John McAfee is running for US president as a member of the Libertarian Party. This is an op-ed he wrote and gave us permission to run.
The hack of Mossack Fonseca, in terms of the certain fallout that will affect many of the wealthiest and most prominent people on the planet, is by far the largest and most damaging cyberattack on record.
I am just one of more than 200,000 people to have downloaded the Panama Papers, a record for hacked documents. It was a gold mine.
The release contained 11.5 million documents chronicling the formation and actions of 214,000 offshore companies along with the names and manipulations of more than 14,000 clients. Among the clients are:
- 12 heads of state
- More than 150 politicians
- 29 billionaires on the Forbes list
- Multiple financiers of terrorism
- Nuclear-weapons proliferators
- Prominent sports and entertainment figures
- Numerous CIA-linked companies
Implicated as well are dozens of major banks that worked with Mossack Fonseca in establishing these offshore entities. Among them are the banking giants Credit Suisse, UBS, Landesbank, and Rothschild.
Mossack Fonseca is the fourth-largest “asset protection” law firm in the world, and its cybersecurity measures were obviously lacking. But they are not alone. Studies indicate that law firms are easy pickings for hackers, and Bloomberg reported last year that more than 80% of US law firms had already been hacked. Yet these law firms guard the gravest of our secrets, whether corporate secrets or those of an individual, and the damage done from a data breach could, as we might see, even bring down a head of state, as Iceland’s prime minister is discovering.
Why are law firms so vulnerable?
The practice of law is a venerable profession in which change comes slow.
The magazine Law Practice Today noted that the law profession had only within the past four years woken up to the reality of cyberthreats: “The need for better cybersecurity has been the focus of considerable discussion by law firms for the past four years. While some law firms have recently awakened to this key issue, significant further work needs to be undertaken.”
In America, over half a million attorneys are working in more than 4,500 law firms. This givesan average just over 100 lawyers per firm.
Cybersecurity budgets at any firm employing 100 people, if they exist at all, are minimal. For most businesses of that size, the risks, in terms of potential damage from a hack, are small. But the damage of a data breach in law firms is monumental.
All law firms will have the following information in their possession:
- Case or litigation strategy information, including settlement parameters and argument weak points
- Confidential client business information
- Attorney-client privileged communications and other legally privileged information
- Client intellectual property, such as patent, copyright, and trade-secret information
- A range of personally identifiable information of all kinds for employees, clients, and third parties, such as personal health information and various account and account-access information that include customers’ name and address information
- Payment card information, including card numbers and PINs
In addition, some files may contain information of such sensitivity that an entire corporation’s or agency’s survival rests on the security of that information.
In September I keynoted the Lawtech conference in Australia’s Gold Coast and gave a live demonstration of how easy hacking can be. The room, packed to the brim with lawyers, was stunned into silence. After the demonstration and talk I was mobbed by frightened lawyers. The common comment was, “I had no idea.”
After Mossack Fonseca, we should all now have an idea. Mossack is the fourth-largest “offshore” legal firm in the world. Where do you think the hackers are headed next?