Feeds

Hacked? Call a lawyer

Feds urge security pros to call in shysters

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Network administrators tasked with investigating cyber attacks on corporate networks should consider adding a potentially strange and unfamiliar tool to their defensive arsenals: the phone number of the company lawyer.

At least, that was the consensus of a panel of current and former law enforcement attorneys and corporate security heads speaking at the 2001 BNA Cybersecurity and Privacy Forum in Washington Wednesday.

"When we deal with some organizations, such as local law enforcement, we've got to make sure we have good legal advice," said Howard Schmidt, head of Microsoft's security department.

At issue: when investigating a hack attack, security professionals collect and handle evidence that may eventually become Exhibit A in a criminal case. But unlike FBI agents, computer geeks don't have the benefit of a trained federal prosecutor at each elbow, guiding them through the thicket of evidentiary law that, in theory, stands between a cyber attack and a successful prosecution.

Enter a new type of corporate in-house counsel: lawyers who help companies deal with the legal side of cyber security, an emerging niche that's particularly well suited for former prosecutors entering the private sector.

"It is a specialty, like contracts law, or deal law or real estate law," said America Online assistant general counsel Christopher Bubb, who until last month was a New Jersey cybercrime prosecutor. "It's a certain skill set and a knowledge set that's needed to participate in these investigations... It's not something that you learn in law school."

As a deputy district attorney, Bubb participated in the 1999 Melissa virus investigation that eventually identified New Jersey programmer David Smith as the author of the malicious code.That case, said Bubb, hinged on information gathered by AOL's security department, with the careful guidance of the company's legal team. "There's no dichotomy" at AOL, said Bubb. "[Lawyers are] allowed in on the decision making at the front end."

But will hands-on computer security experts pause in their pursuit of an intruder to bring company attorneys into the loop? Christopher Painter, deputy chief of the Justice Department's computer crime section, cited a recent, unscientific survey conducted by the Computer Security Institute (CSI) and the San Francisco office of the FBI, in which only 30 per cent of respondents who suffered cyber attacks said they reported the incident to company lawyers.

"System operators don't think about that," said Painter, an attorney himself. "That's not their concern."

© 2001 SecurityFocus.com, all rights reserved.

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.