Ride the Lightning

How Hackers Get Past the Defenses of Large Law Firms

May 3, 2017

Law 360 (sub.req.) published an article about how cybercriminals get past the defenses of large law firms. One point of reference was to the scheming of Oleras, a cybercriminal seeking help in the Dark Web to hack into some of the biggest American law firms – in return for major monies.

His vision was a scheme to spear-phish high-powered lawyers. A group Oleras was working with suggested the bait would be a phishing e-mail with a purported award announcement from a well-known British publication called Business Worldwide, and it would say that the lawyer was being honored for deal making achievements. High-powered lawyers are not known for modest egos – and that was their edge.

To figure out who to phish, they looked at the social media accounts and online profiles of lawyers at the targeted firms, searching for those who seemed to list every award and honor.

We can't know how the scheme fared, but Oleras pronounced himself happy with the results in online postings.

The article talks about the Legal Services Information Sharing and Analysis Organization (LS-ISIO), which now has more than 100 law firm members, many of them large firms. It likens itself to a "Neighborhood Watch" – the motto being "If you see something, say something." We've certainly heard that line before.

This 16-page article, full of real-life stories and helpful tips, should be mandatory reading for lawyers. If you can't think like the enemy, you can't effectively fight the enemy.

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson