Cybersecurity at the centre – competing globally with different rules

 

Originally published on Legal Insights Europe.

By Joseph Raczynski

The topic of global cybersecurity will challenge each one of us. It is an unstable concoction of cultural norms and legal property rights patiently awaiting attention before it bursts. The overarching question is ‘how can legal organizations and overall society manage rising threats to the integrity of intellectual property (IP) whilst retaining and using information’? Add in the complexity that the global landscape is comprised of open societies, with freedoms and individuality, and close societies, of collectivism and oppression. The fundamentals of open society and IP rights—contrasted with closed societies and their misuse of IP through cyber threats will soon force change.

The Situation

The Council on Foreign Relations has been focusing recent seminars on emerging technology and cybersecurity as it relates to China and Russia. The thematic quintessence from the highest former administrators in the U.S. Intelligence Community is that the UK, Europe, and U.S. are under constant IP attack. They cited countless examples of nation states sending students and other professionals to the UK and U.S. with the sole intention of pilfering IP. Purportedly in one example, students at some of the best scientific universities are forced into this criminal role by their government. Their family, at home, is threatened if information from the student is not collected and given to the state. The majority of students have honest intentions in their travels—advancement of their own education and to enjoy the cultural exchange, but increasingly the U.S. Intelligence Community is alarmed at what they are finding. Commercial cyber espionage.

The cultural philosophies are starkly different, from one state to the next. The society of one state is open and the other closed. For example, pushing for individual’s governance of their own personal information manifested through General Data Protection Regulation—as with the European Union, while the other state created a ‘social credit’ score by ranking citizens based on their behaviour from data gathered by millions of facial recognition eyes in the sky. Both governments strive for rapid development in artificial intelligence, quantum computing, blockchain, and biotechnology. Governments develop these specialty areas in different ways. Eric Schmidt, former Google CEO, once said, “there will be two internets, one for China and one for the rest of the world”. The washing of information about the 1989 Tiananmen Square protests from every Chinese online forum and publication is cited as an example of the ‘other internet’. As a result, most teenagers in China have never heard of the protests which turned into a massacre.

Law firms as a collective serve as the largest holder of IP. As such, they are a top target for cyber espionage. The overarching laws are clear in the UK, and most often people abide by them. When there is conflict, legal process takes place and ultimately decisions are made, resulting in a final adjudication. What if no one paid attention to the decision? What if people did whatever they wanted, even though the IP for Flake candy bar is registered, China could copy it and sell it where ever they wished? This is the situation with the closed societies, and typically cybersecurity breeches are the means to an end for nation states looking to bolster their own companies.

The Dilemma

According to the U.S. Intelligence Community, the challenge is that closed societies are breaking into law firms and corporations, stealing IP and using it to build their own companies. The speed of these new companies built on the backs of stolen IP is phenomenal and will be much more difficult for those UK organizations to compete against.

Certainly, corporate espionage has been around since before cobblers competed in shoe-making. The difference is that open societies, by their nature, are now threatened by IP exploitation in the UK and US. Going forward and beyond sanctions, as the super powers of the world grow in strength and play by a different set of rules, law firms and corporations will likely need to map new ways how they protect their information and IP. The UK, U.S., and Europe will need to figure out how a society that plays by a clear set of rules competes against a society that can hack any law firm and use that information to illegally profit.

How prepared are law firms to face cyber security threats?

By Joseph Raczynski

The hacking of Panamanian law firm Mossack Fonseca last April resulted in 11.5 million leaked attorney-client privileged documents, exposing the widespread use of off-shore businesses by wealthy individuals and corporations around the world and highlighting the imperative need for proactive measures against corruption and other illicit financial activity.

But what it also revealed was just how vulnerable law firms can be to hackers and other cyber criminals.

Daniel GarrieDaniel Garrie is an arbitrator, forensic neutral and technical special master at JAMS, available in Los Angeles, New York and Seattle. He is executive managing partner of Law & Forensics LLC and head of the computer forensics and cybersecurity practice groups, with locations in the United States, India and Brazil. He is also a Partner at Zeichner Ellman & Krause LLP, where he heads their global cyber security practice, and an adjunct professor at Cardozo School of Law.

I recently spoke to Daniel Garrie, Global Head of eDiscovery, Forensics, and Cybersecurity Practices for Law & Forensics LLC, to get his insight into some of the cyber security issues facing law firms today:

Q. Daniel, why do hackers and other cyber criminals target law firms?

First, for information. All kinds of potentially valuable information: M&A information, IP information, real estate information, divorce information; information that can make people money or give them leverage. If you think about the law firms that just do mortgages, for example; getting a fully detailed mortgage package with social security numbers, bank account numbers, wiring information — that’s a pretty interesting piece of information.

Second, because in many cases, the law firm is the weakest link. Take the case of an M&A deal, for example. Why invest money and resources to hack the companies — which are more likely to have robust cyber security frameworks — when you can just hack the law firm, where cyber security resources are fewer and far more fragile?

Q. So law firms are not prepared to deal with these threats?

No, but not because they don’t want to be, but because of how law firms work as a partner profit-sharing entity. There has to be a reason to invest in measures to prevent them.

Q. And what are those reasons?

The consequences of unprotected and disclosed client data are two-fold. Not only do a law firm’s clients face potential reputational, financial, and legal risks when their private information is accessed and potentially distributed, the firm itself faces those same risks.

All law firms are competing for business and firms that don’t protect against cyber security threats run the risk of losing a substantial amount of business. Law firms are becoming acutely more aware of the fact that if they’re hacked, chances are, they’re no longer going to be a law firm.

Q. So what steps can law firms take to get prepared to deal with these threats?

First, focus on cyber hygiene. Do whatever it takes to put the right preventative measures in place in place:encryption, “least access necessary” policies, training and education for staff, etc. Second, find trusted partners.Do business only with those whom you can trust because if they are labeled as “hacked,” it could devastate your business, too.

Original post in AnswersOn

From Russia (and Asia) with Love: Cyber Warfare and the growth of State-Sponsored Hacking

By Joseph Raczynski

The 5th Annual Law Firm CFO/CIO/COO Forum

The scope of the threats to law firm data is global.  In this panel discussion at the Data Privacy, Security & the Globalized Law Firm CFO/CIO/COO Forum, a country by country breakdown of dangers were discussed while the audience absorbed the magnitude of the panels concern.

Eben Kaplan, Senior Consultant, Control Risks; Josh Goldfarb, CTO, FireEye; Jay Healey, Senior Research Scholar Columbia University; Robert Knake, Senior Fellow for Cyber Privacy, Council on Foreign Relations; Daniel Sutherland, Associate General Counsel, Homeland Security demonstrated that each entity had various motives and techniques for cyber-attacks.

Who, Why, and How?

Who: China – They have a defined plan with tactics and procedures.

  • Why: They are primarily seeking intellectual property with a new focus on firms that retain such information, especially those with newer IP clients (Target: Silicon Valley – DC based firms)
  • How: They focus on social engineering
    • Text messages, Spear fishing
    • Looking for the weakest link at the firm – someone who will click a link
    • Watering hole attack – In this tactic, China compromises a trusted third party site so the primary target would not suspect it and then in turn it becomes infected. Example: A famous Think Tank’s website is compromised – Big Law firm goes to the site and gets infected… the target was the Big Law firm and they got infected indirectly.

Who: Russia – They are one of the most experienced countries at hacking.

  • Why: Money, but increasingly they are focused on IP, so law firms should be aware of this.
    • They are quieter and more careful than China
  • How: They are using more BotNets, worms and malware than China

One interesting concern expressed on the panel is that Russia is very worrisome for the United States at the moment.  The rule of thumb was that countries which could hurt the US years ago did not because they did not have a desire to do so.  On the other side, those who wished to do harm did not have the bandwidth.  This has changed.  Putin is leading Russia down the road of an attack on the US, and they have the skills and bandwidth to do significant harm.

Who: North Korea – They are still new in this arena but improving quickly.

  • Why: Political
  • How: Uniquely North Korea is buying its capability to attack from the Dark Web, or hackers for hire. They used black hat hackers to launch the Sony attack and it was very successful.
    • They are brazen in their approach but until recently have not been as interested in law firms.

Who: Iran – They too are improving quickly

  • Why: Political
  • How: They have started leveraging worms that were used on them by other countries like Israel.

The Saudi Aramco Wiper Worm was a virus/worm supposedly created by Israel and launched on the Saudi company’s network.  It reportedly wiped clean 75% of the world’s most profitable company’s computers and left only an image of a burning American Flag.  Iran may have adapted the worm from something that had been launched on them years before by Israel.

The thrust of the panel discussion were that the threats to law firms are far and wide.  While some nation states have not traditionally sought out law firms, there is keen interest in IP and M&A information.  In closing Josh Goldfarb, CTO, FireEye mentioned some startling statistics.  While they were installing hardware on their customer networks, many of which were law firms, they found of 1,216 customers tested that 97% of them were compromised.  Even more fascinating was that 25% of those compromised networks were by other nation states.  This underscored the importance of understanding who is knocking at your firewall and what they are seeking.

 

 

Potential Fraud: Who’s Web Watching You?  Answers you can finally see!

By Joseph Raczynski

Who really knows you?  Is it your friends, the government, or could it be the companies on the web that have the best sights?  Well, do not be astonished if it is the latter.  Online companies may be better acquainted with you than your family.  Fortunately, you can actively in an intuitive visual manner see which sites are tracking you, who is sharing your information and most importantly, how to stop it.

Since the beginning of the Web, advertisers have been authoring hidden code on webpages to get to know you.  It is not just legitimate business that use trackers, fraudulent websites are also guilty of these practices.  They have imbedded items like web bugs, cookies, web beacons, and tracking bugs to develop profiles based on your browsing history.  That information allows them to precisely market and advertise to you.  Until last week, there was not a useful way of conceptualizing which sites were sharing and with whom.

Recently at TED, which is a community of technology innovation leadership talks, Gary Kovacs the CEO of Mozilla Corporation, developers of the browser FireFox, spoke about web tracking.  He announced a plugin for FireFox that allows users to see who is watching and sharing information.

Collusion is an experimental add-on for Firefox and allows you to see all the third parties that are tracking your movements across the Web.  It will show, in real time, how that data creates a spider-web of interaction between companies and other trackers”, states Mozilla.

I attempted to see how this works.  After downloading the plugin, I went to CNN.com.  Each little circle on the graphic below represents a website.  The gray circle in the middle is CNN; the red dots surrounding are advertising sites that have placed cookies in your browser.  They are now tracking your behavior on CNN.com.  Hover your mouse over any circle on the application reveals enhanced information about them.

image1

Then I visited Washingtonpost.com and you can see what happens.  More cookies dropped onto my computer.  However, the biggest eye opener…

image2

You can see below that the advertising companies are now sharing your information from CNN to Washingtonpost.com and then when I went to Amazon, more sharing occurred.  The biggest player in this advertising market is DoubleClick, now owned by Google.

As you can visualize here, nearly every site gathers and tracks you.  This can be quite alarming when the cookies are represented graphically.

image3

What to do:

Since not all websites are safe, some even could be fraudulent; look into a plugin that block these trackers.  Install TrackerBlock, which works for both Firefox and Internet Explorer.  Collusion is the tool that allows you to see who is tracking you and delete them.