November 2011 #2. Don't Get Speared in the Cyber War.

Authorby Thomas D. Farrell

Hawaii Bar Journal


November 2011 #2.

Don't Get Speared in the Cyber War

Hawaii State Bar JournalNovember 2011Don't Get Speared in the Cyber Warby Thomas D. FarrellAs if running a law practice in the 21st century isn't complicated enough, here's something new to worry about: spear phishing.

It starts with an email like the one I received the other day from a former client, whom I'll call "Chrissy." I handled her divorce a couple of years ago. The subject line: "Re2." The message: "Are you looking for good drugs? .."

Of course, this email really isn't from Chrissy. Her computer is obviously infected, and some attacker is sending this email to everyone in her address book. She doesn't even know it, but she's been speared.

Welcome to "spear phishing." The object of the exercise is to get the recipient to click on the link. As soon as the recipient does so, malware will be downloaded to the victim's computer allowing the attacker to access and export any data there, as well as to hijack the victim's computer and use it to do things that the attacker wants to do. The victim doesn't even know until it's too late. What can happen? Sending out a similar e-mail to everyone in the victim's address book is but one example. Playing with the victim's pay-pal account or credit card terminal is another. Looking through client files for confidential, proprietary or sensitive financial information is yet another.

Spear phishing is a common weapon in a cyber war that's been going on for some years now, mostly unnoticed by the public and under-reported by the media (for a notable exception, see, "Enter the Cyber Dragon" in September's Vanity Fair). Some of it is just hackers who do this for criminal or commercial gain, but there is also a very serious and organized attempt by the Chinese government to conduct cyber reconnaissance and data theft. Among the victims: former Defense Secretary Robert Gates, Lockheed-Martin Corporation, and the Los Angeles law firm King and Spaulding. If these big players can be compromised, law firms in Hawaii can be (and probably have been already). Spear phishing has no rules ; little phish as well as big ones get speared.

According to the FBI, spear phish-ers target groups of people with something in common-they work at the same company, bank at the same...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT