The first thing we do, is hack all the lawyers

By | February 03, 2012

Posted in:

It was 1994 and I was presenting at a conference on security and privacy on that new fangled Internet thing.  As founder of an ISP (Rust.net) in the Midwest, I did a lot of such events.  One of the other speakers was an attorney from the US Justice Department. He fielded a question from the audience regarding email security. His response was reasonable for the day: “ If it was easy to read someone’s email, we would all be reading Marcia Clark’s email today.”

He was referring, of course, to the 40-year-old deputy district attorney who led the prosecution in the O.J, Simpson trial. As the hottest topic of the day, the implication was that there were lots of people that would love to know her strategy and any inside dirt.  His syllogism was apt. For the day.

Today, that has changed. Lawyers are an insecure conduit to their clients’ business. Smaller firms have little or no security staff. IT infrastructure is limited to an Exchange server and a website and perhaps internal print and file sharing. While their clients might have best-of-breed security,  the law firm is viewed as an easy way to get at the ultimate target.

Now we have Friday’s news that hackers had breached and leaked the 2.6 gigabytes of email from the firm of Puckett Faraj, which provided the defense for the Marine accused of leading a massacre of civilians in Iraq. To literally add insult to injury, they also defaced the firm’s website. As of this writing, the site is down and the hosting provider’s default server page is visible.  According to Gawker, the defaced site said:

"As part of our ongoing efforts to expose the corruption of the court systems and the brutality of U.S. imperialism, we want to bring attention to USMC SSgt., who along with his squad murdered dozens of unarmed civilians during the Iraqi Occupation. Can you believe this scumbag had his charges reduced to involuntary manslaughter and got away with only a pay cut?"

Attacking third parties to get at a target is not new of course. Attackers exploit trust relationships to gain entry.

Security investigators at Toronto-based Digital Wyzdom uncovered a wide spread attack against multiple law firms involved in the mega deal acquisition of Potash Corp. of Saskatchewan by Australian firm BHP Billiton. The deal was worth $40 billion, and the researchers attribute the attacks to China, which wanted to derail the deal.  According to Bloomberg, the attackers hit seven different law firms as well as Canada’s Finance Ministry and Treasury Board.

Joel Brenner, former national counter intelligence executive in the office of the Director of National Intelligence (DNI), and author of America the Vulnerable observes:

“U.S. law firms have been penetrated both here and abroad. Firms with offices in China and Russia are particularly vulnerable, because the foreign security services are likely to own the people who handle the firms’ physical and electronic security. These services are not interested in stealing brilliant legal briefs; they want information about the firm’s clients. Every law firm with offices on several continents holds privileged and sensitive electronic documents worth millions of dollars to a foreign service, ranging from investment plans to negotiations and business strategies, and much more.”

If you share critical information with your attorney, it time to review their law firm security practices.  If you are part of a law firm get used to the idea that your IT costs are going to go up.

You May Also Be Interested In: