In the latest enforcement of a recently adopted policy against the distribution of hacked materials, Twitter has moved to vanquish the account of a hacking group believed to have pilfered thousands of documents from an American law firm that litigated insurance claims stemming from the Sept. 11, 2001, terrorist attacks.
The policy, which forbids the spread of stolen “private information or trade secrets,” is but one of several implemented this October in the face of heightened scrutiny by Washington lawmakers, due to what U.S. intelligence portrayed as the weaponization of social media by entities tied to the Russian government.
Black-hat hackers have for years spread stolen material on the platform, often with little or no consequence. Hacktivist groups like Anonymous and LulzSec are but two examples of popular accounts where, as far back as 2011, links to confidential data lifted from the servers of major corporations were openly shared.
With this latest action, however, Twitter is ostensibly confirming that an era of unchecked propagation of stolen secrets is now coming to a close.
The account suspended by Twitter was recently created by an established hacking group calling itself The Dark Overlord. The group had announced Monday the theft of what it said were roughly 18,000 confidential documents related to the World Trade Center attacks, which it claimed to have stolen from a company handling related insurance litigation.
A reliable source of breach-related news, databreaches.net, noted on Wednesday that the initial hack, first reported in April, had garnered little attention from the press. (The site also obtained exclusive files from the hackers themselves.) Dark Overlord identified multiple insurance firms from which it claimed it acquired the stolen cache: Hiscox Syndicates Ltd., Lloyd’s of London, and Silverstein Properties.
Hiscox sought to distance itself from the breach in a public statement, saying its IT infrastructure is in no way linked to a law firm that it hired, which it claimed is the source of the leaked material. “One of the cases the law firm handled for Hiscox and other insurers related to subrogation litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” the company said.
Notably, while the group says to have hacked each of the three insurance firms it identified, Hiscox’s statement casts doubt on that claim, specifically by implicating a single law firm as the source. The law firm itself has not yet been identified and the Dark Overlord reportedly declined to explain itself after Hiscox’s response.
Lloyd’s of London and Silverstein Properties could not be immediately reached for comment.
In addition to screenshots of the hacked files shared via links on Pastebin, the threat group also shared a link to an archive, which it said was divided into five well-encrypted containers. The numbered containers are said to contain progressively more scandalous material tied to the 9/11 attacks. The group advised journalists to download the archive now, adding: “As time goes on, we may publicly release keys for each of these containers if our requests from the involved companies are not met.”
The group has demanded money in exchange for not releasing the material. “Pay the fuck up, or we’re going to bury you with this,” it said in an open letter. Meanwhile, the group claims to have put the documents up for sale on the dark web. (The Pastebin points to a specific forum where it claims decryption keys will be released if its demands are not met; presumably, if it can’t otherwise find a buyer.)
While the sample documents appear to be authentic, those released so far appear typical of what one might expect from legal disputes over the most significant terrorist attacks in modern history. The full range of the material is unknown, but the hacking group described them thusly:
What sorts of documents, specifically? Emails, retainer agreements, non-disclosure agreements, settlements, litigation strategies, liability analysis, defence formations, collection of expert witness testimonies, testimonies, communications with government officials in countries all over the world, voice mails, dealings with the FBI, USDOJ, DOD, and more, confidential communications, and so much more.
It is also clear that the group hopes to exploit the wide range of often incredible theories surrounding the attacks and those deemed responsible by less than reputable sources. On Monday, the group tweeted it would be “providing many answers about 9.11 conspiracies through our 18.000 secret documents leak.”
Potentially, the dredging up of conspiratorial notions about 9/11 is a tactic to inflame attention on social media and force the hands of those who stand to lose most by having proprietary information spread online; chiefly, the attorneys and various insurers involved.
Nevertheless, the true motivations of the hackers are by no means a mystery. Actually, they spell it out pretty plainly in their letter: “We’re not motivated by any political thoughts. We’re not hacktivists,” they wrote. “We’re motivated only by our pursuit of internet money (Bitcoin).”
Regarding the suspension of Dark Overlord’s account, a Twitter spokesperson told Gizmodo: “We don’t comment on individual accounts for privacy and security reasons.”