Nearly everyone who works with computers heard about “WannaCry”, the malicious software that could spread very fast and encrypt your hard drive, a few weeks ago.  Well there are more coming.  Security researchers say a new monthly email newsletter is coming out sometime in the first half of July that will be sent to a list of hacker groups and contain previously unknown security vulnerabilities.

What is a user to do?

First, and most importantly, keep your operating system and all your programs up to date with all the patches and updates.

In the past month we’ve been reminded of the progress online criminals are making in their work. We’ve been working on two significant breaches.  Just wanted to give you a flavor of what’s going on so you can remain vigilant with your email.

Harder to Detect

Both of these attacks started with “spear phishing” attacks.  We have moved way past the Nigerian prince who has “millions of currency” to send to you if you just send him all your banking information. Oh, ya, gone, also, are the days of incorrect grammar and awkward word usage.  In both of these attacks, the attackers had specific information about the sender, the recipient, and used proper English.

Case 1: Ransomware

In this case, the recipient thought he received an email from a friend with a link to an ESPN article about the NCAA basketball tournament.  The article was real, but the page was fake and when he loaded the page the attacker dropped “ransomware” on his computer.  A day or so later a message popped up on his screen that is his hard drive was encrypted in that he had to pay ransom within 48 hours or the price would go up.  He paid and got his data back.

Ransomware Remained After the Attack

After he got his data back, we looked into it and found the email had not come from his friend even though it had his friend’s name on it and the website it sent him to was not ESPN. We also found the ransomware was still on the computer, just waiting to be used again by the attacker.

Case 2: Re-Routed Payments

In this case a vendor’s customer received an email that appeared to be from a known accounts receivable person at the vendor.  The email referenced a specific bill the customer already had for close to $150,000. The email asked them to wire the the money to the vendor’s new bank account and included the relevant information. Since the email came from a known person and referenced a real bill the customer sent the payment to the new bank account. When the real vendor called to ask about the payment it all became clear and, to no one’s surprise, the bank account the money had been wired to was empty.

In this case, the attacker got a hold of the customer’s email, found the bill, set up a website and email account one letter different than the legitimate company’s email, and sent the request to reroute the payment.

All of this is just a reminder that anyone who uses a computer is actually one of the most important parts of keeping criminals out of your business. Stay vigilant and be suspicious of anything you receive by email, especially if:

It’s about money.

It’s about something urgent, like this offer expires in 12 minutes, breaking news, or current events

it’s about something emotional, like abused animals, bullied children, etc…

Where are they getting this kind of information?  In many cases, they’re not hacking email accounts like they did a few years ago.  Lists that include you, people you communicate with, people who are your friends on social media, and your emails are highly prized by both legitimate and illegitimate businesses. And, therefore, are big money makers for social media sites.

Ever clicked “Like” on one of those, “Can get 10,000 likes for beating cancer?” Or, for losing weight? Or, for whatever Facebook posts?  Chances are good that a list including your name and your email and your friends’ names and emails, and everyone else who clicked “Like” and their friends is being collected and sold.

What can you do?

You can check to make sure that the email at least came from the right person and not some random email address.  Many desktop/laptop email programs are set up to show you the email address it came from in the address box right next to the sender’s name. If it does show it then you can usually right-click on the sender’s name to get the email address it came from. It’s not foolproof but will expose many attackers.  When the email name says it came from your friend John but the email address says it came from powereater@yahoo.com, you can be pretty sure it’s a scam.

The same thing is possible on mobile devices but how you do it is different on each phone and app.

You can, also, contact the sender and ask if they just sent you an email.

The volumes of electronically stored information are growing rapidly and constantly changing. A few years ago e-mail to a desktop computer was the new thing. Smartphones and tablets did not even exist. The clouds only brought rain.

This year access to the internet in the United States from mobile devices exceeded access to the internet from traditional desktop and laptop computers.

This all means that vast amounts of information related to your case is stored electronically. If you can’t find it, document it, and present it in a manner the court finds acceptable you may miss critical information. That’s where we come in. We can help you do that.

Computer types love jargon.  Admit it lawyers love it too.  In all fairness, people use it because it is fast and effective with the right audience.  I use it too. 

There are a couple of fundamental ways communication differs in the legal world and the computer world. First, the technology world has few, if any, governing bodies to define the meaning of words.  Words from computer professionals only have the meaning the speaker in tends. The law has courts, law school, and several hundred years of case law. 

Things change very, very fast in the computer world and the marketers want to keep up.  Two companies might have nearly identical systems but they will talk about them differently for marketing purposes. Not that long ago we had “solutions”, “enterprise solutions”,  and applications to describe a software program.  Now we have “apps”. 

To keep this post short, what do you need to know?  Even if you think you know what a computer person is saying ask lots of questions to define terms and context.  You may be surprised by what you learn.

ESI is a term defined by lawyers meaning Electronically Stored Information. It is an intentionally broad term designed to encompass any electronic information, stored anywhere, by any means, by any technology that exists now or in invented in the future that might be relevant to a case. It could be on a desktop computer, laptop, tablet, smartphone, cellphone, server, external storage device, digital camera, camcorder, “cloud” storage, web-based email service, or somewhere else. It is a term that is not used by computer professionals, but with a slight bit of explanation they will get it.  Look for my post on communicating with computer people if you want to understand this part even more. All ESI is potentially discoverable.  The best work from the legal side is being done a group known as the Sedona Conference.  They are trying very hard to figure out how electronic discover fits in to the legal world and their work is well respected.  I am no lawyer, but I see alot of articles about judges’ decisions on e-discovery and forensics where the judge or winning side cites the arguments and procedures defined by the Conference.

We get a lot of questions about security too.  Most of those questions are something like, “What should I buy to make my information more secure? While there are some things you need to have, the most important part of the answer is reading this…that means you!  Most security people will tell you that the weakest part of any security strategy whether is electronic security, personal security, building security or whatever is the people involved. So some quick pointers: 1. Use Passwords.  Computers, smartphones, tablets, and nearly any other electronic device has the ability to require a password, use it! 2. Use the automatic locking feature too.  After a certain length of time with no activity the device will lock and require the password. 3. Don’t click on linkswith out some thought.  Even if it looks like it comes from someone you know stop and think before you click.  Do the words sound like the person you received it from?  Is the email right?  This means not just the person’s name but is the email listed correct.  If you see only the person’s name, right click on it and look at the actual email address.  What time did it get sent?  Does the sender regularly send email at 3:30 am? A few years ago people’s emails and computers got hacked and the hacker would use email addresses and your email program to send you viruses from their email.  Now, with the growth of social networking (Facebook, Twitter, Instagram, etc…) it is easier to figure out who your friends are without hacking a computer and sending a fake email that has your friend’s name on it but comes from an email account that doesn’t match. 4.  Use virus protection and firewalls.  MacAfee, Norton, AVG, and hundreds of systems are available and provide a good level of security. 5. Patch everything.  Most operating systems (Windows, Apple, and Linux) can be set to automatically check for patches and updates keep your operating system up to date, most programs can be set to do so too, and most virus protect and firewall programs can set to do this too.  DO IT! If you just do these things you reduce your chance of getting a virus or having your information stolen by 90% or more.

Good question… Well…we can help with that and so can the EDRM. If you are like me you want to understand the big picture before diving in to the details.  Lost in the details can be deadly, so don’t get lost there.  Understand how each step will ultimately lead to the ending you need.   The Electronic Discovery Reference Model provides that nice overview so you can see how the process will work. This a great tool for how to conceptualize electronic discovery and its steps.  It can be a little complicated and intimidating at first, but so is dealing with potential electronic evidence.  To improve the resolution just click on the image. Basically, these are the steps necessary to:

• find the electronic files you need wherever they might exist,
• collect them,
• separate what is relevant from what is not, and
• produce the relevant filed and documents.

Like everything else, the devil is in the details.

See an EDRM graphic here

It is common.  There is so much to know about what is inside your computer, smartphone, and cloud that it is overwhelming.  That is where we come in.  We can help you in finding your way through the steps of comprehensive and defensible e-discovery strategies. We can also help you evaluate the electronic documents others produce to you.  The details really matter.

Despite all of the high-tech hacking you see on TV Shows and in the news the number one way that criminals get into your system is when employees click on links in email.

Many of those emails appear to come from friends even though your friends email may never have been hacked.   Criminals are buying lists of your friends and associates from Facebook and other social network.   They then make the email look like it came from your friend even though it really came from some other account.

While it may not be the case forever, for now, most of these criminals seem to have done very poorly in school and the easiest way to identify them is with awkward English and misspellings.  The other way to identify them is if they ask up front for you to confirm passwords or personal information.

Any time someone asks for your personal information online or passwords stop and ask yourself if you need to give it and if you are confident the site is legitimate.    If you have a question about whether or not you are on a legitimate site exit your browser and enter the email enter the web address manually.

This year criminals are using online tax filing software to try to steal tax refunds. It is happening to both federal and state returns.   Experts are saying the best defense is to file early because the IRS accepts the first return under a particular Social Security number.