Cyber Incident Victim: Silverstein Properties
Date:
Dec 2018
Location:
United States of America
Summary
A hacker group known as The Dark Overlord breached a law firm involved in litigation related to the September 11 attacks, compromising insurers and legal entities including Silverstein Properties. The attackers claimed possession of approximately 18,000 documents, threatening to release decrypted files in stages unless a Bitcoin ransom was paid, while also offering to withhold specific documents for additional payments. Stolen data reportedly included communications and policyholder information from insurers, though the law firm's systems were isolated from the insurers' infrastructure. The group leveraged media attention and dark web forums to amplify extortion efforts, citing potential liability exposure for victims. Affected insurers acknowledged the breach and notified policyholders while cooperating with law enforcement investigations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 31, 2018, the hacker group The Dark Overlord publicly announced it had breached a U.S. law firm handling litigation related to the September 11 attacks, specifically naming Silverstein Properties alongside insurers Hiscox Syndicates Ltd and Lloyds of London as affected entities. The group published an extortion notice on Pastebin, threatening to release approximately 18,000 internal documents unless victims paid an undisclosed ransom in Bitcoin. The announcement emphasized the insurers' role in underwriting policies for structures like the World Trade Center and claimed the stolen data would reveal information about "9.11 conspiracies." The Dark Overlord distributed a 10GB encrypted archive of allegedly stolen files and stated it would progressively release decryption keys to unlock portions of the data if payment demands were unmet. The group also advertised the data for sale on dark web forums and offered individuals mentioned in the documents—including law firms, politicians, and agencies—the option to pay separately to suppress their information from public release.
Hiscox Group confirmed the breach impacted a law firm that advised them on 9/11-related litigation but clarified that its own IT systems remained uncompromised. The stolen data involved approximately 1,500 U.S. commercial insurance policyholders, and Hiscox notified affected parties while collaborating with U.K. and U.S. law enforcement. The hackers leaked a limited set of emails, letters, and documents referencing entities like the TSA and FAA, though these initial releases appeared largely routine. The Dark Overlord’s tactics marked an escalation in its extortion strategy, combining media pressure through Vice Motherboard outreach with layered data dumps and individualized blackmail attempts. Lloyds of London did not publicly respond to the incident, while the FAA acknowledged investigating the breach. No confirmation was provided regarding Silverstein Properties’ specific involvement or response beyond its inclusion in the hackers’ announcement.