2017 looks to be a year of ramped-up attacks by Internet crooks. As if 2016 didn’t have its share of mind-boggling cyberattacks and billions of dollars stolen, look for online criminals to tighten the screws even further this year, demanding increased levels of awareness and vigilance from anyone connected to the Internet who wants to survive.
It has long been known in computer security circles that attorneys and law firms are among the easiest prey for crooked hackers. While there are some notable exceptions, it is a strange-but-true fact that most lawyers have never had the time or inclination to make their computer systems safe and secure. Why lawyers have been afflicted with this malady is truly a mystery, but it is true, nonetheless.
A story released only a few days ago reveals the consequences of this neglect. Chinese hackers targeting New York law firms managed to steal information about corporate mergers and acquisitions, insider trading information they used to setup stock purchases and sales netting over $4 million.
The bad guys didn’t get away with it, this time, though. After charges were filed, U.S. Attorney Preet Bharara had this to say: “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”
Banks have been hammered by cyberattacks, as well. Federal authorities recently arrested the last at-large member of a hacking ring that managed to penetrate the networks of JPMorgan Chase, Scottrade and Dow Jones. Using the information they stole from their victims, they implemented a series of “securities market manipulation schemes,” netting them a tidy $100 million.
These were no movie-myth teenage hackers sitting in their parent’s basements, though. They could more accurately be described as organized crime gangsters, breaking into as many as seven major online banks, as well as running an online casino and laundering money for criminals around the world, all without drawing a gun or passing a hold-up note to a human bank teller. It is important to note these were among the handful of online criminals that actually slipped up and got caught; most Internet crooks get away with their crimes indefinitely.
How were the bad guys able to accomplish such crimes against giant law firms, banks and other major businesses? For the most part, the same way they steal from regular, every-day individuals and families. A stunning number of major hacking attacks begin with a simple email, tricking an uneducated recipient into clicking on the wrong thing. From there, things can escalate quite easily and rapidly.
Many major attacks can be traced to computers somewhere in the organization that have not been properly maintained, and are behind on their security updates and patches. Such out-of-date systems can be easily infected with viruses and the like that can give a criminal complete control over the network, all without the computer user being aware that anything is amiss.
The sad fact is, most businesses, large and small, even after years of computer and Internet experience, and seeing what happens to other people who get in trouble, still don’t take computer and Internet safety and security seriously. I personally know multimillionaires who still use stupidly simple passwords to protect their online accounts. I know wildly successful businesses that spend thousands of dollars on high-tech door locks and alarm systems, but become annoyed whenever someone tells them their owners and employees need to take the time to learn how to be safe on the Internet. It’s a sad situation, because I know you can only swim unprotected with the sharks for a limited time before they eat you.
Stand by; it’s going to be an interesting year. Keep reading these pages, and I will keep teaching you how not to become another shark casualty.