Bright new year, slimy return of The Dark Overlord (TDO), a well-known group of highly self-amusing cyber extortionists who’ve now chosen 9/11-related firms to pick on.
The group announced on Pastebin (content now removed) on New Year’s Eve that it had hacked a law firm that handles cases relating to the 11 September 2001 terrorist attacks. It threatened to publicly release what it claimed are gigabytes of confidential, litigation-related documents:
E-mails, retainer agreements, non-disclosure agreements, settlements, litigation strategies, liability analysis, defence formations, collection of expert witness testimonies, testimonies, communications with government officials in countries all over the world, voice mails, dealings with the FBI, USDOJ, DOD, and more, confidential communications, and so much more.
The gang is apparently expanding its repertoire to include capitalizing on conspiracy theories. It tweeted on Monday about “providing many answers” about such conspiracies with the document cache.
Come and get ’em, TDO said to terrorists and enemy states:
If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.
Then, on Wednesday morning, TDO announced on Pastebin (content now removed) that it had released a teaser’s worth of documents to verify its claims. It presented a tiered plan to “release each layer of damaging documents that are filled with new truths, never before seen.”
Each layer contains more secrets, more damaging materials, more SSI [Sensitive Security Information], more SCI [Special Compartment Information], more government investigation materials, and generally just more truth. Consider our motivations (money, specifically Bitcoin), we’re not inclined to leak the juiciest items until we’re paid in full.
As of yesterday afternoon, the group’s bitcoin wallet had received three payments. Also yesterday, Twitter suspended an account, @tdo_h4ck3rs, that recently began selling access to stolen legal documents.
In its post on Monday, the crooks said that they had hacked New York-based real estate developer Silverstein Properties – one of the companies mentioned in 9/11 conspiracy theories – along with insurers Hiscox Syndicates and Lloyds of London, among several other insurers and legal firms. TDO said it had discovered the sensitive, 9/11-associated information when it went through the allegedly stolen documents.
Hiscox told the Financial Times [paywalled content] that any of its documents claimed by TDO came from an old breach:
The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach.
TDO said that the hacked legal firm – allegedly Blackwell Sanders Peper Martin, now called Husch Blackwell – paid the ransom a few months ago. But according to the Financial Times, the company said in a statement that no, it hadn’t been hacked. Rather, the crooks got their hands on old documents written on old letterhead:
Several documents bearing the letterhead of a predecessor law firm to Husch Blackwell were made public earlier this week by a cyber terrorist group.
After a thorough review Husch Blackwell can confirm that no documents were obtained from Husch Blackwell and that there was no unauthorised access to Husch Blackwell systems, client files, documents or data.
TDO said that yes, the law firm paid, but it had also gone to the police. That wasn’t what we agreed, TDO said, so we’ll release the information… once our bitcoin wallet is full of cash, that is.
Extorting money and then publishing stolen documents anyway is par for the course for the gang.
TDO, which held an entire school district for ransom and issued death threats to children, has also gone after healthcare organizations. And as its puffed-up prose gleefully lectures readers, it was also responsible for extorting Netflix (though the company refused to pay).
It likes to do things like that: threaten the lives of children, and spoil the release of Season 5 of Orange Is the New Black.
In spite of having received 50 bitcoins (worth about $50,000 at the time) from an audio post-production studio in Hollywood, TDO went right ahead and released the show anyway.
The FBI is reportedly investigating the theft of the 9/11-related documents. It’s declined to comment.
Source : Naked Security