Throwback Thursday is definitely a thing all over the World Wide Web it seems, but maybe Tech Tuesday ought to be a thing? Though, I guess, for lawyers focusing on technology has to be an every day affair.
Like multitudes of others, I wrote a little bit recently about the Panama Papers and the Mossack Fonseca data breach fiasco. Fortune now has an article online about a Wired U.K. story that casts a harsh light on the electronic security measures that the Panamanian firm had in place. Blurbs like these
Mosseck Fonseca’s client portal, according to Wired, runs on a version of Drupal last updated in 2013, and vulnerable to an array of attacks, including one that would allow attackers to execute commands on the site. Another weakness allows access to the site’s back end just by guessing the right web address.
Just as bad is the firm’s webmail portal, which runs Microsoft Outlook Web Access, and hasn’t been updated since 2009. The firm also did not encrypt its emails. As one expert speaking to Wired put it, “They seem to have been caught in a time warp.”
sound very bad when you are talking about a firm that trafficked almost exclusively in “highly sensitive financial information.” I suspect though that there are lots of other lawyers out there that are hopeful that their technology arrangements will never be subjected to even half as much scrutiny.
One lawyer who is in the middle of a highly public examination of their choices in technology is the lawyer at the heart of this story yesterday. The lawyer has been sued by her former clients over a theft from them of $1.9 million resulting from hacking of the lawyer’s email account. The couple had hired the attorney to represent them in the purchase of a nearly $20 million co-op apartment. Luckily, it appears that the clients figured out what was going on even before the lawyer did and were able to recover almost all of the $1.9 million that was to be the down payment but was wired to the fraudsters. The lawyer — and you ought to brace yourself here (though I admittedly know lawyers who still use this service) — was using an AOL email account for her real estate law practice.
The lawsuit contends that AOL accounts are particularly vulnerable to hacking and that the hacking was what let the cybercriminals know when certain transactions were going to take place, but as the article makes clear there were other opportunities for the lawyer to realize something was amiss:
It accuses Doran of forwarding bogus emails from the hackers — who were impersonating the seller of the apartment’s attorney — about payments from the Millards without confirming their authenticity last December. The name of the seller’s attorney was misspelled in the email which should have been a tip off that something was amiss.
Finally, the usually on-point Karen Rubin has a well-done post over at The Law For Lawyers Today about a relatively fortunate Oklahoma lawyer who managed to avoid full reciprocal discipline over his inability to figure out how to e-file in bankruptcy court.
The Oklahoma lawyer was permanently suspended by the Western District of Oklahoma bankruptcy court from ever practicing before it again, but the Oklahoma Supreme Court hit him only with a public censure. Given the current rhetoric surrounding the practice of law and the demands everyone appears to assume lawyers absolutely must satisfy when it comes to using technology, it is pretty startling to read a state supreme court, in that case Oklahoma’s, issue an opinion in a lawyer discipline case that can be read to seem to minimize the obligation to be technologically competent. But, in fairness, unless the Oklahoma Supreme Court was going to be willing to disbar the lawyer in question — which would seem supremely harsh — then any discipline imposed through reciprocal channels was going to be less than that meted out by the federal bankruptcy court and a public censure sounds about right to me.