Last month, Romanucci & Blandin hosted a Continuing Legal Education seminar that was attended by referring attorneys. The event, “Easiest Catch: Don’t Be Another Fish in the Dark ‘Net’” was presented by Mark Lanterman, Chief Technology Officer of Computer Forensic Service, via Zoom. A former member of the U.S. Secret Service Electronic Crimes Task Force, Mark spoke on common hacking techniques, common misconceptions about online security, and preventive measures to protect both personal and professional digital information. Read on to learn tips and tricks from Mark:

Hackers need our help!

Oftentimes, a hacker will trick a victim into helping (phishing), but sometimes we give them help without even being asked. A frequent practice of offices using shared computers is the convenient posting of a username and password. Something as simple as a sticker on a shared laptop indicating login information can give a diligent eye everything it needs to get into your system. By taking measures to keep credentials out of sight, you can easily prevent unauthorized access to both computers and servers.

While it is possible to inadvertently share information with a potential hacker, it is much more likely that you will be conned into helping. The most frequently used method of attack comes via email, either one containing a link or an attachment, which, upon clicking or opening, will in turn download malicious software, known as malware. A commonly seen example is an email that appears to be from a known entity, such as Google, requesting that the recipient change his or her password due to a fake data breach. By clicking this link, malware can automatically begin installation on the host computer without the user’s knowledge. A second common example could be an email from a seemingly trustworthy source requesting the recipient review an attached document, the opening of which can, again, install a malicious program in the background, never alerting the user of the attack.

End-to-End Encryption is not as safe as you might think!

Many commonly used messaging apps market a safety feature known as end-to-end encryption. Users may employ these apps under the assumption that messages sent and received can and will only ever be seen by the communicating parties, and that encryption is a trusted tool for the transmission of sensitive information. It is important to understand when that information is being protected.

During end-to-end encryption, a message traveling from sender to receiver is converted into code, ensuring that no hacker can intercept it. However, if someone obtains access to either device, those messages are not encrypted and thus can be easily recovered – even if they have been deleted from the messaging app. Commonly, a hacker might not even attempt to intercept a desired message if they can gain access to the receiving device, easily viewing the thought-to-be-hidden information. Additionally, forensic experts can employ this same technique when searching for evidence, a practice commonly used in many lawsuits that practitioners should know how to use.

Discovery – Know the difference between Native and TIFF

Last, when engaging in electronic discovery, it is important to know not only what you are looking for in a request, but in what digital form you want it. Many might assume that the same document in two different formats is equal, but the information stored in Native and TIFF files can differ greatly. One of the most important differences to keep in mind is the metadata stored in the Native file, which would be removed upon conversion to TIFF or PDF. As Mark explained, metadata can make or break a case, depending on the information it provides. Companies like Computer Forensic Services can help review cases and provide guidance on requests, but attorneys also play a critical role in obtaining what they need by understanding the technical methods by which materials are saved and how to request them.

All of this and more was covered by Mark Lanterman during his informational presentation through Romanucci & Blandin, LLC. Interested in attending future Continuing Legal Education programs?