
U.S. Charges Three Chinese Traders with Hacking Law Firms - JumpCrisscross
http://www.wsj.com/articles/u-s-charges-three-chinese-traders-with-hacking-law-firms-1482862000
======
ohyoutravel
Maybe it's just confirmation bias or whatever, but I always assumed law firm
websites would be easy to hack based on the fact that I perceive them to not
care at all about internet stuff. For example, here is the web page of one of
the best corporate firms in the world, a firm who literally pays associates
their first year out of law school $330k (with bonus):

[http://www.wlrk.com/](http://www.wlrk.com/)

This one is one of the most renowned high stakes litigation firms in the
world, better, but still essentially a landing page:

[http://www.susmangodfrey.com/](http://www.susmangodfrey.com/)

Here's one of the hacked firm's sites, another top corporate firm:

[https://www.cravath.com/](https://www.cravath.com/)

So based on these sites, I always had this impression (rightly or wrongly)
that they didn't take their internet presence or security too seriously.

~~~
SamReidHughes
I had a job that revolved around accessing this sort of data on law firms'
email servers and putting it to use. The level of care they took around
protecting themselves from _us_ differed greatly. The actual IT competence
behind these differing levels of paranoia is an entirely different question.

I don't think their websites have anything to do with it, because hacking
their websites won't get you access to their email accounts. For example
www.cravath.com shares an IP with www.nutter.com.

