David Penfold 1d ago
evacide

I cannot overemphasize to you how often law firms are targeted by hackers, sometimes employed by opposing parties in cases they are working on, and how profoundly unprepared most law firms are to defend themselves.

https://www.cnn.com/2025/07/11/politics/chinese-hackers-suspected-law-firm-hack

Chinese hackers suspected in breach of powerful DC law firm

Suspected Chinese hackers have broken into the email accounts of attorneys and advisers at a powerful Washington, DC, law firm in an apparent intelligence-gathering operation, the firm, Wiley Rein, told clients this week in a memo reviewed by CNN.

CNN
Jul 11 at 11:17pmWeb
Show threadBlueDot🇺🇦1d ago

@evacide

I can imagine a future lawsuit over legal malpractice, where the plaintiff argues that his lawyers should have used an air-gapped system to protect client secrets.

Show threadSteve's Place1d ago

@evacide I did the initial computerization of Morgan, Ruby, etc.. They had no idea what I was talking about, ever.

"You're going to need more RAM. It's memory for the workstations."

Atty 1: "Do you know what he's talking about?"

Atty 2: "I have no idea."

Atty 1: "How much does it cost?"

I cannot agree with you more.

Show threadjosh g.1d ago
@evacide I wonder how many times headlines like this will claim hacker nationality based solely on where the trail of proxy hops went cold.
Show threadmike8051d ago
@evacide They should go back to WordPerfect under DOS. Nothing to hack.
Show threadhayden aiken 🇺🇲1d ago
@evacide do you think this "just" compromises the integrity of the legal system, or are there national security implications?
Show threadChris Barrus1d ago

@evacide Ten years ago I did contract database work for a firm that handled trademarks and patents. Multiple offices around the world handled by a woefully unprepared IT staff. Every hour of every day was spent recovering from backup drives and network shares that had been ransomed by a phish. IT just accepted it “the users never listen so we gave up trying to tell them.”

Soon after I started there, I received phish emails purportedly from my Facebook friends. Total infosec clusterf.

Show threadIan1d ago
@evacide Law first were collectively dragged kicking and screaming into this century by COVID. So you know their infosec is probably going to be absolutely terrible as they email each other passwords to sensitive documents.
Show threadBram1d ago
@evacide I cannot overemphasise how unprepared most companies in every sector are. Basic IT literacy is nonexistent in the vast majority of people. Companies just do "whatever" until their IT infrastructure sort of works. Or they outsource it to marginally less incompetent third parties that charge more money. Their offices have alarm systems (because someone might steal their fancy chairs), but they don't even have a SIEM. And Bob from HR's password is p4zzw0rd.
Show threadxinit ☕1d ago
@evacide
Time to roll those law offices back to non-networked machines running WordPerfect 5.1.
Show threadslash23h ago
@evacide You usually think they're after DoD, or trade secrets. I never really thought about lawyers, but they do hold secrets, especially in D.C., and are unlikely to have hardened their systems. Now that you mention it, this is probably the tip of the iceberg.