Law firms are increasingly the targets of cyber attacks. Don’t be mislead into thinking that hacking is a problem for just the large law firms; small firms and solo attorneys are also at constant risk of hacking invasions and according to a recent report, a shocking 40% of law firms have been hacked and they didn't even know it. Since all attorneys and their firms are privy to some of their clients’ most sensitive data, and this data must be stored somewhere, the appeal to hackers is quite clear.
From the Panama Papers to DLA Piper, 2017 was the year of law firm related cyber crime and it appears that the trend won't slow down in 2018.
Jordan McQuown, CIO leading law firm cyber security firm LogicForce provided insights into what we can expect to see in the year ahead. “These attacks have proven to have a low cost to execute and return a quick high dollar payout. The biggest threat that concerns me in 2018 is an attack that alters the integrity of data maintained by law firms. This isn’t something seen often in today’s threats unless you look at highly sophisticated attacks that target control systems much like stuxnet was created for. The reason this concerns me is most organizations are not adequately staffed, trained, and would be unable to detect these alterations. The other threat I think we’ll see an increase in is blackmail techniques. Much like ransomware that locks data until a fee is paid, blackmail would exfiltrate data and require a ransom be paid in order to prevent the data from being exposed via methods like journalism or generally posting leaked data on the internet.”
As the trend toward cloud-based data storage continues, the threat of devastating cyber attacks is increasing. Even where firms have the resources for in-house data storage systems, finessed hackers find ways around firewalls, passwords, and encryption of all types. Protecting firm and client data should be a top priority for firms of all sizes. If you need more convincing, read this list of the top ten law firm cyber-attacks.
1. DLA Piper
When a global law firm which touts its expertise on cybersecurity finds itself the victim of a successful large-scale cyber attack, the legal and technology industries take notice. The June 2017 cyber attack that hit DLA Piper also attacked several major companies. The attack on DLA Piper perpetrated by ransomware Petya left the firm and its employees without phones and email for three full days, and without access to old emails for significantly longer.
Panama-based law firm and corporate services provider Mossack Fonseca found itself the subject of international scrutiny when more than 11.5 million firm documents were leaked to the public in 2015 by an anonymous source. The incident is often referred to as the “Panama Papers.” The documents revealed detailed financial data and other attorney-client privileged information, including Mossack Fonseca’s creation of shell companies used for illegal purposes. Some of the companies were used to perpetrate fraud and tax evasion, and to evade international sanctions. Many wealthy individuals and public officials were implicated by the Panama Papers.
More recently, in October 2017, another major offshore law firm admitted to a hacking breach. Appleby, located in Bermuda, experienced the breach in 2016 but only came clean after journalists from the International Consortium of Investigative Journalists saw leaked information and began to question the firm. Appleby denied allegations of assisting its clients in evading taxes.
In spring of 2016, the Wall Street Journal reported that a cyber attack had successfully hacked into the files of some of the most notable law firms in the U.S. as part of an attempt at an insider-trading scheme. The Manhattan U.S. Attorney’s Office issued a press release regarding the attack, but did not name which firms were involved. However, the media used details in the release to speculate convincingly that two of the firms involved were Cravath, Swaine & Moore and Weil Gotshal & Manges. Those responsible for the hacks reportedly used the information gathered from up to 48 law firms to gain more than $4 million through illegal insider trading based on confidential information on upcoming company mergers.
In February 2014, reports emerged from technology consulting firm Booz Allen Hamilton that Thirty Nine Essex Street, a London-based law firm, was the victim of a cyber attack. The most likely culprit of the attack is Energetic Bear, a suspected Russian state-sponsored hacker group. Energetic Bear has also been linked to utility company hacks in the United States and Europe.
6. Toronto Trust Account Hack
In 2012, a phishing scam circulated that ended up costing a Toronto-area law firm six figures over the December holidays. A virus gave hackers backdoor access to the firm bookkeeper’s computer, then recorded bank account passwords as she typed them in. This gave the hackers full access to the firm’s trust account, which was used to wire funds to foreign countries after deposits were made. The virus is thought to have gotten onto her computer through something as innocuous as an email attachment or free screensaver.
7. Wiley Rein
Also in 2012, Wiley Rein, one of the largest law firms in the Washington, D.C.-area, was hacked. The perpetrators in this attack are thought to be Chinese nationals of a state-sponsored hacking group. Media sources said at the time that the hackers wanted information relating to SolarWorld, a German-headquartered solar panel manufacturer.
8. China’s Fishing Expedition
In 2014 and 2015, a series of data breaches struck law firms across the U.S. According to news media, the hacks were reportedly carried out by people with ties to the Chinese government. Hackers gained entry to partners’ email accounts and started to relay emails from those partners’ inboxes to their own outside servers. In at least one case, the attacks took place undetected for over 90 days starting in March 2015. The breach at just that one firm likely affected tens or hundreds of thousands of emails.
9. Worldwide Oleras Attack Attempt
In February 2016, forty-six U.S. law firms and two in the U.K. were put on notice that Ukraine-based hacker Oleras, who is thought to be a Russian national, was advertising phishing services on a Russian website. It’s believed that this precipitated the attack one month later that breached many U.S. law firms and put others into a state of high alert.
10. WordPress Hack
In early 2017, the popular website-building site WordPress experienced a hack that affected many U.S.-based law firm websites. The flaw that lead to vulnerability to hackers was identified as an add-on released in late 2016 that allowed cyber attackers to use simple HTTP requests to bypass WordPress authentication systems and edit the titles and contents of WordPress pages – including those of many law firms. Embarrassingly, firms saw their pages defaced with offensive messages and often had months or years of content deleted.