Law firms are double-checking their security arrangements after the Panama Papers scandal.
Panamanian law firm Mossack Fonseca suffered a security breach leading to the leak of 11 million client documents, including details of shell companies set up in tax havens. The ensuing scandal has led to the resignation of the Icelandic prime minister and focused attention on the financial dealings of our own prime minister’s father, as well as leaving many of the firm’s clients exposed.
IT security specialist Brian Spector, CEO at MIRACL, warns: “As far as hackers are concerned, any legal firm represents a treasure trove of personal and financial data—but this latest attack is an absolute goldmine.
“Protecting your clients’ data is a fundamental part of being a lawyer, so it’s difficult to see how this firm can recover from a hack of this magnitude. Whilst it is too early for a more detailed analysis, the attack vectors commonly used to initialize attacks of this magnitude are to gain access by stealing employee credentials.
“The credentials are still all too often simply user name and password. Attackers know that when a password, irrelevant of how complex the password may be, is successfully stolen, the attacker can get access to internal systems and work their way to sensitive information—and steal it all.
“The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that companies and individuals store and access online today.”
.tmb-mov69x69.jpg?sfvrsn=6e6975ed_1)
