THE LAWYERS WEEKLY
June 24, 2011 | 27
OF TECH TERMS
Continued From Page 22
viruses or complex software
programs designed to damage
or do other unwanted actions
on a computer system.
spy•ware: Sends information
back to the crooks immediately or
lies dormant for months.
spoof•ing: The sending of
legitimate-looking but fake
emails. The email imitates someone else’s identity or fakes a
legitimate address while covering
its tracks, all with the intent to
harm or deliver malware or spy-ware when opened.
har•ves•ting: The collecting
of information such as contents of
address books or of specific folders. The information is transmitted
to the perpetrators and sold for
profit to a third party, used in
“insider” or competitive information, or used to bribe the information owners for its return.
set up to attract cyber crooks
because they find them irresistable. When crooks steal the hon-eypot, forensic IT tools analyze the
crooks’ tracks and methods and
clues to their geographic location
and likely identities.
im•ag•ing: The copying of a
hard drive using special forensic
information technology software
and hardware to preserve evidence of malfeasance or intrusion.
Writing hidden messages in such a
way that no one, apart from the
sender and intended recipient, suspects the existence of the message.
steg•a•nal•y•sis: The art
and science of detecting messages hidden using steganography.
anti-fo•ren•sics: The purposeful hiding of the means of
electronic break-in to make it hard
for forensic investigators to find
criminals and impossible for them
to prove they found the specific
criminals who perpetrated a specific breach or crime. Methods
include data corruption, data
obfuscation, data hiding (such as
steganography or encryption), evidence wiping, file packers or
“wrappers,” and advanced or
met•a•da•ta: Literally “data
about the data.” Certain types of
metadata describe the characteristics of electronically stored information such as how, when, and by
whom it was collected, created,
accessed, modified and how it is
formatted. Some metadata —
such as file dates and sizes — can
easily be seen by users. Others can
be hidden or embedded and remain
unavailable to computer users who
are not technically adept.
“Only on a government level can
someone go to that length of
“There was some evidence
that two of them for sure led to
China,” he said. But, he cautioned, attacks could also be
originating in places such as
Russia, Lithuania, Estonia or
“The Russians cover their
tracks by making it look like it’s
coming from China,” he said.
“Have a scapegoat.”
What’s more, he said, it was
only because people spotted
something odd going on that
the intrusions were suspected
and forensic teams brought in.
“Another day or two and it
would have been completely
clear,” he said. “This was com-
pletely unbelievable to see.”
Tobok likens the breached
systems to crime scenes.
“In cyber crimes there’s no
smoke, there’s no alarms, there’s
nothing blowing up,” he said.
And, he said, without denigrating the work in-house
information technology (IT)
teams do, they generally aren’t
much help in such cases. More
often that not, he said they can
foul the crime scenes as they
attempt to fix the problem
without the technical knowledge to do so.
“They have a false sense of
security,” he said, adding firms
are generally not prepared for
“We can see they’re thinking
about it but I don’t know how
fast they’re moving,” he said.
Further, Tobok cautions, the
level of naiveté around cyber
attacks stretches from senior
partners to IT departments.
What’s required is third-party security with regular system audits as part of a proactive security approach.
“You need a fresh pair of
eyes,” he said.
Moreover, there needs to be
policy around systems use and
education of users, he said.
Digital Wyzdom uses a five-
pronged method in its work:
In the discovery phase, it
searches various “whois” data-
bases, scan tools, etc., to gather
information about the target
organization. Searches often
reveal many more Internet con-
nections than the organizations
expect. It also examines things
such as Usenet postings and
social engineering tactics.
Apparently, many organizations
are amazed at how willing
employees are to divulge infor-
mation useful to an attacker.
Once specific domain names,
networks and systems have
been identified, said Tobok, a
so-called enumeration phase
begins where a tester examines
a system to see where an attack
may come and simulates what
that attack might look like.
“We actually do different layers of testing to see how far we
can get into a specific server,”
“It’s not surprising law
firms get hacked...
Businesses are way
behind the curve in
terms of protecting
he said, noting that is only done
with rules and scope agreed
upon with the client.
Tobok said the penetration
tester’s most valuable work
comes in the susceptibility mapping phase as the tester creates
a map of the system explaining
its vulnerabilities and how they
might be remedied.
Once that is done, the tester
examines system vulnerabilities
in the utilization phase. A penetration tester will attempt to
gain privileged access to a target system by exploiting the
As for the malware that
Digital Wyzdom finds on computers, the company takes it
off and then examines it to
find out what the hackers were
trying to do.
“We take the malware and dis-
sect it, dig into the code. We give
it a playground and watch it,” he
said. “It’s like a cobra in a cage.”
The federal government
operates the Canadian Cyber
Incident Response Centre. Its
website lists information for
businesses interested in
increasing cyber security.
Legal Consultant and The
Lawyers Weekly Columnist Jordan Furlong said the prevalence of hacking should be a
“It’s not surprising law firms
get hacked,” he said. “Everyone’s
vulnerable to some degree or
another. Businesses are way
behind the curve in terms of
protecting their information
And companies appear to be
on their own when it comes to
oversight on technological
The Law Society of Upper
Canada (LSUC) Spokesperson
Susan Tonkin said the society
regulates and investigates law-
yers, not firms.
We want to hear from you!
Email us at: firstname.lastname@example.org
CHOOSE FROM CANADA’S TOP
MEDIATORS AND ARBITRATORS
W.A. Derry Millar
We are pleased to announce that Derry Millar, has
joined ADR Chambers, and is available to conduct
mediations and arbitrations. Derry is the former
Treasurer of the Law Society of Upper Canada and
brings over 34 years of legal and neutral experience.
His expertise includes Commercial, Aviation, Estates,
Environmental, Insurance, Products Liability,
Intellectual Property and Real Estate matters.
SOURCE: FIRST PRINCIPLES COMMUNICATION