Have you wondered what is going on these days on the Web with cybersecurity for Law Firms? This is a deep dive and more information on how a hacker goes after IoT devices from the Generate Conference in London.
By Joseph Raczynski
The importance of law firms understanding the dark web
Your very sensitive private client data could be available for all to see on the Internet right now. Technically this data would be on the Dark Net or Dark Web. It is the portion of the World Wide Web that is hidden or inaccessible from normal browsers. As corporations and law firms grapple with larger and more profound attacks, I think it is important to be aware of how individuals access it and what occurs there to better safeguard your firm from what is happening now. At the cybersecurity LegalSEC Summit last week in Baltimore, Kevin Lancaster CEO of Winvale, Todd Nielson, President at Secuvant Cyber Security, and Will Nuland, Sr. Security Researcher at Dell SecureWorks, spoke about the nuances around the Dark Net.
The Dark Web, born from a United States government program had positive intent from the onset. It created a cyberspace where people in disaffected regions could anonymously visit and share ideas freely. North Koreans and Iranians use this to congregate and postulate new ways to live. They could then visit this space in the ether and share ideas freely without the fear that they would be persecuted for espousing ideas incongruous with their government point of view.
How to get there:
The following is not advised, but is here as an awareness of how people access the Dark Web.
Mozilla Firefox has a plugin (Tor Project), a simple free application run by a nonprofit organization which turns your normal browser into a Tor Onion enabled browser. What that means is that the plugin creates a tunneled Internet to a minimum of 100 other locations around the world. You are essentially establishing a proxy connection to other computers who are running the same Tor software. This establishes a very strong sense of anonymity and security that no one knows who you are or where you live (IP address). If I live in Washington, DC after running the plugin I may show up as living in Prague, but first being routed through 99 other cities.
Once the application is launched you would need to find an index page, like the Hidden Wiki, which gives users a general launching off point for perusing the Dark Web websites. It is not a pure search and find environment like Google, though some sites are indexed. Sites are not set up with URL structure like we have on the Open Web, http://www.thomsonreuters.com. In fact they appear to be hashed with letters and numbers in a random pattern. They also end in an .onion compared to the normal .com that we tend to see. So an example address might be: ijfije856ya5lo.onion.
Unfortunately, once a user passes into this realm, there is a minefield awaiting. The Wiki page starts with the benign and dives headlong into the frightening and disturbing. You can buy $10,000 of fake US dollars for the equivalent of $5,000 in Bitcoin, the currency of choice. The cryptocurrency Bitcoin is also generally considered anonymous. Other possibilities include, hiring a hacker, buying prescription drugs, and buying illegal drugs, and acquiring arms or if you so desired, get involved in unregulated medical trials. On the darker side, you can even hire a hit man.
Law Firm Perspective on Dark Web:
The key important piece to this post is that law firms are now being brought into the dark side. Criminals are stealing IP information, M&A information and dropping off onto the Dark Web. Other groups are grabbing proprietary information or sensitive client information from law firm networks and saving it onto the Dark Net to either expose the firm, or to hold at ransom. Hackers for hire have been used to target corporations and law firms.
One of the subjects that was asked of the panel, how should firms handle the Dark Web? In my time consulting around this subject, I was curious about the response. The group was split. Some thought that companies should not use their own networks to access the environment, others stated that in a controlled access situation, they could monitor what is going on the Dark Web to protect their brand. In fact, it was stated that nearly two million people a day visit, but most are monitoring what is happening. Law firms and corporations should be looking for client names, login and passwords, email address of their respective company.
With the increase in cyber-attacks, all entities have to be aware of how the hackers operate. Understanding the Dark Web in the context of this is part of the due diligence for any corporation or law firm today. Fortunately a new wave of companies are surfacing which can monitor the Dark Net on behalf of your organization.
By Joseph Raczynski
For a seemingly innocuous 140 characters, Twitter continues to rouse evocative legal discourse.
The newest twist for Twitter consists of judges grappling with the question of what place, if any, Twitter has in the courtroom. According to a recent article in Time, the United States Supreme Court has yet to rule on Twitter’s use in the courtroom. The lower courts are divided about its role; some tolerate tweets by attorneys during criminal proceedings, while others forbid such activity altogether.
Helping to further spark the discussion, recently there was much hubbub about the comedian Steve Martin (@STEVEMARTINTOGO) who, while on jury duty, was tweeting about his experiences. He quipped multiple times, tweeting:
REPORT FROM JURY DUTY: Lunch break. Discussing case with news media gives me chance to promote my book.
REPORT FROM JURY DUDY [sic]: Defendant running for exit. Not to escape, but out of disgust. Judge wearing NOTHING under his robes. We are adjourned until tomorrow.
FINAL REPORT FROM JURY DUTY: Defendant sentenced to death. Feeling bad. Wait…call from REAL JURORS OF BEVERLY HILLS. WORTH IT!
Technology, like Twitter use in the courtroom, poses an interesting dilemma. It is a debate as aged as the legal system itself, which is directed at openness, fairness, and access to the justice system. How unrestricted do we want our legal system to be? What information is appropriate to be disclosed to the mass public? Looking at the Founding Fathers for guidance on the breadth of access to public information, perhaps we have a glimpse in to their intent. The hallowed Independence Hall in Philadelphia originally had been built on the belief that there must be open trials, and as such, no doors were placed on the courtroom. Therefore, is it not plausible to argue that the use of Twitter in courts is consistent with the free flow of information our forefathers had intended in our “open” court system?
What would the father of project management Henry Gantt say today? Having increased its scope to nearly every industry, from civil engineering to defense and software development; project management has rarely delivered at law firms, until now. The landscape and technology has transformed enough such that project management can and will thrive at law firms.
The practice is creeping, yet some scoff. While recently visiting a mega firm in Washington, DC they admitted to being in the midst of a five year plan to fully adopt and integrate project management within the organization. They say it is an iterative process, but they are very encouraged thus far. This direction is due to the demand by clients for alternative fee arrangements. Now their office is abuzz with terms like scope creep, Agile, and Gantt charts. This is intriguing because multiple conversations with third to seventh year associates at various large firms confirms one thing, we are still in the evolving phase of understanding. There is a temporary disconnect between some attorneys and what is just ahead. Nearly every associate balked at the idea that a project manager utilizing technology tools like Microsoft Project will be a part of their existence. However, that said, increasingly I see management paring out positions for project managers and instilling the processes. These two will align soon.
As a project manager for full life cycle development for many years and consulting to law firms in technology now, these processes making sense in medium and large law firms for the following reasons:
- With the increase in alternative fee arrangements, project management will allow for greater predictability of costs, revenue and in turn ROI. Compared to the last few years budgets and partner profits will be far more consistent and stable.
- Cases can be divvied into tasks, thus freeing attorneys to actually lawyer, other areas can be outsourced to the proper resources. Why have partners responsible for so much administrative work like hourly allotment?
- Technology allows metrics to be introduced which can be used to constantly better the process, e.g. matter management software, client tracking software, i.e. LookUp Precision, OneLog . Project management toolsets are currently being implemented at firms. Additionally model honing will increasingly better predictability. Firms will use technology to determine the profitability of a particular case, assisting them in deciding whether to take it.
The simple premise behind project management is that it is a temporary endeavor, having a defined beginning and end to meet objectives, usually to bring about beneficial change or added value. Now that the law landscape has evolved, project management has finally its place in the ever elusive law firm.