Toronto Law Firms Targeted

Here is a lesson to us all about the global reach and intent of internet hackers who have an interest in the information assets that we may hold for our own or clients’ interests.  China-based hackers have homed in recently on the offices of Toronto’s Bay Street law firms handling a $40 billion acquisition of the world’s largest potash producer by an Australian mining giant.  Bloomberg has a great article with all of the details, and outlines discussions undertaken by a group of law firms that got together recently to strategize protective and detective techniques.

The hackers in the Toronto case penetrated and combed through one computer network after another, hitting seven different law firms as well as Canada’s Finance Ministry and Treasury Board, seeking to gather detailed intelligence and potentially undermine the deal.  A law firm involved in the deal detected intrusion indicators, including spoofed emails, malicious websites, and network disruptions.  Investigators found spyware designed to capture confidential documents, compiled on a Chinese-language keyboard, and using servers in China involved in the attack.

The investigation linked the intrusions to a Chinese effort to kill the developing acquisition.  Stolen data of this nature can be worth tens of millions of dollars to those involved on either side of the bargaining table, and gives the possesser an unfair advantage in negotiations.  The deal eventually fell apart when the Canadian government declared it wasn’t in the nation’s interest, but the incident highlights the vulnerability of law firm information resources in particular, and the threat of loss of client trust and future business.

The hackers’ victims included Toronto-based law firms Blake, Cassels& Graydon LLP, which represented BHP, a company with offices in Australia, Singapore and London, as well as Stikeman Elliott LLP, which represented Saskatoon, Canada-based Potash Corp.

Hackers see law firms as a back door to valuable corporate client data and to business partner connections.  Client information confidentiality is a key principle of law firms.  They are easier in most cases to penetrate than banks and large corporations, since they don’t always understand the threat, and don’t consider data to be a cash resource.  The attacks have created what Tony Cordeiro, chief information officer at White & Case LLP, terms a “healthy paranoia.”  Mandiant, a security firm specializing in incident response and readiness tools, estimates that 80 major US law firms were hacked last year.

The level of skill and seriousness of attacks we are currently experiencing differs widely.  Attackers include hackers looking for a quick buck, and for information they can sell to the highest bidder.  The case involving Potash Corp. of Saskatchewan Inc. and BHP shows just how serious the threat is.  The intruders were professionals, potentially linked to a nation-state, with all of its resources behind them.  Chinese government officials have denied any involvement.  At the time of the attacks, China was seeking new sources of agricultural chemicals.  Potash is a common name for compounds containing potassium used in the manufacture of fertilizer.

Law firms are not the only non-financial industry organizations that should be alert to this kind of espionage.  The data and information that attackers are seeking does not have to be credit card or direct cash equivalent materials in order for it to be valuable.  Think about your business.  It is there to serve clients.  Those clients will often entrust your business with sensitive and valuable information.  You are not a bank, but you still need to secure those assets.  Protect your business by protecting those assets, and protect them well.