A computer security expert from the Federal Bureau of Investigation pulled no punches at LegalTech New York on January 31. "We have hundreds of law firms that we see increasingly being targeted by hackers," Mary Galligan said.
Galligan, of the agency's New York office, is special agent in charge of cyber and special operations. "The FBI puts great importance on this issue," she said, while filling in for scheduled speaker Ray Kelly, NYPD chief, who was unable to attend the conference.
"We all understand that the cyberthreat is our next great challenge. Cyberintrusions are all over the place, they're dangerous, and they're much more sophisticated" compared to just a few years ago, Galligan said. Her office focuses on five types of behavior: crime syndicates, espionage, hacker activism, state sponsors, and terrorism.
When contacted by a law firm, FBI agents sometimes work with other government units, such as the Department of Homeland Security and the National Security Agency, Galligan explained. Together, but with the FBI leading, agents can perform technical analysis using custom-built software. One such application is BACSS — binary analysis characterization and storage system — which helps investigators determine what happened in an attack. BACSS may become unclassified in the next 6-12 months, Galligan added. "There's the stereotype out there that 'I give the FBI information, they give me nothing back'. I can assure you that's not the case in cyber," she said. "Information sharing in cyberinvestigations is probably more important than any other investigations we do."
Still, "The FBI does not tell people that we've come to your firm. We don't show up in raid jackets. I don't send out the SWAT team. We do not unplug your servers," Galligan continued. "You need to run your business. We'll tell you the impact of certain actions that we want to take."
"The more mobility you have, the more documents you're sending through the internet, the more likely you are to be the victim of a cyberattack, and that's what we're seeing at law firms," Galligan noted. Preventing a successful attack would mean banning thumb drives and disconnecting from the internet — not a likely scenario for most organizations. But having up-to-date network diagrams, physical access logs, and legal notices upon logging in are all helpful methods to prevent them, she said. Firewalls, intrusion detection systems, remote access servers, virtual private networks, and web servers all also should be logged, she added. "We have had significant successes. You don't always get to read about them, but they're out there," Galligan stated.
"The cyberthreat is too big for any of us to fight alone," she said. Meetings between FBI agents and significant law firms began in 2012 and will continue on a regular basis, she said.
Derrick Donnelly, CTO of mobile forensics company BlackBag Technologies Inc., said at LegalTech on Wednesday that there are some signs of increased security on the Apple iPhone and iPad front. Devices running Apple's latest version of the iOS mobile operating system, which is version 6, have not yet been cracked by hackers — neither by malicious hackers nor by so-called "white hat" hackers, Donnelly said. That's a double-edged sword, because it protects users but makes mobile forensics difficult, he said.
Evan Koblentz is a reporter for Law Technology News, a Legal affiliate based in New York. •
