Notorious hacking group The Dark Overlord is threatening to leak what it claims are highly-sensitive documents relating to the 2001 September 11 attacks. It says it will publish the material capitalizing on various conspiracy theories around the 9/11 attacks unless its ransom demands are met.
According to Motherboard, the group is claiming to have breached several insurers and legal firms, including Hiscox Syndicates Ltd, Lloyds of London and Silverstein Properties.
The Dark Overlord says in an announcement published on PasteBin: “When major incidents like the WTC 911 incident happen, part of the litigation must involve SSI (Sensitive Security Information) and SCI (Special Compartment Information) [sic] from the likes of the FBI, CIA, TSA, FAA, DOD, and others being introduced into evidence.
“But of course this can't become public, for fear of compromising a nation's security, so they temporarily release these materials to the solicitor firms involved in the litigation with the strict demand they're destroyed after their use and that they remain highly protected and confidential to only be used behind closed doors.”
“However, humans aren't perfect and many of these documents don't become destroyed, and when thedarkoverlord comes along hacking all these solicitor firms, investment banks, and global insurers, we stumble upon the juiciest secrets a government has to offer.”
The group says it will be leaking “the first few documents as proof of our trove on the famous dark web hacker forum KickAss” and invited terrorist groups and nations such as China and Russia to make a purchase.
Who is the Dark Overlord and what are its tactics?
In the beginning, the hacker group stole data which it offered for sale, but its attacks soon turned to extortion. Then the Dark Overlord made a habit of hacking high profile organisations and demanding cash in exchange for not leaking information into the public domain. As appears to be the case in this latest “announcement”, the group tends to leak snippets to the media to pressure the victim to pay up.
Previously, the group has targeted health institutions, schools and media production companies including a London-based plastic surgery clinic and a Hollywood production studio – and the group also leaked an entire season of Netflix’s Orange Is The New Black.
Another attempted extortion was LA-based investment bank WestPark Capital. When this was unsuccessful the group leaked information including non-disclosure agreements, reports and contracts. This data was confirmed as legitimate.
According to the UK’s National Cyber Security Centre (NCSC), any organization that deals with sensitive personal information – such as medical institutions and law firms – is at a higher risk of being targeted by The Dark Overlord. It says such an organization “owes a particular duty of care to its clients because of the risk of severe emotional distress if client data is made public”.
However, it points out that while evidence of the stolen data is often provided by this group, “the volume and sensitivity of the data may be exaggerated to maximise impact”.
The latest breach
It is therefore probable that the volume and sensitivity of the data stolen in this latest hack has been exaggerated. The objective of the PasteBin post, as is typical of this group, is extortion. The Dark Overlord is encouraging “dozens of solicitor firms” and others to contact its e-mail and request documents and materials are withdrawn from public release. “However, you'll be paying us,” the post says.
Experts agree the material the Dark Overlord claims to have is not as game-changing as it seems. Ian Thornton-Trump, head of cyber security at Amtrust International says this latest incident sounds like “cyber-criminal bravado”.
“The fact that the firms are named makes me want to believe they have refused to pay the ransoms, so this is a pressure tactic by The Dark Overlord to force the ransom issue.”
Thornton-Trump also questions whether the group has oversold the "sensitive nature" of the documents, saying: “So many years later after the events of 9/11, the items in question may have their security clearance expire in the next six years anyway. A lot of it has been already disclosed by journalists and authors.”
He adds: “This really underscores the importance of security controls. Ultimately this a great example of a threat actor for blue teams to learn from and red teams to emulate.”
At the same time, says Jake Moore, cyber security expert at ESET UK: “The problem with digital ransom is that it’s virtually impossible for the payee to know if the ransom call has any substance – unless of course you know you have been breached or are concerned about the level of security protecting your most delicate assets.”
He advises firms to never pay the ransom. “They may or may not hand over the goods, they may or may not have a copy and indeed could have already sold it or given it away. Meanwhile, because of the nature of digital theft, they may not even be the original owner of the stolen data.”
