By Aaron Kesel
A hacker group known as The Dark Overlord (Tdo) has announced it has breached a law firm handling cases related to the September 11th attacks and threatened to publicly release a large stockpile of internal files unless their ransom demands are met.
The message from the group first posted on a Twitter account Tdo_h4ck3rs to a Pastebin has since been suspended as of this report. The group then said it moved to Reddit where it was also given the proverbial ban-hammer.
The Pastebin post said the following before it was removed.
Earlier in 2018, there was a fantastic and very brief article that was published about a global insurer being hacked. The hackers weren't named and the story fell to the darkness shortly after it came about. No further mentions were made. You might guess who these hackers were. Hello world! What was that story? It was this one: http://www.globallegalpost.com/big-stories/us-law-firm-hack-hits-global-insurer-15490236/
What's the takeaway? We hacked Hiscox Syndicates Ltd.
And why didn't Hiscox Syndicates Ltd make this more public? Well, keep reading on to find out! It wasn't just Hiscox Syndicates Ltd that was put at risk, it was Lloyds of London as well as others. Another entity unnamed in this article is Lloyds of London and who we'll attribute as also being involved. Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers. At this point, the keen amongst you may finally be drawing conclusions at this point, but you'll still be astonished at what's to come. Keep reading. This also means that Silverstein Properties is involved, doesn't it? Now things are getting more interesting. Most of you readers will not be privy to the processes and methods utilised by Fortune 500s to litigate high-impact cases, but we are, and thankfully for us, we're going to let you in on this process. When major incidents like the WTC 911 incident happen, part of the litigation must involve SSI (Sensitive Security Information) and SCI (Special Compartment Information) from the likes of the FBI, CIA, TSA, FAA, DOD, and others being introduced into evidence, but of course this can't become public, for fear of compromising a nation's security, so they temporarily release these materials to the solicitor firms involved in the litigation with the strict demand they're destroyed after their use and that remain highly protected and confidential to only be used behind closed doors. However, humans aren't perfect and many of these documents don't become destroyed, and when thedarkoverlord comes along hacking all these solicitor firms, investment banks, and global insurers, we stumble upon the juiciest secrets a government has to offer.
What's the takeaway? We hacked Lloyds of London and Silverstein Properties.
This release of 911 Litigation Documents is highly exclusive and only available from thedarkoverlord! For a limited time only, we're leaking the first few documents as proof of our trove on the famous dark web hacker forum 'KickAss'. For those of you who are most interested in acquiring the entire set of documents, which counts at over 18.000 documents, to include .doc, .pdf, .ppt, .xls, .tif, .msg, and many other interesting formats (or just to acquire the most highly secret and confidential documents), the good news for you is that we'll be selling these documents for a limited time. If you're a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you're welcome to purchase our trove of documents. You can easily contact us on the dark web hacker forum 'KickAss' or by e-mailing us at the e-mail found below. We'll also sign our PGP key into this message so that you may use our PGP key to contact us if you prefer to be more discreet.
What we'll be releasing is the truth. The truth about one of the most recognisable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers. What we're offering to the world is the truth, exclusively from us, one of the planets premier hacking organisations dedicated to breaching leading targets and acquiring the most scandalous materials that we may use in our systematic extortion campaigns.
If a full public release happens in the near future, we'll guarantee that we're going to withhold only the most highly confidential and sensitive documents for private sale. For the rest of you: don't worry, there's thousands of documents still to go around.
If you're one of the dozens of solicitor firms who was involved in the litigation, a politician who was involved in the case, a law enforcement agency who was involved in the investigations, a property management firm, an investment bank, a client of a client, a reference of a reference, a global insurer, or whoever else, you're welcome to contact our e-mail below and make a request to formally have your documents and materials withdrawn from any eventual public release of the materials. However, you'll be paying us.
If you're a member of the press and would like to make an enquiry, you may do so at our press e-mail which is well known by members of the press. You may acquire this from any reporters who've published our quotes, as they all have it and will accept this signed announcement as permission to share our press e-mail address with you.
We've linked below sixteen images from a very few of the documents from the legal firm Blackwell Sanders Peper Martin, who is now Husch Blackwell. More details and files are available on the KickAss dark web hacker forum.
We're also releasing a small part of the larger archive of the 911 World Trade Center Litigation documents publicly. There's thousands of files included in the archive. Everyone can freely have a copy of the archive and we would encourage it. However, the archive is completely encrypted using a very strong AES encryption and very strong master keys that will prevent anyone from decrypting the veracrypt containers until we publicly release the keys for each layer. The archive is split between five layers. Layer 1 being the most modest, and Layer 5 containing the most heavy hitting and impactful documents, with Layer 2, Layer 3, and Layer 4 containing ever-increasingly scandalous materials. We encourage everyone to obtain a copy of all five archives. As time goes on, we may publicly release keys for each of these containers if our requests from the involved companies are not met. The link to download the 10 GB archive is below. Stay tuned for the possible release of decryption keys. We may release these keys on our new official Twitter page (@tdo_h4ck3rs) and/or on the dark web hacker forum 'KickAss'.
Below is the link to the torrent file to download the archive. The magnet URL follows the PGP at the end of this release.
SHA1 HASH: F4C18CF980648E9FBDAC55952F5F3485DBBA95F9
And finally, a message to the companies directly involved to include the airlines, government agencies, the dozens of solicitor firms, the insurers, and the many others, this is a message directly to you: pay the fuck up, or we're going to bury you with this. If you continue to fail us, we'll escalate these releases by releasing the keys, each time a Layer is opened, a new wave of liability will fall upon you. You know our contact details.
You're welcome, heathens and what's the final lesson? When you're a client of ours and you've accepted an agreement of ours: follow it to the letter. We're not motivated by any political thoughts. We're not hacktivists. We're motivated only by our pursuit of internet money (Bitcoin).
Stay tuned on PasteBin for future announcements related to this leak. We'll always sign all of our releases for verification of authenticity. Subsequent announcements may include this original announcement.
Professional Adversarial Threat Group
TheDarkOverlord Solutions LLC, World Wide Web, LLC.
In its announcement published on Pastebin, The Dark Overlord points to numerous different insurers and legal firms, claiming specifically that it hacked Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
Prior to being suspended on Twitter, Cryptome archived the account and the tweets are very interesting to say the least, tweeting strings of characters presumed to be decryption phrases. Tdo also tweeted that it would begin releasing the secret 911 documents when it received a total of $250 in BTC.
Further, the group claimed to have hacked an offshore bank, Advantage Life, stating they will "top the Panama Papers" leak before Twitter suspended the account, according to the tweet archive by Cryptome.
Tdo claimed on Twitter that the documents they have are way more than just litigation related stating they have Confidential, Classified and Secret documents from the FAA, FBI, TSA, USDOJ, and others.
Since the suspensions from Reddit and Twitter, Tdo has moved to the blockchain to join and utilize Steemit to release its stolen treasure trove of data ... with a hitch attached of course!
Tdo says they aren't hacktivists; they are hackers with a motivation for internet money (Bitcoin.) The group states they will release data in increments when key price targets they have set are met, and set up a release schedule for the data. That release agenda is as follows according to a Steemit post titled "Press Release 02 - Crypto-Cash for Crypto-Cache."
"Preview_Documents.container - Free, we released the key to prove authenticity of our claims.
Checkpoint 01 - 250 USD of BTC = 25 'random' documents from Layer 1.
Checkpoint 02 - 500 USD of BTC = 25 'random' documents from Layer 1.
Checkpoint 03 - 750 USD of BTC = 40 'random' documents from Layer 1.
Checkpoint 04 - 1.000 USD of BTC = 50 'random' documents from Layer 1.
Layer_1.container - 5.000 USD of BTC (All Layer 1 Documents)
Checkpoint 05 - 6.500 USD of BTC = 50 'random' documents from Layer 2.
Checkpoint 06 - 8.500 USD of BTC = 50 'random' documents from Layer 2.
Checkpoint 07 - 12.000 USD of BTC = 50 'random' documents from Layer 2.
Checkpoint 08 - 25.000 USD of BTC = 50 'random' documents from Layer 2.
Layer_2.container - 50.000 USD of BTC (All Layer 2 Documents)
Checkpoint 09 - 65.000 USD of BTC = 100 'random' documents from Layer 3.
Checkpoint 10 - 85.000 USD of BTC = 100 'random' documents from Layer 3.
Layer_3.container - 100.000 USD of BTC (All Layer 2 Documents)
Checkpoint 11 - 250.000 USD of BTC = 250 'random' documents from Layer 4.
Checkpoint 12 - 500.000 USD of BTC = 250 'random' documents from Layer 4.
Layer_4.container - 1.000.000 USD of BTC (All Layer 4 Documents)
Checkpoint 13 - 1.500.000 USD of BTC = 5 'random' documents from Layer 5.
Layer_5.container - 2.000.000 USD of BTC (All Layer 5 Documents)
To clarify this structure, if we reach 10.000 USD of BTC, we'll release the 'Layer_1.container' decryption key to the public via our official Twitter. If another 90.000 USD of BTC is donated (for a total of 100.000 USD of BTC at this point), we'll release the decryption key for 'Layer_2.container' via our official Twitter, and so on. The compensation is compounding structure, with the totals to be calculated from the deposits into the BTC address at the time of their deposits.
We have a long history of trustworthy negotiations and resolutions with many clients of ours. It's our goal to be financially compensated before we initiate any brazen actions. You're motivated by your passions for the truth, and we're motivated by our passion and love for Bitcoin. Let's come to together and meet in the middle.
Our Official Bitcoin Wallet Address: 192ZobzfZxAkacLGmg9oY4M9y8MVTPxh7U."
If that's not enough to wet your whistle for 2019, the group did a 4chan AMA where they claimed that they also have UFO files in their possession for later on in 2019.
Now, if Tdo had not been credited with online mischief before, this could be written off as a LARP. However, the group is quite known for its hacks in 2017 where it hacked Netflix and other studios such as ABC, HBO, CBS and threatened to release unreleased shows, then followed through with its threats despite a ransom payment after the organizations cooperated with authorities. There also have been numerous mentions by intelligence services, including the current FBI director Chris Wray who spoke to the U.S. Congress about The Dark Overlord.
The UK's National Center for State Courts (NCSC) has stated in 2017 the group was responsible for indiscriminately targeting health institutions, schools and media production companies over the last year.
Tdo also claims responsibility for shutting down schools in a Montana district called Columbia Falls, Billings Gazette reported.
Flathead Valley authorities contacted the FBI about two days after threats began, once they realized the group was not local. Lawrence said experts from the CIA and NSA also became involved in investigating the hack.
"These were world-class people," Lawrence said.
At one point, unsuccessful raids were conducted in London attempting to locate hackers, Lawrence said. But hackers use programs that cycle rapidly through IP addresses, which can show where someone is connecting to the internet, masking their location.
"They actually kicked down a couple of doors," Lawrence said.
So the group is certainly making a name for itself, whether or not you agree with its methods of extortion for data.
Below is the link to the torrent file to download the archive. The SHA1 Hash is calculated from '911_Archive.zip'.
SHA1 HASH: F4C18CF980648E9FBDAC55952F5F3485DBBA95F9
Aaron Kesel writes for Activist Post. Support us at Patreon. Follow us on Minds, Steemit, SoMee, BitChute, Facebook and Twitter. Ready for solutions? Subscribe to our premium newsletter Counter Markets.