Sign Up for our Free Newsletter
menu
Solicitors Journal Homepage
EditorSolicitors Journal

Shedding light on the dark web

Tue Aug 22 2017News
Shedding light on the dark web

Too many companies, including law firms, don't concern themselves with the murky depths of the web. That's a mistake that can prove costly, says Adam H Bloomenstein

The dark web and online criminal activity are inexorably linked, but many organisations have little or no idea about this shadowy place on the internet. Companies have been slow to grasp the impact the dark web is having on business, leaving many exposed to potential major disruptions of their operations.

Essentially the dark web is a private part of the internet that uses encryption tools to allow users to move and conduct business anonymously. Ransomware is freely available and bitcoin is the main currency of this network of hidden websites. Of course, ransomware is a major accessory to cyber fraud, which has cost UK businesses more than £1bn in the past year, according to figures released by Get Safe Online and national fraud and cyber crime reporting centre Action Fraud.

According to Hazelwoods, a leading firm of tax advisers and chartered accountants, a jump in losses to cyber fraud suffered by UK law firms between 2015 and 2016 is associated with a sharp rise in the number of attempts by fraudsters to trick lawyers into transferring funds to them by hacking email accounts of employees and clients.

Recent global cyber attacks, such as that experienced by the NHS, have involved the use of ransomware to lock users out of their computers, where the malware typically encrypts the entire hard drive. That user is then asked to pay a ransom fee '“ usually in bitcoin '“ to have their computer networks unlocked.

Business on the dark web

There are many legitimate uses for private areas and anonymous web transactions. However, these hidden parts of the web hide all manner of illegal activity. Initially, weapons and drugs drove much of this unlawful trade. More recently, company secrets, product designs, and other critical information have made it on there. It's something law firms need to be aware of '“ and have plans for mitigating the risks.

A growing trend in dark web circles, which should have many companies concerned, is the sale of intellectual property for profit. New product designs are hugely popular, especially with nefarious manufacturers looking to release the next high-tech gadget on the market before the real manufacturer's launch date.

Computer assisted design (CAD) plans are regularly shared electronically, even with third parties brought in to help with product development. This provides more opportunities for leaks of vital information, such as from a disgruntled employee, to be shared on the dark web.

Someone buying product designs will pay via bitcoin so they cannot be traced to the transaction. However, one particular type of buyer for leaked IP may be the most surprising and ironic: the company that designed it in the first place. Companies are often willing to pay the price so that they get back what they lost and prevent an even larger financial loss. This process is the basis of ransomware schemes on the dark web. Of course, the sellers don't care who buys it, only that their price is met.

Combating hostile forces

While carefully screening potential employees will help strengthen a firm's cyber security, a holistic approach should also be taken beyond the vetting process. Firms should train their employees on basic data security protocols. Employees should be taught to update their antivirus software, not use commonly predicted passwords, not log into email accounts while on public WiFi, and be cognisant of phishing email scams that may put the firm at risk of monetary loss. Such practices may significantly decrease firms' vulnerability to cyber fraud.

It's also common that businesses will outsource some work to outside suppliers. Often, they will not have taken the time to really investigate if the supplier's security protocols are up to date and enforced. Vulnerabilities at a partner organisation put your firm at risk, too.

Audits are recommended for any supplier who will be entrusted with proprietary company information. This includes looking into their hiring practices and how they screen employees to prevent IP theft.

Other measures include a review of the supplier's security plan and protocols, an audit of the company's physical security operations, fingerprinting of key employees, and full review of the vendor's cyber security risk mitigation systems. We would also recommend monitoring of dark web activities at least 90 days prior to product launch, looking for designs/specifications for purchase, and continued monitoring at least 30 days after launch to prevent a flood of counterfeits in the marketplace.

Ignorance is no defence

Too many companies either don't know about or don't concern themselves with the dark web. That's a mistake that can prove costly. Dark web criminals are often caught because they are complacent and eventually make a mistake. However, a lot of damage can be done before then, so companies really need to commit to a plan that is dedicated to this new arena of IP theft, fraud, and extortion.

Adam H Bloomenstein is the general counsel for Pinkerton, a global provider of corporate risk management services

AdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisement
Latest News

Attorney General presents UK intervention in Ukraine case against Russia at International Court of Justice

Thu Sep 21 2023

Firms losing potential clients by failing to return their calls, research shows

Thu Sep 21 2023

Powers of attorney modernised as legislation allows CILEX Lawyers to certify LPA copies for the first time

Thu Sep 21 2023

Stark contrast between Government response to Post Office Horizon victims and Infected Blood

Wed Sep 20 2023

ACSO comments on the Justice select Committee report:

Wed Sep 20 2023

Campaigners win permission to appeal against Sizewell C Nuclear Power Station ruling

Tue Sep 19 2023

Pre-inquest review into the deaths of Reading murder victims, James Furlong, Dr David Wails and Joseph Ritchie-Bennett

Mon Sep 18 2023

Feedback launches legal challenge to decision not to require food waste reporting

Fri Sep 15 2023

Failed whiplash reforms have created a ‘clear justice gap’

Thu Sep 14 2023
FeaturedThe Chancery Lane Project expands to the USA
The Chancery Lane Project expands to the USA
NewsThu Sep 21 2023
The Chancery Lane Project expands to the USA

Climate clauses that deliver legally enforceable decarbonization through contracts are now available copyright-free for attorneys, corporations, and stakeholders.

Lessons in leadership from the front line
Lessons in leadership from the front line
InternationalThu Sep 21 2023
Lessons in leadership from the front line

Leadership lessons for lawyers emphasise confronting challenges, but have faced the trials Dmytro Aleshko has encountered since February 2022.

Birdnesting and mortgages in divorce
Birdnesting and mortgages in divorce
Practice NotesThu Sep 21 2023
Birdnesting and mortgages in divorce

Joanna Newton observes how rising mortgage rates intensify property disputes in UK divorce cases.

Delay in Final Report of the Infected Blood InquirySJ Interview: Chris Benson
SJ Interview: Chris Benson
SJ InterviewFri Sep 01 2023
SJ Interview: Chris Benson

Chris Benson is managing partner of Leigh Day. He talks to Solicitors Journal about building the firm, negative stories in the press and the firm's collective action against UK water companies.

Whose human rights are more important, yours or mine?
Whose human rights are more important, yours or mine?
ForewordFri Sep 08 2023
Whose human rights are more important, yours or mine?

Under the law, should your right to express your opinion – be it on politics, the environment, abortion, or anything else – trump my right to go about my business unhindered, whether or not I happen to agree with your opinion?