Law firms are a principal target of an apparently professional hacking-for-hire industry, according to a report by cyber security experts on the so-called 'Dark Basin' organisation. The apparently India-based group appears to have targeted thousands of individuals and organisations on six continents, the study by the Citizen Lab of the Munk School of Global Affairs & Public Policy, University of Toronto reveals.
'Lawyers were heavily represented in Dark Basin targeting,' the report states. 'We found targeted individuals in many major US and global law firms. Lawyers working on corporate litigation and financial services were disproportionately represented, with targets in many countries including the US, UK, Israel, France, Belgium, Norway, Switzerland, Iceland, Kenya, and Nigeria.'
The report alleges that Dark Basin - so named by the researchers - has conducted commercial espionage on behalf of clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. Such outsourcing muddies attempts to prosecute those responsible, the report states.
One of the tactics used by Dark Basin is through 'phishing'; inviting subjects to give security details in replies to emails from apparently reputable sources. Dark Basin's use of a URL shortener to disguise the destination of replies was one of the clues linking the group to an Indian company.
Last month New York firm Grubman Shire Meiselas & Sachs revealed that it had received a demand for a $42m ransom after a criminal group stole data from its systems.