Tag Archives: cybercrime

The dark web and the law

In our previous article, we gave a general introduction to the dark web. In this article, we analyse the relationship between the dark web and the law. The first question we answer is, ‘Is using the dark web legal?’. Next, we have a look at lawyers on the dark web. Then, we focus on the different efforts to fight crime on the dark web. Finally, we look at the need for dark web lawyers.

Is using the dark web legal?

With all the criminal activity taking place on the dark web, one could wonder whether it is even legal to access the dark web. The short answer is that accessing the dark web is perfectly legal in most countries. In more than 130 countries, the right to privacy is a constitutional right. And browsing the dark web to maintain anonymity is one way of exercising that right. In our previous article, we also pointed to the many positive uses there are for the dark web.

But there are some caveats. While access to the dark web may be legal, what you do on there is what counts. Your actions on the dark web must respect the laws of the country you are in. If you buy contraband or pirated goods on a black market, e.g., that is illegal. Also keep in mind that accessing the dark web is not legal everywhere. There are several countries where access to the Internet is restricted and accessing the dark web in those countries may very well be criminalized. Using a VPN or the TOR network typically is illegal as well in those countries. They include, but are not limited to China, Russia, Iran, Saudi Arabia, and Venezuela. If you are visiting those countries, using TOR or a VPN is illegal.

Lawyers on the dark web

There are several legitimate reasons for lawyers too to use the dark web. Because all information is encrypted, using the Tor browser and the dark web can be a safe way for lawyers and their clients to communicate. As such, it helps protect client and attorney information.

Another legitimate reason to use the dark web is to conduct legal research. The dark web can be useful in the discovery process to collect evidence. Lawyers can communicate anonymously with whistleblowers, including corporate ones. Or they can build a case against infringements of intellectual property, of which there are plenty on the dark web. Human rights lawyers often need the anonymity of the dark web to communicate about and to collect evidence of human rights violations. Lawyers can also ask other lawyers for anonymous advice.

Another area where law firms may use the dark web is to test and enhance their cybersecurity.

Finally, when you, as a lawyer, access the dark web, make sure you abide by your code of ethics. If something is not allowed on the surface web, it also will not be allowed on the dark web.

Efforts to fight crime on the dark web

The dark web provides anonymity, and many transactions are paid for with untraceable cybercurrencies. The combination of both – anonymity and untraceable payments – make the dark irresistible to criminals. Any type of crime with covert transactions can be committed on the dark web. These include murder for hire, blackmail and extortion, illegal sales of drugs and arms, sex trafficking, terrorism, child pornography, etc.

The abovementioned combination of anonymizing technologies and the use of cryptocurrencies to hide transactions also poses serious challenges for law enforcement. The transactions are hidden by design. Law enforcement agencies may therefore very well be unaware of their existence. Gathering evidence that would stand in court poses additional challenges.

So, how does one fight crime on the dark web? Several techniques have been used. A common and successful strategy is to go undercover online. In cases where no cryptocurrencies are used, following the money also has been successfully used. And while transactions may be hidden, any goods that are being traded must be shipped. Monitoring shipping procedures therefore is another useful strategy. Finally, using sophisticated technology and hacking techniques has also been successful. Often, this is done in combination with a so-called honeypot trap, where law enforcement agencies set up a dark web site that pretends to be involved in illicit activities. The moment visitors access the trap website, tools are used to undo the anonymity of the visitors. If they commit a crime or conspire to commit a crime, they can be identified.

The article on the US National Institute of Justice, listed below, provides a summary of a 2017 Report on “Identifying Law Enforcement Needs for Conducting Criminal Investigations Involving Evidence on the Dark Web”. The report identified 40 problems or opportunities, and 46 potential solutions. It also gave a series of high-level recommendations for law enforcement agencies on training, information sharing, new structures for cooperation, new laws for package inspection, and research on crime connections.

The need for dark web lawyers

By now, it has become clear that there is a growing need for lawyers who are familiar with the dark web. The ever-increasing number of cybercrime incidents that originate from the dark web (hacking, data leaks, extortion, malware, ransomware, …) is testimony to that. Another bonus is that if your law firm is familiar with the dark web, that will give you a competitive advantage.

Most cases where there is a need for a dark web lawyer are criminal cases. But that is not necessarily the case. There are developers and lawyers who are offering perfectly legal services. And there are legal markets, too. (Though they are by far outnumbered by the black marketplaces, where “caveat emptor” is even more applicable than usual). In all of these, issues may arise where the services of lawyers are needed. We also mentioned before that there are cases where lawyers may need to rely on the dark web to collect evidence like witness testimony or tipoffs, etc.

Still, at present most cases involving the dark web where lawyers are needed are criminal cases. Your client may be the victim or the perpetrator. Victims of hacking, data breaches and data leaks, ransomware attacks, etc. need the assistance of lawyers as well as of cybersecurity experts. Sometimes, these victims may face additional problems. These days, companies and organizations who fall victim to data leaks, e.g., may face substantial fines because information about their clients has been leaked. In all those cases, the assistance of a dark web lawyer is recommended.

Your client may also be the suspect of crimes committed on the dark web. Lawyers defending suspects of dark web cybercrimes often face additional obstacles. One of those is that de facto the assumption of innocence is undermined when it comes to dark web crimes. Prosecutors as well as jury members see the dark web as a place where crime thrives and just being on the dark web may come across as suspicious. Getting a fair trial often becomes an extra challenge.

 

Sources:

 

Legal Technology Trends for 2017

It is common, at the beginning of the year, to ponder upon what the year ahead will bring. Several experts have published their predictions for trends we can expect in legal technology, in 2017. So, what are they saying? Generally speaking, they expect lawyers to become more mobile, more collaborative (using the cloud do to do), and more responsive (using social media to engage with clients and potential clients). 2017 is also expected to see a rise in the usage of AI (Artificial Intelligence), and to be the year that E-Discovery goes mainstream. Cybercrime & Cyberwarfare, too, will remain in the news.

Let’s have a closer look at these items.

More Mobile

In 2016, for the first time worldwide, we saw more mobile devices being used online than desktops. This trend is expected to continue. More lawyers will start using mobile apps. They also will start accommodating their mobile clients – and potential clients – more. (We recently published two articles on the subject, where you can find more information).

Cloud

2017 will see a further increase in cloud usage. The could will play an increasingly important role in collaboration between lawyers. Bigger law firms are expected to start using big data analytics. The cloud will also play a significant role in the further development of AI and E-Discovery (see below).

Cybersecurity

Cybercrime will continue to rise, and will continue to become more and more sophisticated. AI will increasingly be used in cyber-protection, as well as in attacks. Experts also expect an increase in cyberwarfare.

Social Media – Business Social

More lawyers will start embracing social media, and as a result they will become more responsive, i.e. engage more with clients and potential clients. More specifically, for lawyers, an increase is expected in the usage of professional or business social media. Some experts foresee an important role for new players (service providers) on this market.

AI

In 2017, AI will continue its rise, and become more omnipresent. The main focus of artificial intelligence in legal tech will remain on Machine Learning. More specifically, AI will continue to push legal technology in the fields of Legal Research (with, e.g., virtual Legal Research assistants), Contract Review, Security, and E-Discovery (see further). One expert also expects AI to be introduced in legal practice management, as well as legal project management, which, in turn could lead to significant advances being made in those fields.

E-Discovery

Last, but not least, 2017 is the year E-discovery is expected to go mainstream. E-Discovery, also spelled eDiscovery, stands for electronic discovery. It refers to the discovery of relevant information in legal proceedings – such as litigation, government investigations, or Freedom of Information Act requests – where the information that is being analyzed is stored in an electronic format. Think, e.g., about the recent example of the FBI analyzing tens of thousands of emails that were leaked by WikiLeaks, in just four days. As more and more information is being stored electronically, E-Discovery is becoming more and more important. In 2017, it is expected to go mainstream.

Experts predict the following trends for E-Discovery in 2017:

  • The increase in social media usage implies that E-Discovery will have to be able to incorporate the analysis of social media information as well.
  • The Internet of Things will also have a serious impact on E-Discovery, as it will have to learn to process the data that are produced by billions of devices. In the US, e.g., there is a murder case where Amazon is asked to give access to the data one of its digital Echo devices (virtual assistants) may have recorded as evidence.
  • Because of these two developments (social media & Internet of Things), data privacy is becoming more important than ever.
  • Machine Learning is expected to become the most important technology for E-Discovery.
  • Cross-border compliance will continue shaping E-Discovery: multinationals, e.g., must comply with laws in several countries. This has implications on what can be stored where, which in turn has its effects on E-Discovery.

 

Sources

Cyberattacks: are you prepared?

It shouldn’t come as a surprise that in an online world, cybercrime is on the rise. Not a week goes by without some cybercrime event in the headlines. So, we thought it would be a good idea to have some articles on cybersecurity. In this article, we will focus on cyberattacks, and more specifically on security breaches. Criminal security breaches typically happen for one of two purposes: hackers break into your system to either steal (and sell) your data, or to hold them for ransom by encrypting them with keys only they have.

Lawyers are not exempt from this risk, on the contrary. Because of all the sensitive data they store, law firms are appealing targets for hackers. A survey in the US taught that 80% of law firms have already been hacked at some stage. (The reporter writing the article suggested that the other 20% was either unaware, or lying about it).

Lawyers keep a lot of sensitive information on their clients. Because of the attorney-client privilege, they have an obligation to secure and protect that privileged information and data breaches erode the foundation of that attorney-client privilege. Data breaches can lead to fines, to law suits for malpractice and/or other damages, and to a loss of clientele. It is therefore important to take appropriate measures.

Now, typically, storing your information in the cloud is considered more secure and cheaper, as a) the hosting company will have all the know-how in-house, and b) the cost of security is shared, as it is spread over the different customers. But one must keep in mind that with a cloud solution, because it is always accessible, from anywhere, by anyone, at any time, that each additional user and each additional device increase the risk of a data breach. Most security breaches in the cloud are due, not to poor security on the host’s side, but to insecure devices or insecure behaviour by the users.

A recent example comes to mind. A firm in the US asked a security expert to test their security. It took him only 20 minutes to gain access to their data, with administrator privileges. How did he do it? He first looked for staff members on professional social media. Then he checked whether any of their accounts on social media or with other online service providers had ever been hacked. (You may remember the Yahoo or LinkedIn hacks, e.g., where data of millions of users were put online). Within minutes he found that an account of an administrator had been hacked, and that his login credentials were available online. When he tried to use the same credentials (user-id and password) to gain access to the law firm’s data, his attempt was successful. The weak link in the otherwise fairly secure setup was that a user was still using a password he had used before in an online account that had been hacked.

One of the most common cause of data breaches is the use of insecure devices. Laptops, tablets and phones are prime targets for thieves. Yet, many lawyers still store unencrypted client data on a laptop or on a mobile device.

So, is your firm secure? What can you do to increase security? Here are some suggestions:

  • Install intrusion detection and prevention systems, and enterprise-grade firewalls, not just on your servers but also on desktops and laptops. After all, gaining access to one device is enough to gain access to the information.
  • Enable encryption on all devices, including on mobile devices like phones, tablets and laptops.
  • Encryption should also be used for all communications between the devices.
  • Separate professional and private accounts. Don’t keep client data, e.g., on a private email account.
  • Only use secure servers. Can your server limit access to your data from everyone but yourself?
  • Continuously back up your data to secure servers. You may also consider using a trusted third-party to keep backups of your data.
  • Finally, make sure you have a response team in case of a breach, and enable a data loss / theft protocol, so everybody knows what steps must be taken when and by whom.

 

Sources