Hacker Group Uses Steemit to Post Decryption Keys for 9/11 Insurance Files

On December 31, 2018, Motherboard broke the news that a hacker group known as The Dark Overlord had obtained a cache of files from a law firm handling cases related to the 9/11 attacks, and was offering to release them when a sufficient amount of bitcoin was sent to a given address.

On Wednesday of this week, Twitter suspended the account linked to the hacking group, and Reddit did the same shortly after. The Twitter suspension came as the result of a new policy banning accounts that distribute hacked materials, claim responsibility for a hack, make hacking threats, or issue incentives to hack specific people, implemented on October 1, 2018 ahead of the US midterm elections.

As a result, the Dark Overlord group has moved to blockchain-based social media platform Steemit, where the @thedarkoverlord account has been uploading posts since Wednesday.

Steemit account @thedarkoverlord

The hacking group initially threatened to release 10 GB of data unless a ransom was paid, RT reports. The group later changed strategy and began to solicit donations from the public to release the data, capitalizing on continued interest in 9/11 conspiracies from the “Truther” movement.

A Steemit post from the group explains that the leaks have been categorized into “layers,” with a tiered payment scheme leading up to a full release of all documents for $2 million in bitcoin.

“Continue to keep the bitcoins flowing, and we’ll continue to keep the truth flowing. Remember, Cyber-Cash for Cyber-Cache,” @thedarkoverlord wrote in a post that included decryption keys for one layer of leaked documents. An archive of the documents had previously been distributed in encrypted form via torrent.

According to Motherboard, the documents come from a legal firm that advised specialist insurance company Hiscox Group. The documents allegedly include presentation slide decks, legal correspondence between law firms, and letters from a handful of government agencies, and possibly more.

It is not clear whether Steemit will continue to allow the group to use the platform to communicate with the public. The nature of the platform means that posts cannot be deleted once permanently written into the Steemit blockchain, although there is a seven day period in which the post can be edited according to the FAQ.

Since @thedarkoverlord’s posts are currently less than a week old, they could in theory be changed. Even after the one week period, the website Steemit.com—which acts as a frontend for the Steem blockchain—could also be configured to hide all posts made by the group. However, if this were to happen, the posts would still be a part of the Steem blockchain, which can be viewed through a block explorer.

An email request for comment sent to Steemit’s main contact address had not received a response at time of press.