Why do Hackers Target Law Firms? – Here’s an Example
Over the years I think many firms have started to understand that and taken steps to improve their own security posture.
And then along comes a story like this.
Over the years I think many firms have started to understand that and taken steps to improve their own security posture.
And then along comes a story like this.
Imagine, if you will an identity thief caught in the act by law enforcement. As part of the evidence collection, they find a mobile device with a whole bunch of stolen credit cards, driver’s licenses, and other data that was in the process of being used by said thief, to steal the identities of dozens of people.
That evidence sits in the property room until such a time as the law says it’s safe for the law enforcement agency to get rid of it, at which time the device is put up for auction.
You would think that before auctioning off these devices with illegally-gotten and dangerous information on them, the various agencies would have wiped them clean, no?
According to the University of Maryland, you’d be completely wrong.
Proving your identity and your age eliminates the ability for anyone to remain anonymous. You might argue that is a good thing, but I’ll take the opposite side. There are plenty of reasons for someone to remain anonymous online, and why we’d be worse off eliminating that. Whistleblowers, political dissidents of fascist governments, victims of childhood and spousal abuse, people dealing with mental health issues, women, the LGBTQ community, and many others have legitimate reasons to fear being identified. Do we want to eliminate them all from the public space?
I think we all knew this would happen, right? Thousands scammed by AI voices mimicking loved ones in emergencies. The description of what happened: “Tech advancements seemingly make it easier to prey on people’s worst fears and spook victims who told the Post they felt “visceral horror” hearing what sounded like direct pleas from friends…
Of course, when we create new laws or tools, we focus on the problem in front of us. Whether that be, in this case, trying to enforce an age restriction or requiring identity verification in some odd attempt at making it more difficult for people to engage in anonymous speech, we too often forget the details of how that would work exactly.
I’ve written before about the IT people in your company who probably know more about you than you might think. This now extends to taking your personal devices to a repair shop. You should assume someone might be surfing through your data while working on your computer, and you should decide if you are OK with that or if the physical destruction of the device after being replaced is the safer option.
See a sample before subscribing here