Hackers who promised to release stolen legal documents related to the 9/11 terrorist attacks have published some 70 megabytes of breached materials.
The Dark Overlord on late Thursday published the decryption keys to the first installment of what it calls the “9/11 Files,” a database the hackers say they pilfered from various international insurers. The group had previously announced it would publish stolen material in five data dumps to be released only after escalating donation goals had been met. The Dark Overlord’s bitcoin wallet had received 15 payments by late Friday morning, Eastern time, up from three donations Wednesday.
This slow-leak approach is consistent with the group’s strategy of creating public attention about its supposed hacks.
“The group has a history of hacking [organizations] to obtain sensitive information before demanding money in exchange for not leaking it to the public domain,” The United Kingdom’s National Cyber Security Centre said in a 2017 threat report. “They leak snippets of data to the media to encourage them to report on their activity. This is aimed at ‘proving’ that a breach has taken place, and increases the pressure on the victim to pay the ransom.”
The Dark Overlord has implied the 9/11 Files were stolen from Silverstein Properties, a New York real estate firm, and insurers Hiscox Syndicates and Lloyd’s of London. Hiscox confirmed to Motherboard a third-party law firm that advised Hiscox had been breached, though both Silverstein and Lloyd’s denied to CyberScoop they had been hacked. The National Life Group issued a similar denial to DataBreaches.net after The Dark Overlord claimed to steal more than 500,000 records from the insurance firm.
The material published Thursday was called “Layer 1,” representing what the Dark Overlord described as the least sensational documents.
Layer 1 consists largely of Microsoft Word files assessing the potential legal liability for airlines and various companies after the 2001 attacks. Perhaps the most notable inclusion is a text document containing the transcript of a 2007 deposition from a former American Airlines operations specialist who received a phone call from a flight attendant working on one of the hijacked planes.
When asked by CyberScoop to point to the “most impactful” documents in Layer 1, the Dark Overlord demurred.
“Don’t you think it’d be unethical for us to tell anyone the answer?” the group said via email. “We’d be biasing [your] research.”
Correction, 1/4/18: This story has been corrected to state that a third-party law firm that advised Hiscox had experienced a data breach. An earlier version of this story reported that Hiscox had been breached.