Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Dark Web Marketplace Takedowns Mitigate Legal's Cyberthreat, But Only So Much

By Rhys Dipshan
September 02, 2017

The recent takedown of dark web marketplace AlphaBay represented a major success for law enforcement agencies in the U.S. and around the world. AlphaBay regularly sold not only illegal drugs and firearms, but also malware tools and stolen personally identifiable information (PII), enabling a variety of cybercriminal activity.

While the takedown has undoubtedly helped stifle the abilities and reach of cybercriminals, experts caution that its effect on mitigating the overall level of cyberthreat faced by corporations and law firms alike, while significant, will likely be temporary at best.

According to the Department of Justice (DOJ), prior to its takedown, AlphaBay had “over 100,000 listings for stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools.”

It is likely that some of these “stolen and fraudulent identification documents” may have come from those in the legal industry. Email addresses connected to various law firms have been discovered by cybersecurity company Protorion Systems on the dark Web, though most were connected with logins used for third-party accounts, such as Dropbox, and not law firm systems themselves.

Still, the risk of having such third-party login information exposed means hackers have a potential way into a law firm employee's devices and digital life and, by extension, the law firm systems to which they have access.

Shutting down marketplaces like Alphabay, therefore, effectively mitigates the risk of personal account information getting into the hands of cybercriminals and helps authorities identify and prosecute those who are trading such information in the first place.

But the impact of taking down cybercriminals and their malware is likely to be temporary, given the frequency at which these tools and cyberattackers pop up. Like music privacy or trying to keep up with new forms of data, fighting cybercrime online can be a perennial game of “whack-a-mole.”

Alphabay itself, for instance, is a relatively new marketplace, launched in late 2014 only weeks after the takedown of the then-largest dark Web marketplace, Silk Road.

Marcus Christian, partner at Mayer Brown and former executive assistant U.S. attorney at the U.S. Attorney's Office for the Southern District of Florida, said shutting down Alphabay “is just one piece in an overall very large law enforcement puzzle” and not a definitive blow against cybercriminals.

“There will still be marketplaces that are available as long as individuals and criminal organizations believe that they can make profits,” he said, adding that many believe that, once one market is down, “there will be another bigger and 'better' one to soon surface.”

Christian compared such marketplace takedowns to the war on drugs, noting that “we've been taking down marketplaces in the physical world for narcotics for a long time, but [drug crimes] still happen.”

Still, Christian argued that going after marketplaces is not an exercise in futility. “I think law enforcement would be quick to tell you it's important and from a business perspective not to have actors out there who can just steal data, steal IP, and steal proprietary information from corporations with impunity,” he said.

Mark Krotoski, partner at Morgan Lewis who previously served as federal prosecutor at the DOJ for over 20 years, agreed. He noted that, while the takedowns “won't discourage everyone, and those who are seeking to engage in [cybercriminal] activity will try and find new marketplaces,” it does to make cybercrime a less appealing profession. “There is a general deterrence impact because it does discourage some who might be contemplating this activity,” he explained.

And more to the point, he added, takedowns of dark web marketplaces give law enforcement valuable information to take down some of the biggest players in the cybercrime world.

“Law enforcement officials, if they are able to undercover [those who execute] transactions, may be able to identify some cybercrime individuals who either have history of being involved in this activity,” Krotoski said.

Indeed, these leads can turn into significant prosecutions. In July 2017, for example, the FBI was able to arrest Mark Vartanyan, a Russian national the agency called “a key resource” for the cyber underworld. Among other things, Vartanyan was the mastermind behind a particular nefarious banking Trojan known as Citadel.

*****
Rhys Dipshan writes for Legaltech News, an ALM sibling of Cybersecurity Law & Strategy. He can be reached at [email protected].

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.