Media Room

dedicated, diverse counsel helping you reach your goals


Is Your Lawyer the Weakest Link? Hackers Are Now Targeting Law Firms to Get Secret Deal Data

by John Marsh 3. February 2012 10:30

A profoundly troubling article by Bloomberg details expanding efforts by hackers to attack system networks of law firms to cull confidential data on sensitive deals and transactions. According to the January 31, 2012 article entitled "China-Based Hackers Target Law Firms to Get Secret Deal Data," the attacks have been sufficiently serious that the FBI's cyber division convened a meeting with the top 200 law firms in New York City last November to address the rising number of law firm intrusions.

One attack in particular involved China-based hackers looking to derail a $40 billion acquisition of the world's largest potash producer by an Australian mining conglomerate. The hackers "zeroed in on offices on Toronto's Bay Street, home of the Canadian law firms handling the deal." According to the article:

"Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and the Treasury Board, according to Daniel Tobok, president of Toronto-based Digital Wyzdom. His cyber security company was hired by the law firms to assist in the probe. The investigation linked the intrusions to a Chinese effort to scuttle the takeover of Potash Corp. of Saskatchewan Inc. by BHP Billiton Ltd. as part of the global competition for natural resources, Tobok said. Such stolen data can be worth tens of millions of dollars and give the party who possesses it an unfair advantage in deal negotiations, he said."

Why law firms? The article quotes Mary Galligan, the head of the FBI's cyber division in New York as observing that "as financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.” Galligan's unit held the meeting with the 200 law firms as a result. “We told them they need a diagram of their network; they need to know how computer logs are kept,” the article quotes Galligan as saying of the meeting. “Some were really well prepared; others didn’t know what we were talking about.”

Mandiant, a cybersecurity firm based out of Alexandria, Virginia, estimates that 80 law firms were hacked last year. "Spear phishing" attacks (i.e., targeted attacks at particular individuals) or gaps when transitioning information to cloud storage sites are the preferred means of attack right now. At the November meeting, the FBI also recommended that the law firms review their mobility policies, including the security of e-mail linkups and mobile phones.

The takeaway? As trade secret lawyers, we frequently advise our clients on the importance of managing sensitive information -- i.e., limiting access, use of encryption, having sound security policies that are implemented, and creating a culture of security. To the extent that law firms are managing highly sensitive technical data or are involved in highly sensitive transactions, they need to apply their own advice to their employees and IT networks.

Share on Facebook  Share on Twitter  Share on Linked In

Comments (1) -

Green Kapsos Law
Green Kapsos Law United States
7/18/2012 3:15:25 PM #

Very interesting article, thanks for posting.


Pingbacks and trackbacks (1)+

Add comment

  Country flag
  • Comment
  • Preview

About John Marsh

John Marsh Hahn Law AttorneyI’m a Columbus, Ohio-based attorney with a national legal practice in trade secret, non-compete, and emergency litigation. Thanks for visiting my blog. I invite you to join in the conversations here by leaving a comment or sending me an email at


The information in this blog is designed to make you aware of issues you might not have previously considered, but it should not be construed as legal advice, nor solely relied upon in making legal decisions. Statements made on this blog are solely those of the author and do not necessarily reflect the views of Hahn Loeser & Parks LLP. This blog material may be considered attorney advertising under certain rules of professional attorney conduct. Regardless, the hiring of a lawyer is an important decision that should not be based solely upon advertisements.


Download OPML file OPML