ParfumGigi@aol.com

By David Snow
Law.com
January 30, 2007

Sunday night's light snowfall and Monday's bitter chill aside, New York weather has been unseasonably mild lately. But you can always tell when late January rolls around by one unmistakable sign: The LegalTech conference comes to midtown Manhattan, bringing much of the legal technology industry's movers and shakers with it.

With more than 11,000 visitors and 285 exhibiting companies in attendance, ALM Media kicked off LegalTech New York 2007 on Monday, the start of a three-day run of educational sessions, technology demonstrations and parties.

Keynote: Protecting Your Data

David A. Thomas, deputy assistant director of the FBI's Science and Technology Branch, delivered LegalTech's opening keynote address, which focused on his agency's work in the face of increasing online crimes worldwide. He painted a grim picture.

"What are you going to do when you have an incident?" Thomas asked the roughly 400 people in attendance. Note the absence of "if" in that question. Thomas stressed throughout his presentation that survival in the current environment -- in which teenage kids are savvy criminals and sophisticated crime rings in former Soviet bloc countries are acquiring thousands of credit card numbers at a pop -- requires preparation and vigilance.

In one anecdote, Thomas described a 15-year-old hacker, whose computers the FBI had confiscated, using a reconfigured gaming console to steal credit card information online, allowing him to have take delivery on several new computers, which in turn enabled him, just days later, to mount a denial-of-service attack that brought down the agency's Web site for 72 hours.

Another story featured a VoIP hacker who made $1 million a year reselling bandwidth stolen from phone companies. On a related note, he added, "Hackers can eavesdrop on 70 percent of Web phone calls," as just one method criminals all over the world can use to extract sought-after data from U.S. companies. And though Thomas' talk focused a great deal on the work of thieves in Eastern European countries, he stressed that the risks will only increase as the vast population of China rapidly becomes more tech-savvy.

Fortunately, the address, sponsored by Attenex Corp. and KPMG, also covered some measures corporations can take to protect themselves and their shareholders from internal and external threats. From an IT perspective, he said, it's not just about patching security holes that've been exploited, allowing malicious code into your network. It's also critical for IT departments to assess what data has been taken.

For those responsible for an organization's data security, Thomas recommends tactical measures:

Employ dynamic security policy management.

Schedule frequent vulnerability testing.

Launch network penetration studies.

Offer cyberintelligence training programs.

Create an active-incident response plan.