♬ So when you fall to the ground
And finally get back to reality
And no one at all is around
So tell me how does it feel to be the enemy? ♬
Oscar Wilde’s quote: “A man can’t be too careful in the choice of your enemies” is playing out on the legal web stage. Unfortunately, the law firms and companies that target anti-piracy groups around the globe may have neglected to consider Oscar’s advice. Certain groups that took exception to alleged heavy-handed anti-piracy action have launched Denial of Service Attacks (DDoS) against these law firms and companies that are cracking down on digital file copying, file sharing and intellectual piracy.
First was the law firm of ACS:LAW.
It’s understood that the website was the subject of a persistent attack by the ‘Anonymous’ (4chan) activist group. The assault itself, which began earlier last week, was a coordinated action against multiple sites belonging to everybody from the Recording Industry Association of America (RIAA) to another controversial law firm, Davenport Lyons.
It is believed Gallant Macmillan sent out thousands of threatening letters to suspected file sharers, tactics similar to those of ACS:LAW with a bullying nature.
Unfortunately for ACS:LAW when the DDoS attack brought down their website, they compounded the problem. One web site reported as follows:
A rather opportune error occurred following the recent DDoS attack led by 4chan against the anti-piracy lawyers ACS:Law website, has resulted in the exposure of a month’s worth of company data, including many company emails and passwords. The result is published on The Pirate Bay for all to see.
When restoring the website after it was successfully taken off-line under Operation Payback a backup of the website was accidentally left on their front page which was accessible to all, presumably a massive error by the website admin.
The details of more than 500 of BT’s customers were sent by email in an unencrypted spreadsheet, following a court order obtained by ACS:Law, which alleged that they had been illictly file-sharing copyrighted information. But the documents subsequently leaked online, in the aftermath of an attack on ACS:Law’s website orchestrated by web users protesting at the firm’s actions.
Privacy International said on Monday that it plans to sue ACS:Law for violating the privacy of internet users over the security breach. It reckons the names and personal details of targets of ACS:law’s legal nastygrams could become the target of scams or identity theft as a result of the email leak. The privacy activists are also briefing the Information Commissioner’s Office on the breach.
TorrentFreak posted one e-mail in which law firm owner Andrew Crossley reveals a weekend he spent shopping for a car. “May go for a Lambo or Ferrari,” he wrote. “I am so predictable!” He ended up buying a Jeep Compass 2, however. Other “highly abusive e-mails” were dispatched to his ex-wife, the blog says.
Where these DDoS attacks will go, perhaps only the anonymous attackers know. But it certainly brings home the lesson that law firms need to harden their web sites against such attacks and in particular, guard against the release of any confidential information as a result, lest they find themselves in deeper trouble than just the loss of their website.