LexisNexis® CLE On-Demand features premium content from partners like American Law Institute Continuing Legal Education and Pozner & Dodd. Choose from a broad listing of topics suited for law firms, corporate legal departments, and government entities. Individual courses and subscriptions available.
The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider whether to incorporate some of the lessons learned from the DOJ’s Operation Shrouded Horizon into their own information security programs.
The enforcement action was taken against members of Darkode, an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. As part of Operation Shrouded Horizon, the FBI infiltrated Darkode’s membership to obtain insight about individuals making malware available for sale. In a related case, two Darkode members pleaded guilty to charges connected to SpyEye, a malicious banking trojan ( a type of malware) that may have been used to steal information from approximately 253 financial institutions around the world.
“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton.
The DOJ’s recent Best Practices for Victim Response and Reporting of Cyber Incidents provides guidance to small and large organizations that are developing cyber incident response plans and preparing to respond to cyber incidents by incorporating lessons learned by federal prosecutors while handling cyber investigations and prosecutions. Among the DOJ’s recommendations are best practices to implement before a cyber incident, including:
Members of Ballard Spahr’s Privacy and Data Security Group and Consumer Financial Services Group regularly advise financial institutions on compliance with data security and privacy issues, including counseling companies about any applicable information security laws and regulations, providing guidance on cybersecurity policies and procedures as well as breach response plans, and advocating on behalf of companies facing breach-related litigation.
Copyright © 2015 by Ballard Spahr LLP.www.ballardspahr.com (No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.
For more information about LexisNexis products and solutions, connect with us through our corporate site.