French, UK watchdogs say hackers-for-hire are targeting law firms

Listen to this article:

A bus drives past the Royal Courts of Justice in London, Britain, June 26, 2022. REUTERS/Raphael Satter

By Raphael Satter

(Reuters) – Mercenary hackers increasingly are targeting law firms in a bid to steal data that could tip the balance in legal cases, French and British authorities say, echoing a Reuters investigation that uncovered the phenomenon last year.

In a pair of reports published over the past week, the cyber watchdog agencies of France and the United Kingdom cataloged an array of digital challenges faced by law firms, including threats posed by ransomware and malicious insiders. Both also highlighted the dangers posed by mercenary hackers hired by litigants to filch sensitive information from courtroom opponents.

The London-based National Cyber Security Centre (NCSC) said in its report published on June 22 that it was increasingly seeing “hackers-for-hire” brought in “to gain the upper hand in business dealings or legal disputes.”

France’s cyber watchdog, known as ANSSI, said in its report released Tuesday that “mercenaries with offensive cyber capacities” were increasingly targeting the legal sector. ANSSI cited Reuters reporting last year on how mercenary hackers based out of India were being drafted to help sway high-profile cases in the United States, Europe and elsewhere.

That story – which was based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records and thousands of emails – revealed that hacking groups based in India were responsible for a years-long hacking spree that targeted some 1,000 attorneys at 108 different law firms worldwide. Reuters showed how the hackers made a business out of stealing documents for their clients and, in some cases, trying to enter the ill-gotten material as evidence.

The investigation has since been corroborated by researchers at Alphabet-owned Google and Facebook owner Meta Platforms Inc.

Britain’s NCSC and France’s watchdog ANSSI didn’t immediately respond to emails seeking comment.

(Reporting by Raphael Satter)