The Secret Weapon in Cyber Litigation

I’m not sure this secret weapon is legal. In fact, I am pretty sure that it is illegal. But, apparently, that isn’t stopping some lawyers and others from using it. I am not saying that everyone is a crook. They are not. But some, apparently, are perfectly willing to break the law.

Carlo Pacileo was under mounting pressure from his boss due to a series of lawsuits with a business rival. His boss wanted dirt, but he was not, so far, able to turn up any dirt.

He went so to a detective he knew from his days with Blackwater, a group of ex-military mercenaries who were accused of considering laws a sort of loose guideline.

The detective turned up a few days later with a bag of goodies – all sorts of surveillance equipment like hidden listening devices. One might think that breaking in to plant bugs might, possibly, be illegal.

But the thing that caught his attention was when the detective said he had a relationship with an Indian hacker who could break into emails.

With a $10,000 a month retainer, he got the job.

The Indian hacker, Sumit Gupta, broke into the email accounts of Pacileo’s boss’s competitor, Ocean Avenue. He sent back screenshots an passwords (note: strong MFA probably would have stopped this from working).

When Ocean Avenue learned of this, it filed a federal lawsuit.

The short version of this (get the details at the link) is that Pacileo’s boss settled. On “undisclosed terms”.

But that wasn’t the end of it.

For some reason, maybe because the players had already been identified, the FBI got interested.

The FBI raided Pacileo’s and the detective’s homes. Both eventually pleaded guilty. Probably a good plan because federal jail sentences for these crimes can be up to 20 years on each charge plus massive fines.

It ended Pacileo’s career as well as the career of the detective he hired.

But the Indian hacker, Gupta, he was just getting started.

He used this to launch a “gray” – maybe “black” – business, underground, of hacking for private investigators. Gupta was charged with hacking but never arrested.

Reuters identified several dozen cases over the last decade where Indian hackers attempted to steal documents from the other side. Some times the hackers did what hackers do and sent the targets infected emails as part of a business email compromise attack – no different that the hackers we see every day and no more legal. THIS IS LIKELY THE TIP OF AN ICEBURG.

They even “obtain” attorney-client privileged documents this way. Attorneys are not considered out of bounds in these cases.

Reuters found at least 75 companies and three dozen advocacy and media groups and numerous executives who were targets.

HOW MANY DID THEY NOT FIND?

The Reuters report is based on interviews with numerous parties to these lawsuits and a database of 80,000 emails sent by the Indians to 13,000 targets over a seven year period.

Among the law firms targeted were major law firms like Baker McKenzie, Cooley, and Cleary Gottlieb, according to Reuters.

“It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles,” said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

https://www.reuters.com/investigates/special-report/usa-hackers-litigation/

While the Indian hacking operations might pay the hackers working for them as little as $370 a month, they charged customers up to $20,000 for access to one target.

You get the general idea. Whether this was legal or not doesn’t seem to concern the buyers. They want to win and they, apparently, don’t care how.

The Reuters article has a lot more detailed information, but you get the idea.

Bottom line here, don’t assume your competitors or adversaries – or even opposing counsel – care about playing fair or even staying on the right side of the law. Of course, most lawyers won’t go this far (I hope), but that doesn’t mean some won’t or that some competitors, in an effort to steal business from you (note that this is not just a situation for lawsuits), won’t cross that line. Maybe they will get caught, but the smart ones will not. YOU NEED TO PROTECT YOURSELF. Likely, you will need help. If you need help or think you might, contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *