Duncan Fraser was one of the keynote speakers at the Modern Law Clerk Event, which took place in Toronto, on March 30, 2016. The event was well attended, with more than 100 registrants.
For more details on Fraser’s E-Discovery presentation, click here:
We all know the email asking us to help someone (often foreign royalty) to move several million dollars – all we have to do is give them our bank account number, and they will share the money with us. Few people still fall for such a blatant fraud. However, a new twist on this fraud is now being played out in businesses, with surprising success.
The fraud works like this: an organization’s firewall is breached, usually through a phishing email attack (one where an unsuspecting employee opens an attachment that contains a program to enable access to the network). Once the attackers have access, they probe email mailboxes looking for a senior executive (usually the CEO) who routinely provides instructions to the accountant to make payments. They then create and send an email from the CEO’s mailbox, instructing the accountant to either transfer money to a specific bank account, or tell the accountant to expect a call from a “lawyer” who will give them instructions for funds transfer. The email is written in the same style as the CEO’s legitimate emails, and usually says that this is a confidential transaction, so don’t discuss it with anyone else.
Once the funds are transferred, there is little the organization can do to get them back. Even their cyber-insurance (a relatively new type of coverage that addresses the risks associated with the use of Internet connected technology) may not cover this loss, as seen in two recent court cases in the U.S. (see this article).
Fortunately, sometimes the thieves don’t win. In an article on CBC’s website this morning, Mattel (the makers of Barbie dolls), fell victim to this fraud, but were lucky enough to catch it in time and put a lock on the funds before the thieves could launder the money.
Cyber security is not just about building walls. Thieves in the Internet age are much more sophisticated than the run of the mill hackers of yesteryear. The best way to combat these attacks is through education and awareness – and then set up business processes that validate third party payments.
Twitter, the 140 character social media messaging service, turned 10 yesterday. In just a few short years, Twitter has become a household name, and is one of the first places on the Internet to check for breaking news.
Many people tweet, and a lot of those tweets are rather candid in nature. This should make tweets a prime source for litigation-rich content. However, very few matters include twitter content as part of the evidentiary record. That is likely due to the technical complexity of twitter as evidence.
Collecting twitter messages is like trying to solve a really frustrating cold case. In order to make use of twitter content, the legal team needs to be able to assemble the last days in the life of a tweet. Where did that tweet go, who did it meet, and who was the last person to see it? This is because original posts and tweets often “disappear” from the poster’s feed, while retweets and repostings may be scattered throughout the Internet. The relevant information may be there, but being able to piece together a story for a judge, jury, or regulator based on a collection of piecemeal tweets may be difficult.
The key to making the authentication process work is in the details hidden in every social media post – usually in the form of metadata. This means that simple screen shots of tweets, which capture none of the metadata, are insufficient – forensic collection and reconstruction techniques must be used.
Twitter can be a gold-mine to those legal teams that are tech-savvy enough to understand how to use them. Nowadays, legal knowledge is not enough. The legal team needs to include the technical expertise to take advantage of 21st century methods of communication.