July Cyber update from the Office of Rob Kleeger
Jul 20, 2022 6:42 pm
I hope this email finds you and your loved ones safe, secure, and healthy. More importantly, you are enjoying the summer, traveling, and enjoying some normal outdoor activities.
All the best,
Words of Wisdom:
"If you really look closely, most overnight successes took a long time.”
- Steve Jobs
CURRENT DATA SECURITY NEWS:
LinkedIn hacked again — personal info of 756 million users leaked
LinkedIn has suffered its second massive data leak of the year, with over 90% of its users affected. Back in February, it was reported that 500 million LinkedIn users had their data leaked by hackers online. The initial leak was part of a massive breach that covered several platforms, including Netflix.
The latest leaks exposed the data of 756 million LinkedIn users and compromised the security of their accounts. The hackers are now selling the data, including phone numbers, personal information, email addresses, company details, names, and possibly more info yet to be revealed.
Disneyland social media accounts hacked, offensive messages posted
Even the Magic Kingdom isn't immune from hackers. Millions of followers of Disneyland's Facebook and Instagram accounts were greeted by a series of offensive messages posted by a hacker. The hacker, who identified themselves as a "super hacker" called "David Do", used racist and other offensive language in a series of unauthorised posts, claiming that he was seeking revenge on the Disneyland resort after being allegedly insulted by staff. Whatever the explanation for the hack, damage had been done to the company's online image.
Marriott Plays Down 20GB Data Breach
Cybersecurity at Marriott International is under scrutiny once again this week after hackers reportedly stole 20GB of data from one of its hotels in the US.
The hotel giant claimed that a threat actor managed to socially engineer an “associate” at the BWI Airport Marriott in Baltimore, Maryland, enabling them to exfiltrate data from that individual’s computer. The group added that this was an isolated incident, contained within a few hours, and that it had “no evidence that the threat actor had access beyond the files that were accessible to this one associate,” according to DataBreaches.net.
Aon Hack Exposed Sensitive Information of 146,000 Customers
The company reported that its systems were breached at varying times between December 29 2020 and February 26 2022. Aon disclosed the security breach in February, when it was discovered, to the Securities and Exchange Commission. More details of the attack were announced in late May, when Aon notified affected individuals that their personally identifiable information stored on Aon servers was accessed.
Aon faces at least two lawsuits from plaintiffs as a result of the data breach. Two complaints seeking class-action status were filed in Chicago in recent days.
How a fake job offer took down the world’s most popular crypto game
The $540 million hack in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn.
According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF.
CURRENT LEGAL CASE UPDATES:
Lawyer is disbarred after trying to run his law practice from jail
The Oklahoma Supreme Court has disbarred a lawyer who continued practicing law from jail after his conviction for shooting and injuring a man outside an Oklahoma City nightclub. Silvernail was convicted of assault and battery with a deadly weapon in October 2019, the Oklahoman reported at the time.
Silvernail had tried to continue his law practice while he was in the county jail awaiting sentencing for the May 2016 shooting of Ryan Dejesus, who lost most of his right leg as a result of the gunshot wound. Silvernail “was more interested in cash flow than client care,” the state supreme court said. And his decision to bring a loaded gun into a verbal dispute with Dejesus “gives us grave concerns about his fitness to practice law,” the Oklahoma Supreme Court added. “The obstacles to effective representation from a jail cell should be obvious,” the state supreme court said.
“As an inmate, Silvernail was unable to confer with clients confidentially. He was unable to communicate freely with prosecutors or other opposing counsel about his clients’ cases. He was obviously unable to appear in court on his clients’ behalf. His ability to access legal resources, a computer or even his own clients’ files was hampered, to say the least. Finally, practicing law from a jail cell arguably gives the appearance of impropriety. These conditions would have prompted a reasonable attorney to take a different tack.”
The state supreme court said Silverman gave “new meaning to the term ‘jailhouse lawyer.’
A former Jones Day partner has admitted telling his client to "burn" evidence, but claims he only did it to to protect his wife. Raymond McKeeve gave the instruction in the course of advising Today Development Partners, a grocery business set up by Ocado co-founder Jonathan Faiman.
Ocado sued Faiman and another of its former employees, Jon Hillary, for allegedly misappropriating confidential information to benefit TDP, and the online grocers obtained a search order against the pair.
In an affidavit presented to the court, McKeeve said, "My gut reaction was to try to protect Belinda and my sole concern was to avoid having my wife dragged through a potentially embarrassing high-profile investigation where her name had been used without her consent". McKeeve, who was Jones Day's leading private equity lawyer in London before he left the US firm in 2020, told the High Court he "panicked" when Ocado demanded access to messages exchanged between McKeeve, Faiman and Hillary on the secure messaging app used by TPD, and instructed the company's IT manager to "burn" it.
CYBER SECURITY TIPS OF THE MONTH:
Become a Cyber Liar
As a parent and a child, I was always told and agree with the one thing I really don’t like, it’s a liar... until Now.
I think it's reasonable and acceptable to lie related to those security questions sites ask you to answer as an identification method, in the event you need to reset a forgotten password. Instead of being honest about your mother’s maiden name, your place of birth, where you went to school or what you called your first pet, lie like a politician at election time.
Of course, remembering these lies is harder than remembering the truth, and as with passwords, it’s best to avoid reusing the same ones for every site. Instead, use a password manager app, as they have a secure notes entry for every login.
Did you know that Digital4nx Group was recognized by Enterprise Security as one of the top ten digital forensics companies in 2022.
If you are an attorney who litigates, know one, or are a responsible business executive that's ass is on the line if a data breach occurs, I would love to have a call or introduction!
Please share the above information with those people or arrange an introduction. Look forward to seeing you in the flesh!
DON'T FORGET ABOUT US:
Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training