Hackers – Every Law Firm’s Worst Nightmare

In January 2018, cyber-security company RepKnight revealed more than more than 1.2 million email addresses from some of the UK’s top 500 law firms are sitting in file dumps on the Dark Web[1].  In a white paper detailing how the information landed in the dark web, RepKnight stated the infiltration occurred via breaches of third-party web services such as Dropbox and LinkedIn, not through any fault of the law firm itself.

In case you are wondering what the Dark Web is, let us explain.  The internet you can access via Google Chrome or Internet Explorer, or any other respectable browser is only a small part of what is out there in cyberspace.  The Dark Web, accessed through ‘Tor’ (free software that allows users to use the internet anonymously), is an encrypted network. The sites use Tor encryption tools to hide their identity.  Most sites are hidden for a reason; they involve illegal activity such as child pornography, the selling of drugs and weapons, and other highly disturbing content such as a highly detailed guide on ‘how to cook a woman’.

As you can imagine, many clients have expressed concern over the revelation, and are worried that their data has been breached.  And the reality is the information sitting in the Dark Web can easily be utilised to launch a damaging cyber-attack.  According to the white paper, “hackers can use scripts to attempt to validate the credentials posted online on other popular websites, which they can then use to impersonate users in phishing attacks. The worst-case scenario for most firms, however, is that these published credentials could allow malicious hackers to access employee accounts directly”.

Why are law firms vulnerable to cyber-attacks?

In June 2017, DLA Piper was hit by a major ransomware attack, similar to the one that crippled the NHS a month earlier, which knocked out its phone systems and computers.  The attack affected the law firm’s offices in the Middle East, America and Europe as well as its London base.

Law firms have long been seen as the weak link in cross-jurisdictional M&A deals.  In 2016, Russian cyber-criminals targeted 48 elite firms, including Hogan Lovells, Allen & Overy, and Freshfields, to steal information on mergers for insider trading[2].  Only one practice had its security breached, but no information was accessed.

However, the big breaches have resulted in international scandals. In 2016, Panama based law firm, Mossack Fonseca was attacked and 11.5 million documents containing client-solicitor and financial information were leaked.  As a result, private information concerning wealthy individuals, political leaders and offshore entities were made available to reporters, who discovered some shell companies were being used to evade tax and even international sanctions, as well as for other fraudulent purposes.  This was followed by the Paradise Papers leak in 2017, which originated from the offshore magic circle law firm Appleby.

The offshore financial affairs of hundreds of politicians, multinationals, celebrities, and high-net-worth individuals, were exposed.  The papers also threw light on the legal firms, financial institutions and accountants working in the sector and on the jurisdictions that adopt offshore tax rules to attract money.

Because law firms aggregate such a large quantity of sensitive commercial information, including intellectual property and financial projections, the very stuff of e-discovery, it is little wonder organised criminal gangs will use any means possible to try and infiltrate their data.

 Cyber Security and e-Discovery

Because electronically stored information is a prime target for attack by hackers, law firms must take cyber security with the utmost seriousness.   Following an investigation into Mosack Fonseca’s cyber security practices, it was discovered the firm had not updated its Webmail service since 2009, and its emails were not encrypted[3].

Documents required for disclosure can include sensitive employee and client information, company financials, intellectual property, confidential agreements, deal papers, transactional records, and other highly sensitive and proprietary information.

Protecting data prior to it leaving the clients custody can be done via mapping the flows, encrypting the data, and restricting access.  However, if the documents subject to e-Disclosure are held by the law firm involved in the matter, protecting the data can be more difficult, as much depends on the security systems the practice has in place.

Any security expert will tell you that data is most vulnerable when it is in motion.  Therefore, data being transferred from the client to the law firm, from the law firm to an external vendor and then to requesting parties (i.e. the court and/or other solicitors) is ripe for attack.  And it must be remembered that these actions do not occur in a linear sequence; solicitors and barristers often constantly transfer discovered data as the matter progresses.

One of the best protection measures law firms can take is to deal with vendors, experts, and other lawyers they are familiar with.  The contracts you create with vendors who deal with any e-Discovery documents should include an obligation to protect the data.  Look for vendors with an ISO27001:2013 certified data security accreditation.

The most secure e-discovery platforms are ones that are hosted on a central hub, where access in and out of it is secure.  When exchanging disclosure documents, they should always be encrypted, as should data which is resting on the platform.  Sharing should also take place within encrypted channels, ideally through a secure, permission-based link, which allows for instant and remote access.

Another alternative is to create a ‘clean-room’, where relevant parties can review the data under controlled and supervised conditions.

Final words

Given the value of the information contained in documents required for some e-discovery, especially in high-value, cross-jurisdictional cases, the process will always be vulnerable to hacking.  All parties to the chain; lawyers, vendors, and experts, need to ensure their cyber-security is closely monitored and kept up to date.

The risk posed by cyber criminals is unlikely to go away, but at least solicitors and vendors can protect the safety and confidentiality of their clients by outsmarting their attempts to breach cybersecurity.

Lineal is a global leader in providing flexible eDiscovery and litigation support.  To find out more about eDiscovery and our other services, please call us on +44 (0)20 7940 4799 or email info@linealservices.com.

Do you have any comments to make on this article?  Please feel free to add them in the comments section below.

[1] https://www.legalweek.com/sites/legalweek/2018/01/24/1-2-million-law-firm-email-address-credentials-are-sitting-in-dark-web-data-dumps/?slreturn=20180123084349

[2] https://www.lawgazette.co.uk/practice/manda-hack-attack-on-48-elite-law-firms/5054524.article

[3] https://www.wired.co.uk/article/panama-papers-mossack-fonseca-website-security-problems