Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Attempt to Sell Stolen 9/11 Documents

A group of hackers is claiming to be offering for sale a large number of confidential documents related to the September 11 terrorist attacks. 

A group of hackers is claiming to be offering for sale a large number of confidential documents related to the September 11 terrorist attacks. 

The hacking group, which is known as The Dark Overlord, says they stole the documents from a law firm in the United States. Among the “hundreds of thousands of documents” that were exfiltrated, tens of thousands were related to the terrorist attack that killed nearly 3,000 innocent people 17 years ago.

The documents, they claim, belong to British insurance company Hiscox, and the firm has already confirmed that documents containing information on various insurance cases related to the September 11 events were stolen in a cyber-security incident not related to its IT infrastructure. 

The firm initially acknowledged the incident in an April 2018 announcement, when it said that the law firm’s compromised server “may have included information relating to up to 1,500 of Hiscox’s US-based commercial insurance policyholders.”

In a statement released on December 31, 2018, the insurance company confirmed once again that the stolen documents were related to the events of 9/11, but also noted that Hiscox’s own systems were unaffected by this incident. 

“One of the cases the law firm handled for Hiscox and other insurers related to subrogation litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach,” Hiscox said. 

In a post on Pastebin, the hacking group says that, although the impacted law firm paid to ensure the documents are not released to the public, it has decided to put the stolen documents up for sale after learning that the firm contacted law enforcement, although it initially agreed not to do so. 

“This release of 911 Litigation Documents is highly exclusive and only available from thedarkoverlord! For a limited time only, we’re leaking the first few documents as proof of our trove on the famous dark web hacker forum ‘KickAss’,” the hackers say. 

The entire set of files supposedly contains over 18,000 documents, including .doc, .pdf, .ppt, .xls, .tif, .msg, and “many other interesting formats.” The hacking group is offering the documents to any interested parties, including terrorist organizations. 

“What we’ll be releasing is the truth. The truth about one of the most recognisable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers,” the group claims. 

The hackers also note that, in the event they decide to release the stolen documents publicly, they would still retain the “most highly confidential and sensitive documents for private sale.”

The group also published screenshots of some of the stolen documents, as proof of what they possess. They also note that any impacted firm, individual, or governmental agency can contact them to have any of their documents and materials withdrawn from the public release, but only if they pay first. 

“We’re not motivated by any political thoughts. We’re not hacktivists. We’re motivated only by our pursuit of internet money (Bitcoin),” the hackers conclude. 

Related: Serbia Arrests FBI-sought Cybercrime Suspect

Related: Crowdfunding for Acquiring Shadow Brokers Exploits Canceled

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.