The FBI is investigating the theft of 18,000 insurance and legal documents relating to the September 11th attacks on the World Trade Centre by a hacker with a long record of holding companies to ransom, according to two people familiar with the matter.

Posting under the name “The Dark Overlord”, the hacker or hackers claimed on New Year’s Eve that they had taken emails and non-disclosure agreements relating to the 9/11 attacks that were sent and received by groups including insurers Hiscox and Lloyd’s of London and the law firm Blackwell Sanders Peper Martin, now called Husch Blackwell.

The Dark Overlord said it would sell the documents for bitcoin, inviting Isis, al-Qaeda and nation states to bid for them online.

The FBI and other law-enforcement agencies are now investigating the hack, according to people aware of the discussions that officials have had with the companies.



Hiscox said it became aware last April that systems used by one of its legal advisers had been hacked.

“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident,” a spokesperson said.

“One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach.”

The spokesperson added: “We will continue to work with law enforcement in both the UK and US on this matter.”

Both Hiscox and Lloyd’s have expanded heavily into cyber insurance in recent years, selling protection against the costs of dealing with cyber attacks.

Husch Blackwell said it had not been hacked: “Several documents bearing the letterhead of a predecessor law firm to Husch Blackwell were made public earlier this week by a cyber terrorist group,” the company said in a statement.

“After a thorough review Husch Blackwell can confirm that no documents were obtained from Husch Blackwell and that there was no unauthorised access to Husch Blackwell systems, client files, documents or data.”

A Lloyd’s spokesperson said it had no evidence its systems had been compromised. “Lloyd’s will continue to monitor the situation closely, including working with managing agents targeted by the hacker group.”

A spokesperson for Silverstein said the company was investigating the claims.

“We are aware of claims of alleged security breaches at firms involved in the five-year insurance litigation following the attacks of 9/11.

“To date, we have found no evidence to support a security breach at our company. We have spent the last 17 years fulfilling our obligation to deliver a magnificent and fully rebuilt World Trade Center. We will not be distracted by 9/11 conspiracy theories.”

On Wednesday, images of some of the documents began to circulate on the internet after the group released decryption keys. The images appeared to show communications relating to the World Trade Centre.

– Copyright The Financial Times Limited 2019