Lloyd and Harry wreak havoc


Lloyd and Harry wreak havoc

  • 11/29/21
  • Judge David Langham

We are all focusing more on security, and the World Wide Web has become a critical part of our challenges in this world. Over the past two years, I have gone from blissful oblivion to a critical focus on cybersecurity. I have been fortunate enough to meet some of the best and brightest engaged in the fight against the threats we all face in the internet world. And, on December 15, 2021, I will host a morning at the Workers ‘Compensation Institute, where a preeminent group of subject matter experts will provide cybersecurity information for the world of workers’ compensation.

As my awareness of the topic grew, I addressed various concerns. I am focusing on this because we are all addicted to the internet. This workers’ compensation community has evolved, like much of the world, and is now totally dependent on digital data and interdependent on others in systems. We see it in medical records, case management reports, adjustments, etc. Vast amounts of data circulate the web to ensure the continuity of global workers’ compensation processes, and all of this data is of potential interest to criminals who troll the web for profit or loss. advantage.

So, there have been a few articles on security; see the hot topic of cybersecurity 2020 (January 2020); The physical cybersecurity premises (August 2020); Your cybersecurity is your job (June 2021); Cyber ​​Security Forum 2020 (August 2020); and, It can happen to anyone (July 2021).

We even dedicated an edition of the Workers ‘Compensation Hot Seat to the topic in August 2020. It is telling that the Workers’ Compensation Institute has decided to focus on this topic. Over the years, it has become somewhat of a tradition to hear about new challenges and solutions at WCI each August. Sure, we’re a little late this year in accommodation with SARS-CoV-2 and COVID-19. But, with vaccinations and other persistent precautions, we will soon be meeting in Orlando to continue this tradition.

We are now all constantly focused on the ether. There are so many threats to our data from criminals in the cyber world. We will discuss this a lot in December. But, in organizing the December 15th program, my thoughts returned to aspects of the physical world. It is too easy to lose sight of the physical threats of loss or theft that we all face due to corruption or loss of USB drives, laptops and servers. Yes servers.

In July 2019, the Florida Supreme Court permanently struck out a lawyer in one of the most intriguing examples of identity theft I have ever read. The referee’s report is interesting and descriptive, an interesting harbinger for anyone interested in our expanding digital present. There are those in cybersecurity who repeatedly warn us that our human elements are the greatest threat. They usually refer to someone in your office making a mistake, clicking on a deceptive link or the like. But, what if you worked with someone who is just a bad actor?

In The Florida Bar v. Brady, SC19-39, a stunning narrative of facts once again illustrates the physical challenges of cybersecurity. After testimony and argument, the arbitrator concluded by recommending that the lawyer involved “be found guilty of having violated each of the seven rules alleged in the request of the bar”. There is an interesting discussion about preparing for trial, following court instructions, as well as the appeal process. Any lawyer interested in Florida’s disciplinary process would do well to read the report published in this unpublished court decision.

The lawyer in this case was an employee of a law firm, but was fired. Shortly after, the lawyer created a website with a very similar URL (Uniform Resource Locator, the “www” you use to find a website). With this close similarity, this lawyer established a web presence that looked a lot like the law firm he had just left. The owner of the real law firm, the lawyer’s former employer, ultimately managed to shut down this new website through court proceedings and an injunction. But, for a while, the owner of the law firm was faced with essentially a corporate identity theft.

The former partner who was fired also filed information with the Florida Secretary of State to incorporate a business under the website URL name, the very similar name of the law firm, but this attempt was made. rejected because too similar. The lawyer nevertheless contacted some opposing lawyers in existing cases. He indicated that he was now “the sole true owner” of this law firm and that he was directing future communications to himself. So, with a few subtle maneuvers, this attorney set out to capitalize on someone else’s identity and hijack communications and data on himself.

But, he hadn’t finished. The lawyer then resorted to simple burglary. In a scene that one might think could only be conceived of by Hollywood, this lawyer “and his twin brother” staged an “openly” assault on the law firm (I did not name l neither the lawyer nor the brother, let’s just refer to them as “Lloyd and Harry” (fictitious names for convenience). Unfortunately for them, surveillance video captured the scene. See Suppose everyone is watching (September 2015), cameras are everywhere.

Lloyd and Harry (not their real names) backed a “truck to … (the law firm)”. They tied “a rope from the truck to the front door” and “tore (ripped) the front doors open”. They then removed “two important parts of the law firm,” the “firm’s safe” and “the firm’s computer server”. Thus, a physical assault turned into a cyberattack in a somewhat spectacular way, on video. In the event that the video was not sufficient, the former employee lawyer sent the owner of the law firm an SMS confirming the release of the data storage.

The owner of the law firm sought and obtained fair redress in court. Injunctions have been issued prohibiting the former employee lawyer from “interfering in his affairs” or even from making contact with the firm or its clients. But, the harassment did not end. The arbitrator noted that this lawyer was ultimately “considered in contempt on three occasions by the Circuit Court for having intentionally violated this injunction”. There is a description in the Arbitrator’s Order of continued behavior, including “false and unauthorized (legal) deposits”, and even “forging another attorney’s signature”.

The arbitrator specifically refers to such a deposit as “manifestly false” as well as “flagrant fraud against this tribunal”. In another case, the lawyer sought to solicit the business of a client represented by the law firm that fired him. When this company refused to hire the lawyer, it still signed and filed documents “in various outstanding cases …”

Thus, the operation of the affairs of a law firm was interrupted and disrupted. The individual against the tide has committed acts which either provided data to the company or deprived the company of this data, theft of the server. The arbiter is not concerned with whether the data on this server has been backed up to allow the business to continue operating or encrypted to prevent the disbelievers of the world from harvesting this data once in possession of this server. As simple as it may be to imagine losing a laptop or USB drive with a mine of data, the idea or the physical theft of a server in an office can pose a surprise threat to some readers. .

The arbitrator recommended permanent expungement in these cases, and the Florida Supreme Court agreed. The arbitrator cited various precedents involving “conduct prejudicial to the administration of justice”, “failure to maintain personal integrity”, and more. The arbitrator considered the potential for mitigation in the facts of the case and noted that the lawyer had never been penalized for abusive behavior before.

The arbitrator notably mentioned the theft of the server. This was characterized as “an intentional interference with the administration of justice” because the theft had “the potential to interfere entirely with the practice of the cabinet”. It is a recognition of the critical nature of data in our modern world and businesses. The actions “caused significant harm” to the owner of the server and the law firm, but also “indirectly, to its clients.” The owner of the law firm substantiated this prejudice in his testimony before the arbitrator, and the arbitrator noted that the former associate lawyer “clings to his justification for his actions with quite disturbing ferocity.” In short, it seems that some people strongly believe in their right to interfere with or take data that belongs to others, maybe you.

Without a doubt, our inboxes or spam folders are often inundated with phishing emails and worse. Bad actors strive for us to make mistakes, click on links, or otherwise give them access to our digital data. But, there is also a physical security involved with all of this data. Are the physical premises properly secured? Is the information encrypted and protected against loss or theft of certain storage media such as a USB stick or laptop? Have you even considered the possibility of someone ripping off the office doors with a truck and driving away with your server, data and more?

Cyber ​​security continues to upset and challenge us. I look forward to speaking with you on the topic as I present a stellar line of speakers on December 15, 2021 at WCI. We’ll see each other there.

By Justice David Langham

Courtesy of Florida Workers Comp


Be the first person to comment!

You must login or register to read and comment!


You do not have an account ? Click on here save.

Disclaimer: WorkersCompensation.com publishes independently generated writing by various stakeholders in the workers’ compensation industry. Opinions expressed are solely those of the author and do not necessarily reflect those of WorkersCompensation.com.

Source link


About Author

Comments are closed.