A ransomware gang claimed to have stolen a trove of data from HWL Ebsworth. Photo / 123rf
A ransomware gang claimed to have stolen a trove of data from HWL Ebsworth. Photo / 123rf
OPINION:
When Russia-linked cyber criminals tried to contact Australia’s largest law firm to tell them they’d stolen 2.7 million files containing sensitive information about clients and employees, a comedy of errors ensued.
“Hello, the largest legal partnership in Australia now have a big problem with your data leak,” the cybercriminals and Borat impersonators wrote to HWL Ebsworth at the end of April.
“You have 3 days till friday, after that we make your post public and if you still keep silence we will prepare documents for publication.”
This is a threat that would send a shiver down the spine of any law firm leader, but the executives at Ebsworth decided it was only spam and ignored it.
Two days later the criminals tried again. This time, Ebsworth’s spam filters blocked the emails, so the firm’s partners still had no idea of the threat they were facing.
The hackers, a criminal group known as ALPHV, posted information about the hack on the dark web at the same time, which came to the attention of the firm. When ALPHV made a third attempt to contact Ebsworth it was successful.
“There is very little [time] left before the publication of your data in the public domain,” they wrote.
“What have you decided? We will make a good discount, suitable for redemption. This is our offer.”
The “good discount” was apparently $5 million.
It seems like an outrageous amount, but as the hackers pointed out, it’s not much compared to the reputational damage Ebsworth will face and the fines they might have to pay.
The operations of hackers and negotiations with companies whose data they’ve stolen usually remain a closely guarded secret, but we gained an insight into the way they worked over the past week when Ebsworth applied for - and won - a Supreme Court injunction to stop the hackers releasing any more information.
It’s hard to imagine a more pointless exercise - as if criminals far from the reach of Australia’s law enforcement would stop what they’re doing on the basis of a court ruling from the other side of the world.
Ebsworth has an impressive list of customers, including Australia’s four largest banks, major Australian and international insurers, share market-listed companies and governments.
The compromised data includes corporate client confidential information relating to hundreds of clients dating back at least five years. It includes clients’ own internal documents, lawyer and client communications, financial data, trade secrets and details of commercial strategies.
It also includes personal and sensitive information about individuals, including health records, identity documents and information about individuals’ racial and ethnic origins, political opinions, political and religious affiliations, sexual orientation and criminal records.
Information about government clients is included in the leaked data.
The firm has already spent 5000 hours and A$250,000 (NZ$275,500) dealing with the crisis and those hours and costs will continue to rise, court documents reveal.
But these costs are tiny compared with the reputational damage the firm will suffer.
Clients expect confidentiality from their lawyers and once they lose confidence that their current law firm can guarantee that, they’ll go elsewhere.
Additionally, Ebsworth has a reputation for keeping a tight rein on costs under the iron-fisted rule of its managing partner Juan Martinez. Clients will be even more aggrieved if they believe their data was leaked because the firm underspent on cybersecurity.
If clients start to move their business elsewhere, then $5 million will, in hindsight, have been a relatively cheap way to make a problem that now shows little sign of dissipating quietly disappear.
Next month’s rate rise will come when many Australians’ fixed-rate home loans expire. Photo / Patrick Hamilton/Bloomberg
Aussie tipped to follow NZ into recession
News that New Zealand is in a recession has reverberated across the Tasman, as economists and commentators suggest Australia is likely to soon follow.
There are striking similarities between the two economies: aggressive series of rate hikes have failed to tame inflation; households are struggling with higher prices for goods and services and higher interest rates on their home loans; and employment remains high despite the rate rises.
The Reserve Bank of Australia’s path between raising interest rates to bring down inflation and tipping the economy into recession is growing increasingly narrow.
The RBA would rather have a downturn - hopefully a short and sharp one - than allow inflation to become entrenched in the Australian economy.
The central bank signalled its intention to beat inflation at all costs at the start of the month when it lifted interest rates for the twelfth time in a row.
Since then, we’ve learned there was a surge of new jobs created in May, dragging the unemployment rate down to 3.6 per cent from 3.7 per cent.
In the face of such ongoing strength in the labour market and the risk of a wages inflation breakout, the RBA is sure to lift interest rates again.
But next month’s rate rise will come when many Australians’ fixed-rate home loans expire. Mortgage holders will be switching to much higher variable rates, removing a large amount of spending money from their wallets.
The path to a soft landing for Australia just got a lot narrower.
Christopher Niesche is a former Herald Business Editor, who writes a fortnightly column from Australia.
