Articles Posted in Cybersecurity

Our law firm’s attorneys have been able to manage unexpected data breaches since they take place on a regular basis. Our legal team and group of technology experts have implemented specific protocols to mitigate the damages. One of the most important factors is assessing your company’s security weaknesses which may include proper training of all personnel including full/part-time employees and independent contractors. Training is a key factor and should be conducted in a methodical manner. The information technology department should implement the procedures for setting up personnel training sessions.

The first step is to setup a framework for proper incident responses. Then, incident notification procedures should be published for all personnel and should be part of the hiring process. The company should be able to validate the data breach by examining the information. All sensitive and confidential documents (e.g., trade secrets) should be protected and preserved on a regular basis. The incident response team should immediately investigate and monitor the breach. The company should mitigate the damages by securing electronic devices and the stored information. Also, the company should ensure the existing encryption software is functional, and if not, it should be replaced with another type of encryption software. The data owners should be formally notified since their information has been affected by the data breach. In most cases, law enforcement officials should be notified about the data breach. Finally, the company should assess and improve its data breach and incident response plans to avoid similar problems in the future.

Any organization that collects, stores, or manages sensitive or confidential information is susceptible to cyberattacks. Therefore, it must setup and manage a proper incident response plan. It must be able to engage in preventive and reactive measures such as proper data retention policies. The chain of custody in preserving information is a key factor. So, the data must be located, identified, and protected to avoid unnecessary complications. Data protection and preservation are key components from a legal perspective. The organization should have access to legal counsel to prepare for potential legal actions. The legal team should work closely with the Incident Response Team (“IRT”) to protect confidential client information such as medical or financial records. This way, the attorney-client privilege can be properly established by them.

Data breach incidents require a quick response from the information technology team and their experts. They are responsible for investigating the incident, notifying the affected parties, and contacting law enforcement agencies. The business operations should not be interrupted by these data breach incidents which is a difficult task. In other words, business continuity is one of the main complications that the targets face in these situations.

The hackers use various methods to infiltrate and extract valuable information such as trade secrets and private or confidential information. This information should be protected by using suitable methods. The private and confidential information should be stored on internal and external storage devices. They should be backed up on a regular basis and protected by using encryption technologies. We recommend using strong encryption algorithms which meet the minimal technical requirements that can be implemented by a qualified technology expert. This is important since the confidential information that can be stolen may include sensitive corporate, medical, and financial records. So, obviously, there are mandatory notification protocols in every jurisdiction.

California Civil Code Sections 1798.29(a) and 1798.82(a) require a business or state agency to notify any California resident whose unencrypted personal information was acquired or reasonably believed to have been acquired by an unauthorized person.

Data breach and incident response protocols are important when there is a breach within an organization’s computer systems. Our law firm has assisted clients with data breaches which can occur as a result of insider threats, hacking intrusions, credit card payment breaches, and medical record breaches.

Data privacy and cybersecurity are key components that could be implemented at the network level of each organization as preventive measures. The information technology department should properly review the computer systems and implement the proper software and hardware applications. The information technology staff should install a firewall system that can monitor network traffic. It can also implement an Intrusion Detection System (“IDS”) that monitors network traffic and prevent unauthorized transactions.

These incidents have a national and international component to them since they can take place from anywhere. The hackers can be anywhere in the world when they target victims. They usually utilize sophisticated tools and resources to initiate the attacks. For example, they use social engineering and phishing to obtain personal information by impersonating a trusted source. They can use malware injecting devices, missing security patches, password cracking, and Distributed Denial-of-Service (“DDos”) attacks. The hackers steal secrets by using sophisticated tools and methods. There have been multiple incidents where the hackers infiltrated small and large companies to extract personal and confidential information such as trade secrets (e.g., patents, trademarks, copyrights), social security numbers, credit card numbers, medical records, and bank account records. The hackers can use a “back door” which is a secret pathway they use to enter the computer system. They can use a “buffer overflow” which is when malicious commands are delivered to the computer system by overrunning the application buffer. The denial-of-service attack is another method that is used to shut down the computer system. The hackers have been known to use “email worms” which includes a virus script that is transferred to the victim via an email message. Now, the hackers can gain computer “root access” which grants them complete control. The “root kit” is a group of tools that can be used to expand and disguise the hacker’s control over the computer system. The other tools that can be used by hackers include script kiddies, session hijacking, and trojan horses.

Ransomware is used to infiltrate and lock the victim’s computer system in exchange of money. This type of malicious software (a/k/a “malware”) can cause substantial disruptions in an individual’s and a company’s business operations. It is usually caused when the unsuspecting victim clicks on a link to open an attachment or clicks on an advertisement or uniform resource locator to visit a third-party’s website that is embedded with the malware. The culprits usually request some form of ransom in order to decrypt the files. They will, and usually do, threaten the victim to either sell or leak the sensitive or confidential information if the ransom is not paid in time. There have been demands of up to or more than one-million dollars in recent years so the impact can be significant.

Ransomware can cause a “system lock” when the malware is unleashed on the computer or network system. This, in essence, will encrypt sensitive or confidential files on local or attached hard drives or other storage units. It is difficult to determine when or how the hackers infiltrated the system but the victim usually finds out when the computer systems are locked and inaccessible.

Technology experts recommend training yourself and your employees on a regular basis. This way, they will know what to look for and how to avoid these cybersecurity incidents. It’s important to have a regular backup of sensitive and confidential files and store the backup files in a secure location. We usually recommend storing them in local and remote locations. It is recommended to restrict user privileges such as permissions to install and execute software applications. Technology experts recommend enabling strong spam filters to prohibit phishing emails. They also recommend properly configuring the firewall to block access to known malicious Internet Protocol addresses. It’s also crucial to update the operating system and software applications on a regular basis according to law enforcement agencies.

Quantum computers will probably take over the various technology industries in the near future. It is called the “Fourth Industrial Revolution” and it will change the way we use and experience technology. These superfast computers have an extremely powerful computing power that is unmatched by traditional computers. Its technology is based on quantum physics. It will arguably disrupt many industries and will have a direct impact on cybersecurity and privacy. Quantum computers use “quantum bits” or “qubits” which can have multiple properties (i.e., they can be both 0 and 1 simultaneously) and can store electronic information. In other words, they can be in two states at one time which is called “superposition” by the experts. However, they are susceptible to distortion and therefore proper error correction is important.

The large technology companies such as IBM, Google, Intel, and Microsoft have invested a significant amount of their resources. In fact, IBM Quantum is an organizational initiative to build universal quantum computers to solve complex problems with its supercomputers. So, once this type of technology becomes more prevalent, other manufacturers will follow a similar path.

Cybersecurity will be directly impacted by these supercomputers because it will allow their owners or operators to infiltrate the target’s defense mechanisms. It may take a traditional computer a longer time to decipher strong passwords and hack into a computer network system. As such, the owners or operators of quantum computers will have a significant advantage when it comes to these procedures. Cybersecurity and privacy will be major concerns due to the nature of these supercomputers as they can potentially disrupt multiple industries. We know that electronic information can be protected by algorithms. Now, quantum algorithm is referred to as “Shor’s algorithm” which gives quantum computers a higher capability to decrypt information.

Quantum computers will be more prevalent in the coming years as technology advances and they become more affordable. Quantum computers function differently than traditional computers. They are faster and much more efficient when compared to traditional computers. Today’s traditional computers use digital bits which represent zeros and ones – i.e., they must be either on or off for computing process. However, quantum computers operate by using qubits which can store digital information and have several properties. In essence, they can make instantaneous calculations that can take a traditional computer several years. Quantum computers can resolve industrial problems that can take traditional computers a longer time.

What are the applicable technologies and legal problems?

The advantage of having access to quantum computers can be significant. This is because, for example, a company that has access to these exponentially-advanced electronic devices can decrypt a sophisticated program within minutes and threaten the victim’s privacy rights. In other words, it could carry a potential invasive power that would be unmatched by traditional computers. Encryption technology is being used to protect sensitive information. There is “symmetric” and “asymmetric” encryption technology that is being used in the market.

Artificial intelligence technologies have been used to enhance deepfake campaigns. Deepfake is defined as synthetic media where a real person’s image is replaced with someone else’s likeness. It can be used to create an artificial video of another person and make it look real. It has been used to create celebrity porn videos, revenge porn, or fake news. It uses deep learning artificial intelligence software to create a fake picture or video. So, in essence, it can threaten valid and truthful information by publishing false or inaccurate information.

The technology that permits the creation of deepfake is “deep neural networks” which is one kind of artificial intelligence algorithm that finds large data set patterns. The neural-network structure that is generally used is the “autoencoder” which comprises of an encoder and decoder. The encoder compresses the image to a smaller size and the decoder decompresses the image back to the original size. A similar technology is the VFX which has been used by movie studios for visual effects. However, at the present time, a similar and less expensive technology is available.

There can be problems with deepfake technologies. For example, it’s been used to create fake images or videos of well-known individuals. This, in and of itself, can create legal issues such as defamation, false light, and civil harassment. Defamation is a false factual statement that is not privileged and tends to harm someone’s reputation. Defamation can occur against individuals and corporations and can have a lasting negative effect. False light is similar to defamation but it usually concerns invasion of privacy. So, for example, it can happen when a person is falsely portrayed as something he or she is not due to inaccurate impressions. The Restatement Second of Torts, Section 652, defines it as follows:

Digital currency security and privacy laws are changing with time. We have mentioned transparency issues in previous articles. The fact that Bitcoin’s blockchain transactions are public and generally accessible can be beneficial when it comes to government investigations. Yet, it may not be the most secure platform for cryptocurrency transactions especially for legitimate businesses. So, in short, we should realize that government surveillance and subsequent investigation may be part of the deal.

The Bitcoin blockchain automatically records all transactions to show when, where, or how the digital currency was bought or sold. It does not show the true name of the associated individuals but that information can be obtained from digital currency exchanges (e.g., Coinbase), third-party wallet providers, or third-party intermediaries. In fact, state or federal anti-money-laundering laws require them to store customer records for identification purposes. So, for example, if a government agency wanted to identify the customer, it could issue a warrant without obtaining a court order. Then, the third-party recipient – i.e., a digital currency exchange like Coinbase, Abra, or Uphold – would be obligated to respond within a certain deadline. Now, if the government agency has no probable cause to issue the subpoena or warrant, then there may be a problem. There are two notable cases on this point. First, is United States v. Gratkowski, No. 19-50492 (5th Cir. 2020), where the district court held that the government was allowed to subpoena Bitcoin records from a digital currency exchange without a warrant. Second, is Harper v. Rettig, et al., where the plaintiff sued the Internal Revenue Service (“IRS”) for violating his Fourth Amendment right against unreasonable searches and seizures when it issued an informal demand letter to the digital currency exchange to obtain his financial records. Plaintiff argued that he was unlawfully subject to the government’s investigation since there was no evidence to prove he had committed a violation. Plaintiff also argued that his rights were violated under the Fifth Amendment’s Due Process Clause since the government agency seized his private financial records without prior notice. The government argued the “Third-Party Doctrine” was applicable, and as such, it should be allowed to access any kind of information that was shared with the digital currency exchanges. The Third-Party Doctrine holds that there is no reasonable expectation of privacy when an individual shares information with another party – e.g., Internet Service Provider, Digital Currency Exchange. These cases clearly show that there will certainly be an ongoing clash regarding cryptocurrency security and privacy regulations. On one hand, the government agencies will be overseeing the transactions to ensure legal compliance. On the other hand, consumers will protect their rights pursuant to the applicable state, federal, or international laws.

The government has, and will probably, continue to investigate websites for criminal activities. The government can use special tools or techniques – e.g., forensic software – to evaluate and obtain suspicious addresses from the blockchain. The next step is to send subpoenas towards third-party digital currency exchanges to trace cryptocurrency payments back to the user. The government agents can obtain more information from the digital currency exchange and determine whether they should obtain a search warrant. If so, then they can legally search the suspect’s home or other properties for more incriminating evidence. We have mentioned the Third-Party Doctrine carves out an exception to the Fourth Amendment’s principle against unreasonable searches and seizures. The courts have held that a user who submits information to a third-party digital currency exchange may not protect his privacy by using the Fourth Amendment. However, some litigants have argued that digital currency transactions are similar to cellphone location records which are protected by the Fourth Amendment under Carpenter v. United States (2018) 138 S. Ct. 2206. The district courts have rejected that comparison because cellphone location records are automatically gathered as a result of communications between the individual’s cellphone and communication service provider’s cell towers. However, the digital currency financial records are gathered as a result of the user’s voluntary transactions.

Bitcoin has become a popular digital currency in the past several years. Its price has fluctuated tremendously in the past five years. And now, everyone is rushing into buying it by using various applications such as Coinbase. As always, the bad actors (i.e., hackers) are on the prowl to exploit weaknesses. These weaknesses include the lack of preventive measures such as encryption and backups to secure the wallets. Therefore, once the wallet has been hacked, there isn’t much the victim can do to regain the digital currencies.

It is important to remember that Bitcoin transactions are transparent. In other words, all Bitcoin transactions are public, traceable, and stored on the blockchain network. Bitcoin addresses are the only indicators that show where they are stored and transmitted. Our research indicates that you should be able to protect your privacy if you use a new Bitcoin address every time you receive payment. Technology experts recommend that it may be prudent to use several wallets for different objectives – i.e., you can have a software and hardware wallet that can be used for a different reason. This way, there would not be a direct link between the cryptocurrency transactions.

Technology experts recommend not posting a Bitcoin address on a public domain such as a social media platform. The whole point is to avoid publishing information regarding your digital currency transactions since it could let third parties identify your Bitcoin address. It must be noted that Bitcoin’s network is a so-called “peer-to-peer” network that can be used by the general public. Also, in this kind of network, the user’s Internet Protocol (“IP”) address can be logged without your knowledge or consent. Therefore, it’s important to use some kind of masking software (e.g., ToR) or other technology to hide your computer’s IP address. ToR, which is also called “The Onion Router” provides a way for its users to mask their identities. It was originally designed for the military but it has been used by civilians for several years.

Digital currencies have become prevalent around the globe in recent times. There are various enterprises that are involved in the mining process which is now more difficult especially because it needs more computing power. Bitcoin’s price volatility is a major issue which has scared away investors. However, more importantly, are the security and privacy issues.

Digital currencies are usually stored in software or hardware wallets. These wallets allow the owners to store their digital currencies. There are studies that indicate hardware wallets are not as secure since hackers can use malware to intercept communications between the wallet and computer.

Hackers are always after valuable digital currencies. They are constantly trying to figure out a way to steal Bitcoin, or other kinds of cryptocurrencies, in a clandestine manner. For example, in 2014, Mt. Gox was hacked by an anonymous group and 850,000 Bitcoins were extracted without being found. There are other exchanges such as Coinbase, Binance, Kraken, or Gemini which can be targeted by the so-called “bad actors.” The hackers will use the necessary tools and techniques to shut down the major exchanges. These tools or techniques can be DDoS attacks which can cripple the computer network system. These types of attacks have been used to bring down the networks of private and public organizations.