. Silverstein owns the World Trade Center complex.
"What we'll be releasing is the truth. The truth about one of the most recognisable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers," the hacker group said.
"What we're offering to the world is the truth, exclusively from us, one of the planets premier hacking organisations dedicated to breaching leading targets and acquiring the most scandalous materials that we may use in our systematic extortion campaigns."
The Dark Overlord group has previously claimed to have hacked Netflix (an allegation that was denied by Netflix) and a UK plastic surgery clinic.
Hiscox has confirmed at least some of Dark Overlord's boasts about obtaining the insurance files are true, acknowledging that documents related to 9/11 insurance cases were swiped during an April 2018 cyber-raid on a law firm Hiscox worked with.
"The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident," Hiscox said on Monday.
"One of the cases the law firm handled for Hiscox and other insurers related to subrogation litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach. Once Hiscox was made aware of the law firm’s data breach, it took action and informed policyholders as required. We will continue to work with law enforcement in both the UK and US on this matter."
Silverstein Properties, meanwhile, was unfazed by the claim.
"We are aware of claims of alleged security breaches at firms involved in the five-year insurance litigation following the attacks of 9/11, and are conducting an internal investigation based on these claims. To date, we have found no evidence to support a security breach at our company," a spokesperson told The Register.
"We have spent the last 17 years fulfilling our obligation to deliver a magnificent and fully rebuilt World Trade Center. We will not be distracted by 9/11 conspiracy theories."
DarkOverlord says the pilfered files will be offered up to anyone and everyone willing to pay for them in Bitcoin, while the companies named in the cache can cough up some BTC to get specific items removed from the doc dump.
"The good news for you is that we'll be selling these documents for a limited time," the group said. "If you're a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you're welcome to purchase our trove of documents." ®
Updated to add at 10:16 UTC
* A Lloyd's of London spokesperson has been in touch to say: "Lloyd's has no evidence to suggest that the Corporation's networks and systems have been compromised and remains vigilant with a number of protections in place to ensure the security and safety of data and information held by the Corporation. Lloyd's will continue to monitor the situation closely, including working with managing agents targeted by the hacker group."
Biting the hand that feeds IT
