“Everyone needs to be aware of information security,” said Tanya Forsheit, a founding partner of the InfoLawGroup LLP at the RSA Conference in San Francisco. “I think a lot of law firms have not historically paid attention. They thought they were not required.”
Law firms and the clients they represent are the latest groups to be targeted in online hacker-activist attacks. As Steven Teppler, partner at Edelson McGuire explains, Anonymous is an entity that acts when it is affronted or when it takes on a cause. The group is industry agnostic and will bully any group or person it sees as related to or helping the opposition. For example, the group took down and defaced the website of law firm Puckett Faraj for representing a sergeant charged with leading the Haditha Massacre, a 2005 killing of Iraqi civilians by U.S. Marines.
“We once tweeted something about Anonymous, and our site went down very quickly,” said Marcia Hofmann, senior staff attorney for the Electronic Frontier Foundation.
Personal computers and mobile devices are also vulnerable. According to Teppler, a lawyer’s laptop can be worth up to $30,000, not because of the hardware, but because of the information stored on it. If a lawyer’s laptop is broken into, he or she could face competency issues associated with failure to protect sensitive data. If it’s a medical-related case, the lawyer may even face HIPPA privacy problems.
And the size of your law firm won’t save you.
“I think sometimes the bigger the law firm the more impervious they feel.” said Teppler. “They are now a threat to their clients in some ways.”
Teppler suggests that before a law firm gives counsel to a client, it needs to look in the mirror and assess its own vulnerabilities. And because of groups like Anonymous, lawyers need to also then council their clients on attack risks. A company needs to consider if it is prepared for an attack, and whether it can survive being victimized on the Internet, before making a decision to litigate or not.
Clients that want to keep a case private may consider not entering litigation at all. Another option is getting a protective order, which can limit how information about the lawsuit is viewed, but even this isn’t fail safe. “Google has its very own protective order,” said Teppler. “It’s creative. I’m not surprised that it comes from Google.”
No matter what precautions a company takes, Anonymous could still try to attack a firm or its employees. The group regularly opts for denial of service attacks when all else fails. While these attacks are not the most sophisticated, Anonymous is, if anything, extremely persistent.
If you are attacked and want to strike back by suing your hacktivist attackers, you’re probably out of luck. “I think that suing Anonymous is going to be like chopping off the head of a hydra,” said Teppler.