Close Menu
X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The previous column in this series— The Four Horsemen of the Apocalypse, Class of 2011: The Cloud—discussed cloud computing and what it means to corporate counsel. This column looks at the second of the Horsemen: recreational hacking. It’s also known by other more euphemistic names— hacktivism, electronic civil disobedience, and leaderless resistance. There’s even been a celebrity’s name appropriated to describe the phenomenon— The Streisand Effect—named in “honor” of Barbra Streisand following her 2003 attempt to suppress online photographs of her residence, only to find that it resulted in even more online exposure when the Internet community saw to it that the photographs went viral. What is recreational hacking? Ever since computers first stored data, digital burglars have hacked into systems to steal commercially valuable data that they then sell to the highest bidder or use for identity theft. Whole industries have emerged to protect data from such threats. So with all this protective innovation, why do we read more about hackers than ever before? Every day there are stories of attacks. (And if you have any doubts about that, subscribe to Westlaw Watch’s Social Media and Cybercrime Reports for a daily eye-opener.) But there is something more sinister lurking in the hacking ecosphere that corporate counsel need to understand and address. Hacking is no longer just for purposes of data thievery or identity theft. It’s now a popular form of online recreation. One of the most alarming trends is hacking for the simple purpose of shutting down corporate sites not for pecuniary gain, but because of ideological or otherwise selfish views, particularly when social media sites like Twitter and Facebook can marshal the support of millions of like-minded hackers in nanoseconds. It all makes it virtually impossible to detect an attack until it is well underway, if not successfully completed. This makes preparation for crisis management before any attacks are made a priority, rather than an “after-the-fact” effort employed by many companies today. A proactive rather than reactive approach is a mandate for corporate counsel. Nor is this crisis-management team comprised of the same members traditionally turned to in the past. While legal and public relations are certainly at the table, today the team needs to include highly trained technology experts. And not just typical IT mavens—they’re important, but they’re not enough. Today, the team needs to include an IT warrior, someone who knows how to go on the attack and use the same sites and methods used by hackers in order to fight them. The IT warrior needs to know how to attack online and offline. Remember, the most important thing to a hacker is anonymity, and a well-timed phone call to their job or residence rains a very cold shower on their personal convictions or vendetta. So is outing their identity on the same sites they use to recruit supporters. There are any number of such consultants that can perform this work, many of them made up of former military intelligence operatives. (Check out Centurion Intelligence Partners, Inc. for one of the best.) It’s no joke. What’s next for corporate counsel to consider—covert operations to rid cyberspace of hacking terrorists? Come to think of it, that’s probably happening right now, given reports that China and North Korea are hacking into just about every “enemy” state systems they can find, in search of data and programming that can give them a competitive or political advantage. It should not have gone unnoticed by anyone that in May 2011, the Pentagon put hacking on the official list of acts of war, allowing the use of military force to counteract it. Imagine that. Conventional weapons vs. viral militia. If I were a betting man, I’d put my money on the militia. Back to the crisis team. The team also needs an “ethical hacker”—someone who knows all the tricks of the trade (wonder how they learned that. . .) and consults with companies on how to prevent and defend against hacker attacks—first through what’s generally known as a penetration test (ouch!) and then through ongoing monitoring. They can also assist the IT warrior in tracking down the hackers. A company may even want to consider an ethical hacker that has been certified by the International Council of E-Commerce Consultants. That’s right. There is a certification program for hackers. The final member of the team needs to be the company’s government-affairs expert: A lobbyist. Because it’s highly likely that any attack that becomes public—and virtually all of them do—may be followed by a Congressional hearing to determine what went wrong (adding more headaches to the class action lawsuits that will most assuredly follow any hacking attack as well). Not that Congress will come up with anything to help, but we all know how much they love to have hearings. No company is immune. According to a June 2011 survey by the Ponemon Institute, 90 percent of 583 companies polled reported that they suffered a security breach by hackers at least once in the past year. Companies like Citigroup, Nintendo, Google, PBS, Lockheed, Fox Broadcasting, and Sony Online Entertainment have been hit. Hackers even like to brand themselves, proud of their successes. Three of the most notorious are Aurora, Anonymous, and LulzSec. There is even an online newspaper— The Hacker News—devoted to keeping everyone (including hackers) up to date on the hacking news of the day. Today, it’s not a matter of if a company will be victimized by a hacker. As the infatuation with recreational hacking grows and the market value of data—sold or interrupted— skyrockets, corporate counsel need to recognize that it’s a matter of when, and their companies must prepare now for the worst. Here are some steps corporate counsel can take: 1. Check the company’s security systems. Chances are, they’re not state of the art. Considering the potential damage a successful hacker attack can cause, only the best system will do. 2. Retain an ethical hacker, and perform a penetration test. 3. Assemble a crisis-management team that includes your legal, public relations, and government-affairs departments, along with an IT warrior. Hold simulations. 4. Audit the company’s data security policies. Consider strong language addressed to employees and site visitors that there is NO expectation of privacy, and that despite every effort the company makes, data may be breached. Even consider disclaiming liability should a breach occur. That may not get a company off the hook, but it’s at least something to hang onto in a defense rather than hanging the company. We’ve now covered two of the Four Horsemen of the Apocalypse, Class of 2011: the Cloud and Recreational Hacking. Next we’ll take a look at Horseman number three: IP v.6, the new operating protocol for the Internet. It’s here. And while it may make the Internet more stable, it’s a source of nightmares for corporate counsel. From there, we’ll conclude the series with a final column on Horseman number four: the possible arrival in 2012 of hundreds of new top level domains( the word to the right of the dot, e.g., “.com” in “reedsmith.com.”) Now that is a real nightmare! Douglas Wood is a partner in the New York office of of Reed Smith LLP. He specializes in media and entertainment law and is editor of Network Interference—a Legal Guide to the Commercial Risks and Rewards of the Social Media Phenomenon, a White Paper on how social media globally impacts every level of business. The White Paper is available here . Mr. Wood can be reached at [email protected] or through LinkedIn, Facebook, or Twitter.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.

More From ALM

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

Legalweek(year) 2021

February 02, 2021 - July 14, 2021
Virtual

Legalweek(year) will bring together thousands of legal professionals for a series of 5 innovative virtual legal events.


Register

General Counsel Conference Midwest: SuperConference 2021

July 26, 2021 - July 27, 2021
Chicago, IL

GCC Midwest addresses today's legal issues facing companies by providing general counsel with insight and best practices.


Register

General Counsel Summit (GCS) 2021

September 07, 2021 - September 08, 2021
Sydney

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.


Register

REAL ESTATE ASSOCIATE - STAMFORD OFFICE

Stamford, Connecticut, United States

Shipman & Goodwin LLP is seeking an associate to join our real estate practice in Stamford. Candidates should have four to six years of ...


Apply Now ›

FINANCE / CORPORATE TRUST ATTORNEY - REMOTE, DC, HARTFORD OR STAMFORD

Washington D.C., District of Columbia, United States

We are seeking an attorney with a minimum of five years of experience in transactional work to join our well-established, nationally renowne...


Apply Now ›

TECHNOLOGY TRANSACTIONS ASSOCIATES

Boston, Massachusetts, United States

We work with major law firms, branch offices, boutique practices and regional and local law firms that are always interested in adding well ...


Apply Now ›

KOLSBY GORDON

05/04/2021
TLI Web

Kolsby, Gordon, Robin & Shore, P.C. Announce with great sadness the loss of our beloved founding partner, a renowned trial lawyer, community leader and distinguished professor.


View Announcement ›

COHEN CLAIR LANS GREIFER THORPE & ROTTENSTREICH LLP

05/03/2021
NYLJ Web

Cohen Clair Lans Greifer Thorpe & Rottenstreich adds Westchester Office


View Announcement ›

SHAPIRO CROLAND

05/03/2021
NJLJ Web

Attorneys at Law Take Pleasure in Announcing that GLENN R. REISER AND ERIC D. REISER HAVE JOINED THE FIRM Glenn concentrates his practice in Bankruptcy & Creditors Rights, Commercial Litigation, Foreclosure


View Announcement ›

Subscribe to Corporate Counsel

Don't miss the crucial news and insights you need to make informed legal decisions. Join Corporate Counsel now!

Unlimited access to Corporate Counsel
Access to additional free ALM publications
1 free article* across the ALM subscription network every 30 days
Exclusive discounts on ALM events and publications
Join Corporate Counsel

Already have an account? Sign In