The Oklahoma Bar Journal December 2022

E thics & P rofessional R esponsibility

Cyber Spies Attempt to Sway Litigation Battles and Break Into Attorney Emails By Sharon D. Nelson, John W. Simek and Michael C. Maschke R EUTERS REPORTED IN LATE JUNE THAT THOUSANDS OF EMAIL RECORDS it had uncovered showed cyber spies hacking into parties and law firms involved in law suits around the world. 1 Apparently, hired spies have become a weapon of litigants look ing for an advantage. Google’s Threat Analysis Group (TAG) describes this segment of attackers as “hack-for-hire” firms who take advantage of known security flaws to compromise accounts and exfiltrate data as a service. 2 As found in the Reuters investigation, law firms who handle high-profile or high-dollar litigation matters are particularly at risk for such attacks.

contained a link to view a “private message” from a friend. 5 Others appeared to be from news sites and contained what appeared to be links to legitimate news stories. The purpose of the emails was to allow the hackers access to the targets’ inboxes, which they would then search for private or attor ney-client privileged information. At least 75 U.S. and European companies, 36 advocacy or media groups and numerous Western business executives were targets of these hacking attempts. 6 HOW RELIABLE IS THE REUTERS REPORT? The Reuters report was based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It drew on a unique database of

more than 80,000 emails sent by the hackers to 13,000 targets over a seven-year period. 7 The data base is effectively the hackers’ hit list and shows who the cyber spies sent thousands of phishing emails to between 2013 and 2020. As surprising as it was to learn these cyber mercenaries exist, it is perhaps even more surprising to learn that this activity has been going on since at least 2013. It is alarming how this flew under the radar for so long. The data supporting the report came from two providers of email services the spies used to carry out their espionage campaigns. Why would they cooperate? It seems the providers gave Reuters access to the material after it asked about the hackers’ use of their services; they offered the sensitive data on the condition of anonymity. Reuters then vetted

WHO IN THE HECK IS SUMIT GUPTA?

Sumit Gupta is a cybersecurity expert who worked with a group of associates in India to build an underground hacking operation that became a center for private investigators who were looking to bring an advantage to clients in lawsuits. 3 In 2020, Mr. Gupta told Reuters that while he did work for private investigators, “I have not done all these attacks.” 4 However, during its investigation, Reuters identified 35 legal cases since 2013 in which hackers from India attempted to obtain docu ments from one side or another of a courtroom contest by sending them password-stealing emails. The messages often looked like innocuous communications from clients, colleagues, friends or family. For example, some emails appeared to be from Facebook and

24 | DECEMBER 2022

THE OKLAHOMA BAR JOURNAL