Crossroads Blog | Institute National Security and Counterterrorism

cyber attack, Cyber Exploitation, Law

Law Firms The Victim Of Cyber-Espionage: Forbes & Bloomberg

For all you legal types, take notice.

On Jan. 31st, 2012, Eric Savitz wrote an eye-opening article for Forbes on Chinese cyber-espionage against US law firms.  The article was set out in a question and answer transcript between Alan Paller (director of research for the SANS Institute) and the managing and IT partners of a large New York law firm.

The attorneys said that the FBI had informed them that their client's files were found on a foreign server, eventually on their way to China.  Mr. Paller told the attorneys that the Chinese stole the client files because "The Chinese People's Liberation Army runs a very active industrial espionage program . . . [that] has the joint mission of ensuring both military and economic security."  As such, the PLA seeks to steal documents that will reveal just how much technology the American firm will give away when attempting to do business in China (the Chinese often use forced technology transfers as a requisite for a US company performing business in China). 

According to the Forbes article, the Chinese use this data to gain an advantage in negotiations; if the Chinese know where the American company has drawn the line on technology transfer, the Chinese will toe that line. 

Mr. Paller went on to say that cyber-espionage is shifting to law firms.  Specifically, Paller noted that most law firms "have very weak security" and "attorneys are often arrogant so they don't pay attention to security notices and guidelines."  Moreover, it's easier to find out information about a client's international dealings in a firm's files as opposed to the corporate files.   

The article is divided into a two-part series.  I'll post the second installment when Forbes makes it available.  You can find the Forbes source article here.

***

Michael A. Riley and Sophia Pearson wrote for Bloomberg on cyber-espionage against law-firms.  The article noted the Canadian potash controversy–a cyberattack where Chinese hackers broke into Canadian law firms to steal favorable business information–as evidence of cyber-espionage against law firms. 

The article also quoted Mary Galligan, head of the FBI's cyber division in NYC:

"As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.”

The article explained that the FBI met with 200 of NYC's top law firms last November to discuss cyber-espionage.  Apparently some firms were prepared, but others had no clue that cyber-espionage was going on.

Interestingly, the article cited a Mandiant study that estimated that 80 major US law firms came under cyber-attack last year.

You can find the Bloomberg article here.

Leave a Reply

Bitnami