The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/752781
20 N O V E M B E R / D E C E M B E R 2 0 1 6 w w w . C A N A D I A N L a w y e r m a g . c o m o your firm is secure you say. Are you certain? Law firms have been identified by hackers as a great source of information that might be more difficult to access elsewhere. Lawyers keep sensitive client infor- mation that can be of value to not just criminals but to other nations as well. Earlier this year, underground Russian website DarkMoney.cc offered to sell phishing services identifying law firms as potential targets. Then the FBI's cyber division warned that law firms have become specific targets for financially motivated hackers seeking sensitive information as a form of insider trading. Using the weapons of the 21st century, these unseen criminals might be searching for clients' plans to expand into new markets, potential overseas acquisitions, sensitive customer intellectual property and information related to their work on human rights campaigns. "It's all about the data. Law firms have sensitive infor- mation about their customers and their clients and there are people out there after that data," says Scott Algeier, executive director of the U.S. Information Technology – Information Sharing and Analysis Center. Penetration of the Mossack Fonseca law firm earlier this year, resulting in the worldwide release of what has become known as the Panama Papers, has had an unprecedented impact upon its vast client list. The revelation, which involved records on 11.5 million offshore holdings and led to the resignation of the prime minister of Iceland, put scrutiny on several world leaders and more recently resulted in Denmark announcing it will buy some of the leaked data in hopes of getting information on 600 people who might have evaded tax in Denmark. And now the future of the firm itself is in doubt as it is subject to police raids, and many of the firm's offices worldwide have been shuttered. During the 2011 takeover bid of Potash Corp. of Saskatchewan, hackers using computers in China launched an attack on Canadian government computers and reportedly also cracked the systems of several Bay Street law firms to gain information on the $38-billion takeover, which ultimately failed. Daniel Tobok, whose firm was hired by some of those law firms, describes it as a sophisticated attack using a type of malware not seen before. "This is a global phenomenon, not a Canadian phenomenon. When you breach a corporation, you breach X amount of informa- tion. When you breach a law firm . . . you have access to thousands and thousands of other corporations," says Tobok, CEO of Cytelli- gence, formerly of Digital Wyzdom. "That's why it's extremely attractive to attack law firms and accounting firms. Because they harbour lots of information about other companies." Of the 20 investigations his firm conducts monthly, Tobok fig- ures about 10 per cent of them are law firms. But often, say those who work in the field, the firms have no knowledge that they've been accessed. Recent revelations that Yahoo's email system had been hacked took two years for the com- pany to realize it had occurred. The hack had been reported by L AW O F F I C E M A N A G E M E N T By Marg. Bruineman BLAIR KELLY Cybersecurity Law fi rms are a key target for hackers, say tech experts S