The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/50841
in its computer security or firewall. "It's usually very hard to discover the iden- tity of the hackers," says Bennett. The web site serving all of Ontario courts was hacked on the afternoon of April 25. A ministry spokesman said the offending page was removed later that evening and the site was down only for a short period. An investigation into what happened followed shortly and showed that the hackers hadn't got far. "I can advise you that as a result of the hacking incident on the Ontario courts' web site, the hosting service and courts' technical staff conducted an investigation. Only the 'splash page' showing the crests of all three courts was altered," Susan Kyle, executive legal officer for the Ontario Court of Justice, told Canadian Lawyer. "Access was likely gained through an unrelated web site hosted by the same service provider. The courts took immediate steps to improve security and monitoring controls for the web site." There was no mention of who was responsible for the hack, so the investi- gation might not have revealed it. A company or law firm can be par- ticularly vulnerable to computer hack- ing when there is a merger or acquisi- tion or other business-related deal that has not been finalized. "I think with any pending transaction that hasn't closed and is being negotiated, there is an increased risk of having informa- tion that is confidential and of value to other parties or competitors obtained" through a hacking attack, says Bennett. There are additional vulnerabilities for law firms and their clients regarding international transactions, he notes. "That's just the international nature of transactions that involve other coun- tries and it could certainly increase the risk for law firms of being hacked." Organizations must ensure they have very strict protocols for employees about opening attachments, a frequent method for hackers to unleash spyware into a computer system, he says. Most importantly, any law firm or company can retain a so-called "ethical hacker" to test its computer system to see if it can be breached. "These can be very good as you just set them loose on your computers to test just how far someone can go to access your information." While the target of the spring hack on a Toronto law firm remains a mys- tery to all but the firm and the Internet security team that worked on the prob- lem, in many of the instances in which law firms have been cyber-attacked, firms have been facilitating an inter- national merger and acquisition for a client. The perpetrators will hack the law firm's computer system in order to get information that could benefit a competitor or to purchase shares on a stock exchange to make a significant amount of money. John Dozier, founder of Dozier Internet Law PC in Glen Allen, Va., says his firm's web site was hacked into recently, targeted by hackers from Europe based on a freedom of speech issue based on the firm's track record of representing clients in hacking issues, defamation, and infringement of trade- marks and copyright. "We fell under attack regarding the First Amendment free speech rights and the hackers, from Europe, gained access to our web site and put up some child pornography," he says. The motivation was based on a court challenge wherein the U.S. Supreme Court asserted that the fed- eral Communications Decency Act is an unconstitutional restriction for web sites, which has been a controversial issue for many years in the U.S. Dozier surmises that the hackers who hit his law firm's site were vindictive that the U.S. has affirmed the right of free speech. "I'm sure they were trying to make a point because they don't have the full extent of our freedoms." He acknowledges that law firms, in particular, must take extraordinary measures to stave off hackers as it could have significant legal ramifications for both the firm and its clients. "There are some incredibly sophisticated hackers out there so the law firm must determine what information they want to post on their web site and how it could relate to any international cases that they have www.CANADIAN Lawyermag.com SEPTEMBER 2011 35 " Hackers are often looking for information that would be of commercial value to them and they usually target the law fi rm's server to be able to search for what they want. Mark Hayes, Hayes eLaw LLP "