Skip to main content
logikcull in-house blog

Dark Overlords Ransom Law Firm Data—Byte by Byte

January 24, 2019  |  8 min read

Cybersecurity 3

At this very moment, in law offices and corporations around the country, attorneys are emailing privileged information to clients, shipping sensitive data out to vendors on unsecured thumb drives, and even Slacking confidential information to colleagues. Paralegals and junior attorneys are touching case data and saving it to company computers and personal devices. In the ordinary course of business, once a case is closed, these documents are safely archived or deleted—but what happens when that sensitive information gets intercepted?

As it turns out, there’s no need to speculate. Recent news gives us a look—once again—into the consequences of a law firm data breach, and it’s not a pretty sight.

In a story straight out of Criminal Minds, cybercriminals have hacked into several third-party law firms who advised high-profile companies, including Silverstein Properties, Hiscox Syndicates, and Lloyds of London, in the early 2000s in order to steal sensitive documents relating to the September 11, 2001, terrorist attacks against the United States. 

And like any tech-savvy kidnapper, they are holding their spoils hostage for bitcoin.

 

“Thedarkoverlord” Offers 9/11 Files to the Highest Bidder

The perpetrators, members of a hacker group self-dubbed “thedarkoverlord,” claim to have obtained classified documents regarding civil lawsuits filed in the wake of the 9/11 terrorist attacks. They have generously offered to return the 18,000 sensitive documents to their original owners for a few million bitcoin, and they have also invited interested parties, whether terrorist groups or geopolitical rivals like China and Russia, to show them some crypto-love in exchange for access to the information.

"Hackers have also invited interested parties, whether terrorist groups or geopolitical rivals like China and Russia, to show them some crypto-love in exchange for access to the information."

This ransom pitch, though, has run into more than a few roadblocks. For one, no one is sure if these “Top Secret” documents even exist, or if they contain anything of interest. According to Vice’s Motherboard, Silverstein and Lloyds won’t say if their networks or systems have been compromised. On the other hand, the Hiscox group has confirmed that a law firm which advised the company has been breached and that hackers “likely stole files about 9/11 litigation,” but the company unsurprisingly refuses to comment on what the cache might contain.

On the whole, the hack hasn’t stirred up the kind of intrigue thedarkoverlord may have expected. The breached law firms appear to be calling the group’s bluff, as the cybercriminals have yet to secure a ransom. But thedarkoverlord isn’t going down without a fight.

 

Crowdsourcing a “Go Hack Me” Campaign

This is the point in the story where the kidnapper sends a severed thumb to your office to make you sweat. Here, the hackers went for the digital equivalent of a severed thumb—and crowdsourced the severing.

"This is the point in the story where the kidnapper sends a severed thumb to your office to make you sweat."

Accordingly, they have been taking bitcoin donations from the public and releasing “layers” of information at certain financial milestones. They released “layer 1” after collecting $12,000 and leaked “layer 2” last week, despite missing their fundraising goal. 

Preliminary review of the leaked documents reveals that they do indeed contain contributions from post-9/11 litigation teams: emails between lawyers discussing which airlines, manufacturers, and federal agencies they might sue for damages, PowerPoint presentations tied to liability cases, and loose speculation about whether then-President George W. Bush had advanced knowledge of the attacks. But no “smoking gun,” or conspiracy confirmation. As of now, thedarkoverlord’s bitcoin wallet has received 33 contributions, and their Twitter account has been disabled.

 

An Uptick in Data Breaches

Obviously, the “9/11 Papers” breach is unusual. Thedarkoverlord represents a particularly vicious breed of cybercriminal—willing to go to extreme lengths to extort their victims, in this case by pitting law firms against the public to see who will pay the most to get the documents. But you don’t need to be involved in high-profile litigation or targeted by the most sophisticated cybercriminals to be hacked. In the modern world, everyone is a target.

"You don’t need to be involved in high-profile litigation or targeted by the most sophisticated cybercriminals to be hacked. In the modern world, everyone is a target."

For every blockbuster breach like thedarkoverlordor Marriott, or the DLA Piper attacks, or the Panama Papers, or the Paradise Papers, or the Cravath hacks—there are dozens more that go unreported. Electronic devices and IT systems are the new boardrooms. They store troves of data, from passwords and usernames to credit card information, business strategies and corporate secrets, making them prime targets for potentially paralyzing cyberattacks. And in many cases, it takes hackers mere minutes to compromise a system.

With a just few keystrokes, cybercriminals can penetrate an entire network, crippling huge organizations. In 2017, for example, there were 1,579 individual, reported data breaches, exposing more than 178 million records and costing the U.S. economy between 60 and 100 billion dollars.

Interestingly, the increased threat is not just a matter of net incidents. In addition to upping their work-rate, hackers are also getting more sophisticated, and they are targeting their victims more carefully. According to a 2018 Wall Street Journal investigation, even technologically advanced people are at risk—potentially more so than their less-savvy peers—because they are more likely to use new tools, like Venmo and cryptocurrencies, that have flaws hackers can exploit. 

In other words, it’s a great time to be a cybercriminal—and a simple awareness of obvious risks isn’t enough to protect you anymore.

 

Why Law Firms Are So Vulnerable to Cyber Attacks

While individuals and organizations of any kind can be hacked, law firms are especially vulnerable because they house large amounts of extremely sensitive data. This information turns them into a “one-stop shop” for cybercriminals. Rather than overcome the cyberdefenses of dozens of different businesses, hackers need only break into their shared law firm, where they can access highly valuable client information, often for significant gain.

In addition to their valuable client intel, law firms are at risk because litigation entails a large amount of data sharing, and data is most vulnerable in motion. Two decades ago, an attorney and her client might discuss their case in person and pull sensitive files from an actual filing cabinet. Now, sensitive conversations often happen over email. Rather than sitting in bankers’ boxes, confidential information is pinging around cyberspace—and this constant movement creates a new level of exposure. During the traditional eDiscovery process, for example, data is passed from the client to external providers (law firms, service vendors), and then to requesting parties (adversarial litigants). And each of these touchpoints represents an opportunity for cybercriminals to strike.

This inherent risk means that if you are not protecting yourself and your data online, you are putting your firm and your clients at risk. According to Cisco System’s Annual Security Report, one in three mid-sized firms admit to having experienced a data breach—and because this data is self-reported, it likely fails to capture the full scale of incidents. In 2017, LogicForce assessed over 200 law firms, ranging in size from one to 450 attorneys. Every single law firm surveyed had been targeted for confidential client data, and 40 percent of the firms did not know their system had been breached. 

"Every single law firm surveyed had been targeted for confidential client data, and 40 percent of the firms did not know their system had been breached."

The level of electronic data sharing required in modern litigation exposes a massive amount of sensitive information. Yet the legal industry is dangerously behind when it comes to cybersecurity. Addressing cybersecurity can be difficult, requiring constant adaptation as hackers develop new methods to bypass increasingly complex security systems. But the potential costs of a breach, including malpractice suits and significant loss of business, drastically outweigh the cost of prevention.

 

Take These Steps to Protect Your Company or Law Firm

Ultimately, the 9/11 Papers remind us that as technology becomes more sophisticated, so do threats against law firm security. And the best defense is to take deliberate precautions before anything goes wrong. Don’t be the next Mossack Fonseca or a victim of thedarkoverlord. To prevent a data breach at your firm, you should develop a comprehensive security and breach preparedness plan. You can start by:

  • Backing-up and encrypting your data and testing it regularly to make sure your back-ups are safe from ransomware—even if it’s in the cloud. 
  • Developing (and following) a password policy, including two-factor authentication. And while you’re at it, consider using a password manager such as LastPass or Okta to secure your accounts.
  • Limiting access to computer systems and email to trusted users. Make sure to educate employees on phishing emails, the type of scam that led to the WannaCry outbreak in 2017, so they can protect themselves, and consult a trusted IT provider to learn more.
  • Ensuring that your sensitive information, including information exchanged during litigation, is stored in a secured, encrypted system to reduce the risk of a breach in the first place.
  • And most importantly: limiting the number of hands touching your data by bringing more processes like eDiscovery in house. Reducing your reliance on vendors and outside firms allows you to create a closed-loop system, which is the most powerful way to avoid a data breach.

 

Want to see how Logikcull keeps your data secure during litigation? Sign up for a demo here