Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
U.S. Law Firm Network Penetrated by the Chinese?
February 19, 2010
It's not often I say "Wow" when reading a security report. But it happened recently when I read a report from Mandiant, a well known computer security firm. The report (you have to register to download it) has an excellent overview of advanced persistent threats along with a number of case studies.
The case study that caught my eye involved a U.S. law firm which was representing a client/plantiff in a Chinese civil litigation case. A very substantial amount of the firm's data was compromised. Though certainly the thought was that the initial attack vector came from China, it could not be proven because of the absence of system logs from firewalls, intrusion detection systems and the like.
In this case, approximately three dozen workstations were compromised, alllowing the attacker to gain valid credentials, thereby permitting access to any server, workstation or laptop in the law firm's network.
Read the entire paper – it is nothing less than chilling. My own suspicioun is that vast amounts of data are being harvested by China from law firms who are oblivious to their vulnerability. It is interesting that the report opens by noting that the overwhelming majority of advanced persistent threats are linked to China.
We rarely see a law firm which has hardened its perimeter sufficiently. To the contrary, the failure of most law firms to install sophisticated intrusion detection systems and to enable appropriate logging is an engraved invitation to intruders saying "Where Would You Like to Go Today?" And the answer is "Everywhere."
Listen to the Podcast
