Twitter suspends account selling stolen 9/11 docs

January 2, 2019

Twitter on Wednesday suspended an account, @tdo_h4ck3rs, that recently began selling access to stolen legal documents involving the Sept. 11 terrorist attacks.

Created last month, the account disappeared two days after it began peddling files belonging to Hiscox Syndicates Ltd., a Bermuda-based insurance provider that has handled litigation relating to the attacks.

“The online posts relate to an incident we reported in April 2018 when we were made aware that a US law firm that advised Hiscox, some of our commercial policyholders and other insurers, had experienced a data breach in which information was stolen,” Hiscox said in a statement.

“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident,” said the statement. “One of the cases the law firm handled for Hiscox and other insurers related to subrogation litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach.”

Twitter did not immediately return a message seeking comment.

Prior to being suspended, the person or persons operating the Twitter account offered to sell copies of the stolen documents in exchange for bitcoin, a digital cryptocurrency.

“We’re not motivated by any political thoughts. We’re not hacktivists. We’re motivated only by our pursuit of internet money,” said a statement shared by the Twitter account.

“If you’re one of the dozens of solicitor firms who was involved in the litigation, a politician who was involved in the case, a law enforcement agency who was involved in the investigations, a property management firm, an investment bank, a client of a client, a reference of a reference, a global insurer, or whoever else, you’re welcome to contact our email below and make a request to formally have your documents and materials withdrawn from any eventual public release of the materials,” the statement said. “However, you’ll be paying us.”

Tweets and links shared by the Twitter account claimed the data was sourced and being sold by The Dark Overlord, a hacker group previously credited with breaching victims including a Hollywood post-production studio and adhesive company Gorilla Glue, among others.

Serbian police said in May that an alleged member of The Dark Overlord was arrested with the help of the FBI. The FBI previously declined to comment.

Update hourly