Feeds

Hacked? Call a lawyer

Feds urge security pros to call in shysters

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Network administrators tasked with investigating cyber attacks on corporate networks should consider adding a potentially strange and unfamiliar tool to their defensive arsenals: the phone number of the company lawyer.

At least, that was the consensus of a panel of current and former law enforcement attorneys and corporate security heads speaking at the 2001 BNA Cybersecurity and Privacy Forum in Washington Wednesday.

"When we deal with some organizations, such as local law enforcement, we've got to make sure we have good legal advice," said Howard Schmidt, head of Microsoft's security department.

At issue: when investigating a hack attack, security professionals collect and handle evidence that may eventually become Exhibit A in a criminal case. But unlike FBI agents, computer geeks don't have the benefit of a trained federal prosecutor at each elbow, guiding them through the thicket of evidentiary law that, in theory, stands between a cyber attack and a successful prosecution.

Enter a new type of corporate in-house counsel: lawyers who help companies deal with the legal side of cyber security, an emerging niche that's particularly well suited for former prosecutors entering the private sector.

"It is a specialty, like contracts law, or deal law or real estate law," said America Online assistant general counsel Christopher Bubb, who until last month was a New Jersey cybercrime prosecutor. "It's a certain skill set and a knowledge set that's needed to participate in these investigations... It's not something that you learn in law school."

As a deputy district attorney, Bubb participated in the 1999 Melissa virus investigation that eventually identified New Jersey programmer David Smith as the author of the malicious code.That case, said Bubb, hinged on information gathered by AOL's security department, with the careful guidance of the company's legal team. "There's no dichotomy" at AOL, said Bubb. "[Lawyers are] allowed in on the decision making at the front end."

But will hands-on computer security experts pause in their pursuit of an intruder to bring company attorneys into the loop? Christopher Painter, deputy chief of the Justice Department's computer crime section, cited a recent, unscientific survey conducted by the Computer Security Institute (CSI) and the San Francisco office of the FBI, in which only 30 per cent of respondents who suffered cyber attacks said they reported the incident to company lawyers.

"System operators don't think about that," said Painter, an attorney himself. "That's not their concern."

© 2001 SecurityFocus.com, all rights reserved.

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.