Risk Update

Risk News — Corporate Conflicts Cost, Cyber Risks Creating Clashes

Fine Increased For Corporate Conflicts Of Interest” —

  • “The British Columbia Law Society Review Board increased the fine imposed for a corporate counsel’s conflicts of interest:
    • ‘The matter before this Review Board is the appropriateness of the $5,000 fine assessed against the Respondent for professional misconduct. The Respondent was found to have participated in conflicts of interest over the course of several years, in multiple situations involving his role as corporate counsel, while simultaneously acting for opposing shareholders. As well, he acted as legal counsel in a divorce for one of the shareholders, and in matters involving the arrangements concerning his client’s addiction issues.’
    • ‘In this matter, the Respondent acted for and against different shareholders of a company in two separate share sales while still purporting to act as corporate counsel. The Respondent also acted on behalf of one of the shareholders (“WD”) in a divorce proceeding from his wife, who was another shareholder, where the valuation of the company and the value of the shares would impact all the shareholders. Indeed, the Respondent’s ties to WD were further problematized when at one point, the Respondent held a power of attorney for WD for the sale of the matrimonial home. Finally, the Respondent acted in matters arranging for WD’s drug rehabilitation treatment program.’
    • ‘The Review Board finds that the failure of the Respondent, as a senior lawyer, to identify and avoid these conflicts of interest is serious misconduct.’
  • Full decision here.

Clark Hill Accused of ‘Whitewash’ In Cyber Malpractice Case”

  • “Clark Hill PLC is using a privilege “whitewash” to try to keep every document related to a successful attack on the firm’s network three years ago — including reports from cybersecurity experts hired to figure out how it happened — out of court, a Chinese dissident told a D.C. federal judge on Wednesday.”
  • “Guo Wengui, who has accused his former firm of recklessly allowing his political enemies to steal his confidential asylum information, said in a motion to compel discovery that Clark Hill has refused to answer questions about its security systems or the scope of the cyberattack — or even to identify the consultants it hired in the wake of the breach.”
  • “To do so, the firm has leaned on its retention of an outside law firm after the attack to justify a ‘blanket withholding’ of virtually all emails and reports about the attack and a forensic analysis of its origins. Wengui likened that to a building owner that hires a plumber and a lawyer after a pipe burst — and then asserts attorney-client privilege over every communication it had about pipes, tenants, repairs and the name of the plumber.”
  • “In a motion to dismiss the suit in November, the 650-lawyer firm argued Wengui himself provoked a targeted cyberattack from his enemies by ‘personally announc[ing] the fact that he had applied for asylum in a video that he posted on the internet.'”

Negotiating with Ransomware Gangs” —

  • “For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) ­ and even if payment is arguably unlawful, seems unlikely to be prosecuted. Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination ­ almost like a cost-benefit analysis.”
  • “When confronted with a ransomware attack, the options all seem bleak. Pay the hackers ­ and the victim may not only prompt future attacks, but there is also no guarantee that the hackers will restore a victim’s dataset. Ignore the hackers ­ and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty and dread inevitably experienced by the victim.”

What’s it really like to negotiate with ransomware gangs?” —

  • “It might be the worst-kept secret in all of cybersecurity: the FBI says don’t pay ransomware gangs. But corporations do it all the time, sending millions every year in Bitcoin to recover data that’s been taken “hostage.” Sometimes, federal agents even help victims find experienced virtual ransom negotiators.”
  • “That’s what Art Ehuan does. During a career that has spanned the FBI, the U.S. Air Force, Cisco, USAA, and now the Crypsis Group, he’s found himself on the other side of numerous tricky negotiations.”