Hackers Still Targeting Law & PR Firms

Hackers are continuing to target law and public relations firms with a sophisticated e-mail spear-phishing scheme that allows them to break into computer networks and steal sensitive data, often linked to large corporate clients doing business overseas.

The FBI issued an advisory in November that warns companies of “noticeable increases” in efforts to hack into law firm computer systems.  This trend began as far back as two years ago, but has recently spiked dramatically.  Spear phishing attacks manifest themselves in the form of highly personalized e-mails that often slip through defenses and appear harmless because they have subject lines appropriate to a person’s business, and appear to come from a trusted source.  The attackers appear to be doing a fair amount of homework researching thier intended targets and their working relationships.

Law firms tend to store a tremendous concentration of critical, private information.  Infiltrating those computer networks would be a really optimal way to obtain economic, personal and personal security related information.  The hackers often target companies that are negotiating a major international deal — anything from seeking a patent on a sensitive new technology to opening a plant in another country.

Alan Paller, director of research at computer-security organization SANS Institute says that a major law firm in New York was hacked into in early 2008 during an attack that originated in China.  As is often the case with online crime, it is difficult to tell whether hackers were working on behalf of the country’s government, located within that country, or simply routing computer traffic through that country as a diversionary and covering tactic. 

While opening a “spear phishing” e-mail itself does not usually pose a danger, they often contain links to websites or attachments that when opened, will install malicious programs.   Once the hacker has established themselves on the network, they often launch a program that searches for, gathers, copies, and sends files to a computer server, usually in another country to complicate jurisdictional determinations and tracking efforts.  This program also may create a back door that will allow hackers to get back in.   The attachments used can appear to be anything from a photo to an executable program, and the links can be anything at all from an apparent joke site, must see pictures, or a current news item.