Ride The Lightning

The Pittsburgh Post-Gazette reported on April 29th that Matthew James West, 21, had pled guilty to helping Alyson Cunningham and her husband Jonathan Cunningham access the computers of a law firm. The firm was identified only as VG, but as I indicated in an earlier version of this story, the firm appears to be Voelker & Gricks, LLP, in Pittsburgh.

Alyson had been fired by the firm in November 2011 and provided her computer password to West. She and her husband directed West, via a Skype conversation, as he entered the firm's network and inserted a program that transmitted to him passwords of anyone who logged into the network.

Mr. West, not a rocket scientist, then sent an e-mail to the firm, saying that he was a part of the hacktivist group Anonymous and was monitoring the firm's activities to confirm that it was behaving in a fair and just manner and that he was "not interested in ruining your business."

West has no prior criminal record and the charges to which he pled are misdemeanors. He will be sentenced on September 4th.

The pressing question for those involved with law firm security is this:  How in the devil did the law firm neglect to terminate Alyson's ability to connect to the network when they fired her? "Cut all means of access to the network" should be a mantra by now. If you don't have an employee termination checklist, make sure to create one.

Sadly, it comes as no surprise that state-sponsored cyberattacks are on the rise and now constitute 19% of cyberattacks.

Verizon's 2013 Data Breach Report is based on 19 global businesses, their attacks, forensics and reporting agencies. The report highlights 47,000 reported security incidents and 621 confirmed data breaches.

How do they determine that attacks are state-sponsored? Primarily by known tactics, indicators of the data sought and malware signatures.

Other highlights of the report:

• 37 percent of breaches hit financial organizations;
• 24 percent of breaches happened in retail and restaurants;
• 20 percent of network intrusions involved manufacturing, transportation and utilities;
• 38 percent of breaches were aimed at large companies; and
• 92 percent of breaches were perpetrated by outsiders

There is much to digest in the report, which may be downloaded here.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Legal Talk Network has released our latest edition of Digital Detectives, highlighting the scary technology we saw and talked about at ABA TECHSHOW. Our guest is legal technologist Ben Schorr, a frequent TECHSHOW speaker and the CEO of RolandSchorr. Always witty, Ben chats about the live demonstration of the wireless network imposter known as the Pineapple Mark IV, the dangers of geolocation, the absence of strong PINs on smartphones and much more.

We hope you enjoy listening to the podcast as much as we enjoyed recording it.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Courtesy of the ACLU and Dave Ries, here is a chart to guide you as to data retention by cell phone companies. Short post, but lots of interesting information in the link. Note that in some instances, the data is held far longer than anyone thought.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

The New York Times reported recently that DLA Piper had settled an ugly fee dispute with client Adam Victor, an energy industry executive. The case highlighted lawyers’ e-mails that discussed overbilling the client, using the phrase “churn that bill, baby!”

DLA Piper had originally sued Mr. Victor for $675,000 in unpaid legal bills, in hindsight probably not a good idea. Mr. Victor then filed a counterclaim, accusing the law firm of a “sweeping practice of overbilling” and demanding $22.5 million in punitive damages.

On April 17th, a lawyer for Mr. Victor said the parties had settled though he declined to reveal the terms of the settlement, citing confidentiality provisions in the agreement. Mr. Victor appeared to be a pretty determined guy, so my guess is that the terms of the settlement were pretty darn sweet as DLA Piper scurried to sweep this embarrassment under the rug.

Mr. Victor had retained DLA Piper in April 2010 to prepare a bankruptcy filing for one of his companies. Mr. Victor ultimately refused to pay some of the bill saying that he had been overcharged, and the law firm sued him for nonpayment.

During pretrial document discovery, internal DLA Piper e-mails came to light:

“I hear we are already 200k over our estimate — that’s Team DLA Piper!” wrote Erich P. Eisenegger, a lawyer at the firm.

Another DLA Piper lawyer, Christopher Thomson, responded to the e-mail, noting that a third colleague, Vincent J. Roldan, was also recruited to work on the matter.

“Now Vince has random people working full time on random research projects in standard ‘churn that bill, baby!’ mode,” Mr. Thomson wrote. “That bill shall know no limits.”

I was personally offended by the DLA Piper e-mail which tarred all lawyers, most of whom try hard to stay within estimates given to clients unless the scope of work changes.

DLA Piper, the world's largest firm, with 4,200 lawyers in 30 counties, could surely have set a better example. I found laughable the internal e-mail that the firm leadership issued defending the firm's integrity and suggesting that the e-mails that surfaced were a poor attempt at humor.

In fact I read that e-mail aloud to John in the car - it was so repetitious and labored (if you say the same thing enough times, did they think it would be more credible?) that I was finally convulsed with laughter.

The lawyers who wrote the offending e-mails are no longer with the firm, apparently for unrelated reasons. But what they wrote (and sorry DLA, most people believe that these e-mails constituted bona fide "chortling" over the bill's growing size) has once again made lawyers the butt of water cooler jokes. They have fueled the public perception that lawyers are sharks more interested in jacking up bills than in keeping legal costs in check.

We teach a lot of ethics CLEs - congratulations DLA Piper - for the foreseeable future, you've earned a slide in our PowerPoint.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Thanks to Ryan Fahey of InfoSec Institute for his summary below of an excellent article he authored.

New and evolving technologies also create new challenges for the investigator. Working with a new file system or even just a new type of file can require a change in approach or the development of a new technique. While these changes may require slight alterations to well defined procedures, it is extremely rare to have to deal with a technology that is a complete “game changer”. The digital forensic community is currently facing one of these rare situations – the rapidly increasing popularity of solid state hard drives (SSDs).

There are many advantages and disadvantages of SSDs, unfortunately the methods used by manufacturers to compensate for these disadvantages make the life of a forensics investigator much more difficult than before. There is no solution at the moment, but we are just at the beginning of this challenging phase for digital forensics, and it’s a very interesting and exciting place to be. This article written by the InfoSec Institute goes into great detail on the subject.

I asked John to vet the article and he was truly impressed - great stuff Ryan!

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

No one who followed the Boston Bombers story could fail to notice the use of videos during the investigation. But pull the curtain aside and there's a lot of technology coming at us that cuts both ways -  a boon for investigations and a threat to our privacy.

As Information Week reported, there's a lot we don't yet know about the use of videos in the Boston investigation, but here are some of the things we do know.

On April 15th, the city's Office of Arts, Tourism and Special Events was testing a new operations dashboard manufactured by IBM. The system allowed a view of the marathon course and a two-block area around it. The system wasn't available to law enforcement that day, but it was available for the investigation afterwards. And the city will add 911 data and perhaps surveillance feeds in the future.

Since 2010, Boston has had a real-time crime center which receives video feeds from dozens of cameras across the city. It is now expanding its smart city initiative with sensors, predictive analytics software from IBM and performance-reporting software from SAP. The number of cameras in use on street corners, under bridges and in local shopping areas has expanded significantly in recent years.

Baltimore, Chicago, Dallas, New York, San Francisco and other U.S. cities have undertaken similar initiatives, often with federal funds.

New York City is deploying a full-scale surveillance system, the Domain Awareness System, that pulls in data from 3,000 closed-circuit TVs, 2,600 radiation detectors and 100 license plate readers. Microsoft, which developed the system with the NYPD's Intelligence Division and Counter-Terrorism Bureau, is marketing the platform to other cities. According to New York Mayor Michael Bloomberg, "Our camera network now has the capacity to alert police to abnormalities it detects on the street, such as an abandoned package that is left on a corner."

Are privacy activists alarmed? Of course. Earlier this year, Seattle activists destroyed more than a dozen security cameras to protest the city's growing surveillance network.

Facial recognition, analytics and other advanced technologies can sniff for signs of trouble in real time. IBM, as part of its Smarter Public Safety line of products, sells a video correlation and analysis suite that offers real-time alerts, facial recognition and "situational awareness" of a location. The FBI is developing facial recognition capabilities as part of its $1 billion Next Generation Identification program.

The Boston bombings make a powerful argument for this kind of technology - but inevitably, it will be abused. Stay tuned - stories of misusing video surveillance are sure to emerge.

Hat tip to Dave Ries.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

As much as I shudder at the privacy implications of Big Data, the assistance of Big Data in investigations like the Boston bombing is wonderful. Using all the video recordings taken from stationary cameras in the area of the bombings, along with still shots and video from spectators and the media, investigators can feed the data into massively linked computers which can sort faces, times and locations which will help investigators put together a timeline of the comings and goings on Boylston Street on April 15th.

They may look at data from blocks away or hours earlier or later. And all this is only the tip of the iceberg. They are doing traditional interviews as well, but in our digital era, digital forensics runs parallel to traditional investigative techniques.

I have not lost sight of the tragedy here, but it is impossible not be fascinated by the close-up glimpse we are being given of analytics techniques applied to Big Data and the use of digital forensics in general. Much as we once developed a CLE based on the digital trail which led to the Craigslist Killer, we may well develop a similar CLE based on the investigative work being done in Boston. In the meantime, we hope for a swift identification of whomever was responsible for this act of terror.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

It was only on April 6th that we gave a plenary presentation at ABA TECHSHOW on the digital forensics work of the Boston Police Department in the Craigslist Killer case.

Now, the same police department, once again with help from the FBI, are investigating the Boston Marathon bombings. Just as it happened in the Craigslist Killer case, video footage has been pulled from various cameras along with cell phone tower records. There was a lot on CNN yesterday about cell phone triangulation and speculation about whether a cell phone could have been used to trigger the explosions.

People who were at the scene are being asked to check their smartphones and cameras as they may have unwittingly have captured something important as they took photos, shot videos or made audio recordings.

Once again, it is amazing to see how traditional forensics works side by side with digital forensics.

We send our prayers to all affected by this tragedy and hope that law enforcement can quickly find those responsible.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

To its credit, Google has debuted the Google Inactive Account Manager, designed as a sort of digital will. It is humorous that the acronym is IAM since it is designed to function when you are not. The Google geniuses may want to think of a new name.

This is an excellent development in handling digital property. With a sigh, I now realize I must change both my written materials and PowerPoints for upcoming sessions of "If You Die, Do Your Digital Assets Go to Hell?"

Our friend Deb Matthews, an excellent wills, trusts and estate attorney, has written a nice post on IAM. Go there to get a good summary.

Google also has a very readable set of instructions on how to use IAM. The trouble with lecturing on any of this stuff is that the only constant is change.

But, as I prepare this post, I am boiling water for a lobster feast with family - so life is not all bad.

E-mail: snelson@senseient.com          Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq