cybercrime

In society, hospitals can be seen as one of the most sacred places. In a hospital, we come together to care for the sick and hurt in our communities. Hospitals require a massive amount of trust. Not just the trust between a doctor and their patients, but the trust in the tools and methodology of the hospital in question. During the treatment process, a massive amount of incredibly personal and sensitive data is pulled from patients. Everything from hyper-specific ailments to credit card and insurance information ends up on a hospital server somewhere after taking a step through their doors. This means that our healthcare system is responsible for our well-being in more ways than one, and it places them in a uniquely perilous position when it comes to cybersecurity. 

Boardman Ohio and Small Town Medical Centers

In June 2019, a medical practice with an office in Boardman Ohio called N.E.O. Urology Associates^[1] fell victim to an incredibly costly ransomware attack. The hack was more or less a standard ransomware attack. The hackers found their way into the urology practice’s local systems, figured out where all of their data was stored, and hijacked it by totally re-encrypting everything they could get their hands on. Encryption is a powerful cybersecurity tool. Many security systems will employ, but that power is devastating when employed against others.

The hack took this small practice by surprise. It seemed to have cropped up as quickly as they noticed it. The speed of the hack and the practice’s lack of preparation cost them dearly. Not just in trust or inconvenience, but in their wallets as well. They reacted as quickly as they possibly could have after being on the back foot and blindsided by the attack, but it still took approximately 48 hours to resume business as usual. Over the two days of disrupted business, N.E.O Urology reported an average loss of around $40,000 a day. Notably, this massive financial hit does not include the $75,000 ransom eventually paid out to the hackers. 

It’s hard to believe that losing over $100,000 dollars in business and profit could be considered getting off easy, but N.E.O Urology was one of the lucky ones. Similar businesses that are running on razor-thin margins are often brought to their knees in the wake of similar attacks. For example, a pair of physicians in a Michigan-based medical had their documents seized and ransomed to the tune of $6,500. All of their appointments, patient information, and health records were encrypted out of their hands until they formally refused to negotiate with the hackers. The hackers responded by simply deleting every single one of their supporting documents. This $6,500 demand was enough to entirely undo their hard-won medical practice and deprived a community of their services^[2]. 

We can see that ransomware attacks aren’t just some internet boogyman. When they take hold, they quickly become a robust form of financial control over our local institutions. As a community of people living and working online we need to understand the damage ransomware attacks can inflict on small businesses^[3].

Why Is This Happening?

One of the cruelest ironies of our increasingly online world is our waning cybersecurity response. The convenience of easily-accessible digital tools and the internet’s proliferation into daily life has linked nearly every single aspect of work to the internet at every moment. However, this seamless integration into our lives has created a massive blindspot. We don’t look at our connection to the internet as a vulnerability the same way we do physical threats. We lock our file cabinets at night and put our tax documents in safes because we understand the damage that would be done were these documents to fall into the wrong hands. This same ethos needs to be spread to our cybersecurity plans.

Today, however, we stand at a security crossroad. Politically, culturally, and financially we find ourselves at an awkward standstill^[4]. Corporate interests are focused on generating a growing short-term profit for shareholders. This means that long-term investments in infrastructure that has no immediate benefit to an outside observer will find themselves on the cutting room floor in favor of methods that generate profits. Cybersecurity budgets tend to fall victim to this mindset, particularly with businesses that don’t see themselves as “operating online.” As we’ve seen with recent hospital hacks, businesses that operate in the physical realm still back themselves up with support from the digital world, and neglecting this reality will bring an operation to a screeching halt. 

Legislation has also done an abysmal job keeping up with security threats. We have no problem legislating physical threats, but in recent years cybercrime has been met with significantly less pushback. The Colonial Pipeline hack, for example, was a high-profile hack that was felt firsthand by the American people^[5]. Gas stations all up and down the East Coast ran dry, weekend plans for visits to friends and family were stalled out by empty gas tanks, and employees missed work simply because their local fill station had no wares to provide. Eventually, the government caved to the hacker’s demands and the legislative branch responded in an anemic and reactionary fashion. To this day, digital protections of the American energy sector are held together in a patchwork of ill-suited organizations and loose regulations.

White House officials say they’re unable to move harder on regulation without specific authorization from Congress. American Congress is filled to the brim with rapidly aging representatives with a marked lack of technical knowledge^[6]. This current state of the legislative body of the United States leaves a distinct cybersecurity-shaped hole in leadership which has a direct impact on how cybersecurity is viewed by the layperson. If the government can scrape by with the bare minimum, what is to light a fire under the butts of the mom and pop business?

How Can AXEL Go Help?

AXEL Go is a file storage and sharing service that is designed to revolutionize the way we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-25 bit 6 encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

---

Citations 

^[1] Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/ohio-medical-practice-hacked-pays-75-000-ransom-news-report-says.

^[2] Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/physician-practice-roundup-michigan-practice-will-close-after-doctors-refuse-to-pay.

^[3] Bergal, Jenni. 2022. “Ransomware Attacks on Hospitals Put Patients at Risk”. Pewtrusts.org. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2022/05/18/ransomware-attacks-on-hospitals-put-patients-at-risk.

[4] Marks, Joseph. 2022. . https://www.washingtonpost.com/politics/2022/06/24/cybersecuritys-bad-its-getting-worse/.

[5]. Ellen Nakashima and Lori Aratani 2022. . https://www.washingtonpost.com/business/2021/05/25/colonial-hack-pipeline-dhs-cybersecurity/.

[6] Magan, Veronica. 2022. . https://fiscalnote.com/blog/how-old-is-the-117th-congress.

We all love email attachments. They’re one of the most accessible and simple methods for distributing files. From word documents to media files, a quick click of the paper clip will attach a file to your brief missive and send it on its way. The ease with which we’ve been able to fire off information has changed communication online forever. However, there is a wildly disappointing and fundamentally compromising weak point in how we share email attachments. They last, effectively, forever. When we fire off an email attachment, we tend not to think about what happens to it next. We can put our trust in the recipient and their digital security hygiene. Still, we can’t do much about the fact that email servers necessarily hold onto your attachments for an indeterminate amount of time. What does that mean for the contents of your emails? How does this take control of your data out of your hands?

Let’s Talk Attachment

1992 was the year the first email attachment was sent. We have Nathaniel Borenstein to thank for that. It may surprise you to learn that the contents of the first email attachment were shockingly mundane. If you were to go back in time to receive this monumental document, you’d be greeted by a photograph of a barbershop quartet called the Telephone Chords. This aptly named quartet was able to travel through the screeching wires of dial-up internet thanks to Nathaniel Borenstein and his colleague Ned Freed. Together, they wrote an internet extension called Multipurpose Internet Mail Extensions (MIME). Their shared desire to get photos to their grandchildren over the internet one day in the future drove them to write this monumental internet extension.

Clearly, this extension was a hit. You can find traces of it, if not the extension in its entirety, in the DNA of your email services to this day. MIME has persisted well over twenty years by this point, and while its resilience speaks to the simplicity and flexibility of the process, we can see the cracks appearing in the news. Stories of email server hacks show us what MIME’s biggest weakness is: centralization.

We all know by now that the internet is effectively just a massively interconnected network of computers chattering back and forth at the speed of light. Some of these computers are responsible for storage. It’s a massive responsibility and a sizable vulnerability. Your email attachments, as we know them today, need to exist somewhere so they can be accessed from anywhere. Email is an indispensable tool that allows us access to our inboxes from anywhere in the world via the internet. Still, email as we know it is beginning to lag behind hackers’ latest advancements. 

Currently, we protect our emails during transit. This is done via an encryption process called Transport Layer Security, or TLS. This in-transit encryption scrambles your messages and your attachments until they reach their intended target. Any outside observer looking to pilfer an email as it leaves your computer will find themselves stumped. In response, hackers have begun looking elsewhere for your information — the servers they’re backed up on. Instead of trying to trawl for data during an incredibly narrow window, they’ve started cracking open the servers your emails end up on after you’ve hit send. The conveniences you’ve enjoyed, such as the ability to search up a conversation you had a decade ago in your high-school Hotmail account, have presented themselves as a surprising vulnerability in the age of ransomware and high-profile security breaches. While your emails patiently wait for the next time you pop in your password, they’re being poked at from every conceivable angle until the subsequent server breach occurs, laying every PDF and “I love you” at the feet of bad actors.

Protecting Yourself From Server Breaches

What can you do if you’re a digital native that does their work online? Your bread and butter are artfully crafted from your ability to contact clients and communicate with them as quickly and easily as possible. We are working online in unprecedented numbers (and those numbers are still growing). Every job application, family photo, and memoir draft is sitting somewhere, waiting for someone to discover it after you’ve attached them to an email. 

The simplest option, frankly, is to not engage in the first place. Today we have so many alternatives to email attachments that are as simple, if not more simple, to utilize and much more secure. If your business requires legal documents or personally identifying information from potential employees and clients, then consider outside services. E-signatures and expiring links are quickly becoming easier to use and much more ubiquitous for a good reason. E-sign sessions terminate the ability to alter or access a document once it has been signed, making them effectively as secure as a hard copy with the added benefit of removing a hacker’s ability to later access the personally-identifying information shared on the document. If e-signatures or expiring URLs aren’t an option, file-sharing services like AXEL Go now offer secure methods of submitting and requesting documents. AXEL uses secure fetch to generate an encrypted, personalized, and password-protected link that your clients can use to securely upload documents into your file storage, rather than relying on email attachments and their vulnerable servers. Anything that gets your documents off of an email server for an indeterminate period of time and puts you in control of who can access your data will put you and your business leaps and bounds ahead of the competition with minimal effort.

Revolutionize Your Attachment Style

AXEL Go is committed to creating an internet that is more secure by default. Our file-sharing service is intuitive, simple, and, most of all, safe. Our decentralized servers make server-side breaches effectively impossible, our AES-256 military-grade encryption easily stacks up to the TLS security that currently governs our email attachments, and all of our file shares come with an in-built expiration date.

You can try AXEL Go and all of its features for free with our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.

---

Citations

Marks, Joseph. 2022. https://www.washingtonpost.com/politics/2022/06/24/cybersecuritys-bad-its-getting-worse/.

Sjouwerman, Stu. 2022. “[Heads Up] The Bad Guys Have Likely Hacked Your Exchange Email Server”. Blog.Knowbe4.Com. https://blog.knowbe4.com/heads-up-the-bad-guys-have-likely-hacked-your-exchange-email-server.

Beatrice, Adilin. 2022. “You Are Being Redirected…”. Analyticsinsight.Net. https://www.analyticsinsight.net/critical-analysis-of-cybersecurity-in-the-government-sector/.

Stockton, Nick. 2022. “Meet The Man Who Gave The World Email Attachments”. Quartz. https://qz.com/186426/meet-the-man-who-gave-the-world-email-attachments/.

“Security & Trust Center | Google Workspace”. 2022. Workspace.Google.Com. https://workspace.google.com/security/?secure-by-design_activeEl=data-centers.

Telegram has become one of the top social outlets for people operating online that care deeply about their security and privacy. Group conversations that take place on Telegram are characterized as private affairs that are fully encrypted from the moment they leave your phone to the moment they arrive in your conversation partner’s inbox. This front-facing image combined with its unlimited file-transfer size, and its position as the “Anti-Facebook” has garnered the trust of well over 700 million users. It’s disappointing for the future of privacy and security on the internet, then, that Telegram and similar services have not been operating in their user’s best interests. Thousands of users have been exposing themselves to unique vulnerabilities that they may have been entirely blind to for years now. How can we protect ourselves online in a way that is effective and convenient? How do we know when a service has poorly represented itself before it’s too late?

Telegram WhatsApp and Security Missteps

Telegram’s story owes much to Meta’s mismanagement of WhatsApp user trust. For years, users of WhatsApp were trusting their conversations to the messaging platform believing that their data was securely in the hands of WhatsApp and no other company. In 2021 a clarification of WhatsApp’s privacy policy turned that understanding on its head^[1]. It turns out that, for years, WhatsApp had been sharing user data with its overbearing tech parent, Facebook. 

WhatsApp is a communication platform that advertises its privacy and security features above everything else. Naturally, this attracts users that are concerned about keeping their information secure and their conversations private. One could argue that this oversight falls on the user for glossing over the terms and conditions, this, however, ignores an unfortunate reality — we live in a world where fully reading and comprehending the terms and conditions for just 13 of the most popular apps on the market right now would take over 17 hours^[2]. Terms and conditions exist to obfuscate shady practices, as we saw with WhatsApp, and they operate in defense of Big Tech, giving their legal teams a leg up on the layperson. 

This revelatory reframing of WhatsApp’s practices turned millions of WhatsApp users off. When presented with the porous reality of WhatsApp’s privacy policy, Telegram, a similar service became a safe harbor to millions of users in a clearly-identifiable 24-hour period^[3]. Seeing a service that promised the privacy and security WhatsApp once claimed it had, Telegram and Pavel Durov saw a spike in downloads never before seen in their first seven years of business.

How Telegram Falls Short

It turns out that Telegram isn’t perfect either. Conversations will not benefit from Telegram’s end-to-end encryption until users dance through a brief series of hoops to enable a ”secret chats” feature, and even after doing so, they need to remember to flip the feature back on every time they pick the “secret” conversation back up. The feature works like a charm when engaged, but the fact that it must be reengaged as often as it does, leaves users twisting in the wind. Telegram users also tend to have their conversations in group chats, an area Telegram, and its encryption, fall apart. Group chats on Telegram are stored on servers, unencrypted, and open to prying eyes^[4]. Unfortunately, it seems like Telegram’s bid to become a home for private conversations has fallen short of expectations, and this shortcoming seems to be the norm when it comes to creating spaces on the internet that are geared towards privacy. The disappointment doesn’t stop there, either. Telegram’s encrypted conversations are run through a proprietary encryption process called MTProto rather than something established and well-proven like AES encryption^[5]. Telegram’s encryption has admittedly held its own so far, but it stands alone where more well-established encryption protocols have the benefit of shared knowledge between all of its users.

How Can We Maintain Privacy without Sacrificing Security?

It seems that the internet of today is going to remain constantly subjected to security shortcomings. As it stands now, the security onus rests firmly on the shoulders of the user. The internet as we know it is built on a series of services that rely on centralized infrastructure run by tech giants ready to trade your data for a quick buck. Terms are stacked against you, and companies that want to garner the good faith of law enforcement like the Ring Video Doorbell will poke a hole right in the middle of your expectation of privacy in exchange for an approving nod. There are three main things we can do as things stand, currently.

Start by carefully reviewing the terms and conditions for any service you add to your technology rotation. This can be a difficult thing to do on your own. Luckily, we have crowd-sourced summaries that break them down into plain, manageable English so you can make informed decisions as an end-user. Second, check for feature fine print, Telegram’s opt-in encryption is an excellent example of this. Design, speaks louder than words, so if you need to constantly flip a key feature on before you use it, then there’s a good chance that the app would rather you behave differently to their benefit. Third, you must diversify. Telegram may make group conversations easy and Discord may be an excellent tool for creating an online community, but neither of these services are built to protect your privacy or security like a dedicated file-sharing service.

AXEL Go is the perfect way to maintain excellent digital hygiene. Telegram and similar services will offer to handle your sensitive shares, but they will also hold onto your documents way past their intended shelf life. Their servers aren’t designed to protect your files the same way AXEL Go and its decentralized servers, are. AXEL Go uses military-grade AES 256 encryption, there are no surprises or lagtimes between it and cutting-edge encryption technology. AXEL Go also has zero interest in peering into your activity, your files are your own, and only yourself and authorized recipients are capable of seeing what your storage holds.

You can try AXEL Go and all of its features for free with our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.

---

Citations

[1] Condé Nast. 2022. “How Telegram Became the Anti-Facebook”. Wired. https://www.wired.com/story/how-telegram-became-anti-facebook/.

^[2]Axis, The. 2022. “It Would Take 17 Hours to Read the Terms & Conditions of the 13 Most Popular Apps”. PCMAG. https://www.pcmag.com/news/it-would-take-17-hours-to-read-the-terms-conditions-of-the-13-most-popular.

^[3]Joel Gehrke, Foreign Affairs Reporter  | . 2022. “Telegram is ‘not a secure platform,’ NATO-backed strategic comms chief warns”. Washington Examiner. https://www.washingtonexaminer.com/policy/defense-national-security/telegram-secure-platform-nato-warns.

^{[4] [5]} Condé Nast. 2022. “Fleeing WhatsApp for Privacy? Don’t Turn to Telegram”. Wired. https://www.wired.com/story/telegram-encryption-whatsapp-settings/.

AXEL had the honor of hosting a roundtable with ABA GPSolo. Our very own Jeff Roper (VP of Business & Legal Affairs) along with Kassi Burns (Senior eDiscovery Attorney at King & Spalding LLP), and Rob Hook (Independent Consultant and Forensic Examiner) rolled up their sleeves to deliver the Top 10 E-Discovery and Digital Forensics Tips for Solo and Small Firm Attorneys. Since the world of work was turned on its head in 2020, we’ve had to adjust how we collaborate online, protect data, and look at digital security in the workplace. After a few years of first-hand insight, Jeff Roper, Kassi Burns, and Rob Hook share their insight with legal professionals and working professionals looking to absorb the knowledge they need to expand their businesses.

Challenges Facing Legal Professionals 

Legal professionals are held to some of the highest standards when it comes to storing and retrieving information online. The discovery process has been drastically complicated by the advent of the internet. As bad actors become savvier, sticking to those rigid ethical guidelines is more important than ever. 

Remote or decentralized workplaces present a new issue to working professionals in the form of new, unsteady norms. We understand intimately how long we should be storing hard copies of legal documents in-office. We understand the process of disposing of shredding docs and handing them over to professionals to destroy them permanently. We’re well-acquainted with keeping our personal devices separate from our work devices when sitting down at a desktop shared by the workplace. 

Burns asks us: how are you transmitting your client data, where are you storing your client data, and does your client data contain personally identifying information? These three questions are crucial to understanding cybersecurity’s gravity and potential vulnerability vectors. Your clients rely on your careful, rigorous security measures once they hand their data over to you. It’s also important to remember that your clients aren’t the only people putting their security in your hands during the eDiscovery process. If there is personally identifying information in that data that relates to your client’s customers and loved ones, then you’re also on the hook for their privacy and security.

Hidden Liabilities

One of the most challenging aspects of E-Discovery is the preservation of metadata. For the unfamiliar, metadata refers to data about the data you’re collecting. Most importantly, in the case of legal professionals, data related to dates of access and records of the most previous changes. 

By its very nature, metadata is ephemeral and easy to change. Rob Hook reminds us that this sort of data lies in a single bit (the smallest measurement of data) and when altered, it disappears forever. This can often be seen as a sort of security measure. The one-way nature of metadata, in most cases, provides us with an unadulterated view of the true nature of data being presented to us. The problem today comes from how many file storage and sharing services treat metadata once it’s handed over to their servers. 

Thanks to Kassi Burns, we were given the opportunity to examine how much information we’re truly working with throughout the eDiscovery process. Every email, text message, and file transfer opens our offices up to breaches. That means, in the discovery process, it’s essential to implement and utilize security measures wherever possible. Burns tells us if it needs to be emailed, we need to think about encryption, if we’re storing files, they need to be protected from the instant they’re retrieved, and if we need to use personal devices, then we need to ensure they’re protected as fiercely as the machines we use at work. Because we rely on hundreds of threads of information throughout our everyday lives, we should be equipping our colleagues with protective tools ready to catch any data that slips through the cracks.

Often, incomplete copies are made when we upload files to the cloud. Many file-sharing services will neglect to copy over and preserve metadata, instead choosing to overwrite it or alter it. This, in a legal setting, will often poke holes in otherwise solid evidence. The preservation of metadata is crucial to the eDiscovery process. Once we lose that single bit, we lose credibility entirely. Preserving credibility extends further than monitoring metadata. We also need to ensure that our colleagues respect and preserve the data gathered. Dispelling uncertainty by sharing a digital home for the data collected by your team ensures that you have backups, can monitor the data and that your team can access it from anywhere in the world without altering it after the fact.

Further Complications

Once we’ve dealt with the myriad obstacles presented in simply retrieving and storing documents in a way that accurately preserves them without compromising their integrity, we still have to deal with issues outside of simple shares. Are our internet connections being monitored? How do we manage to protect ourselves if they are? What do we do about colleagues using personal devices? How do we know if we’re even talking about the same thing? Rob Hook has several years of experience doing so and still to this day runs into this communication mismatch with seasoned tech professionals.

We need homes for our data that are easily accessible no matter the tech-savviness of the user. Features like secure fetch and automatic encryption provided by AXEL Go create a foundation of security that raises every practice, big or small, to levels of personal security that we have not seen to date. Uncertainty when it comes to tech is a natural part of existing online. That’s why file-sharing and storage have to become a process that is as simple as possible on the front end. We often take user experience for granted when discussing cybersecurity solutions, but creating easy-to-use solutions is the first step in getting users to commit to cybersecurity in a real-world sense.

Kassi Burns and her hands-on experience sheds light on the practicalities of keeping the discovery process as secure as possible. We live in a world where practically every interaction crosses over into the digital world at some point. We need to create access points on personal devices that provide the maximum amount of security with the minimum amount of friction. Securely requesting, sending, and retrieving documents needs to become second nature, and as a feature in file-sharing services, we should be expecting these to become the norm in the future.

What Does AXEL Go Do To Remedy This?

AXEL Go has been designed to improve and supplement the eDiscovery process. Military-grade end-to-end encryption built into AXEL Go allows legal professionals to send and retrieve files in a personalized bastion of security, decentralized storage solutions further protect these files by separating them into dormant shards until an authorized user calls them together, and most importantly, ease of use has been built into the system. Legal professionals with any level of tech literacy can jump into the eDiscovery process in a secure, private, and ethical manner with minimal entry barriers. The constant stress of building a secure network for your colleagues can be remedied simply by entrusting your data (and your clients’ data) to a secure source.

This year, our Roundtable landed on one crucial thing: we can improve the way we work online without fumbling over over-technical obstacles. A single secure solution to your discovery problems is just one click away. Thank you to Kassi Burns and Rob Hook for bringing your professionalism and invaluable insight to the roundtable. With it, we will build a more secure and robust internet and eDiscovery process.

Please take a moment to listen to or watch this roundtable, titled “Top 10 eDiscovery and Digital Forensics Tips for Solo and Small Firm Attorneys”, co-sponsored by ABA GPSolo and AXEL Go.

You can try AXEL Go Premium with all of its features unlocked for free by signing up for our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.

Today we entrust our information to more stewards than ever before. From notebooks to cloud storage, our secrets, personal information, and mundane data are all open to an invasion of privacy in some form or another. It shouldn’t matter how crucial or personal our documents are. We should feel entitled to the dignity of privacy, especially when we’re asking a third party to hold on to our information in exchange for modern conveniences. A doorbell shouldn’t become a vector for surveillance, and crucial tools like our phones should not be subject to unreasonable search via a series of loopholes. Where do we see alarming boundary crossings, and what can we improve before it’s too late? These are the questions we should ask as responsible technology and internet users. 

Supreme Court Phone Faux Pas

The United States Supreme Court has recently been on the receiving end of what can be considered a socially engineered data breach if we look at the news coming out of the court from a certain angle. In response, clerks in the courts have had to contend with having to play defense to keep, what should be, their civil liberties intact^[1].

This push into the lives and phones of the Supreme Court’s clerks comes as a bit of a surprise. Wired sometimes calls this a “disturbing about-face” ^[1]. Particularly this about-face comes from Justice John Roberts. In the past, Justice Roberts and his court protected digital rights more than many of his contemporaries. For example, in 2014, the Roberts Court ruled in the case of Riley v. California. This decision protected cellphones at the time from warrantless searches similar to the way we look at vehicles, personal, or searches of the home. They’ve also ruled that the police violated the Fourth Amendment when they obtained and acted on cellphone location data for over a week without a warrant. 

Today, these courts that once fought for reasonable cell phone privacy laws are pulling some of the same stunts to pick apart their staff without fear of any repercussion. The clerks are being asked “lawfully” to hand over their devices. The courts claim that there is no coercion taking place, and their phones are not technically being seized. This immediately rings alarm bells. At best, this is an employer weaponizing their employee’s careers to pick through their personal data. At worst, this sets a precedent for other leaders who feel like their clerks or staff have overstepped a boundary. While, in this instance, it could be argued that the court document leak is an egregious enough professional failure to warrant the phone affidavit, we can also see from statements released by the Justices that this cellphone deep dive comes from a place of personal anger. Words like “betrayal” crop up in quotes from Cheif Justice Roberts.

These calls for the personal phones of their clerks set an example for the American people. While the courts are, in some ways, different from a workplace or a police investigation (it should be noted that this is considered an internal investigation), we should also remember that choices that one of the primary checks and balances in the American government make are not often taken lightly. There may not be any broken laws in the wake of this internal investigation, but it should, at the very least, raise some eyebrows when we think about our digital privacy.

Police Privacy Problems

What do your doorbell, your fingerprint, and your cellphone have in common? The police can extract information from them without obtaining a warrant in a perfectly legal capacity. This may surprise many, especially after learning that the Supreme court has ruled more than once that your personal phone and its data should be considered private in some capacity. 

Ring doorbells work closely with local police, giving them nearly unlimited access to your doorbell’s footage, and in the event that their access is limited by a time gate or a similar sanction, they can circumvent the rules by downloading all of your footage ahead of time to watch at a later date^[2]. Phone location data and fingerprint lock screens are simply laid at the feet of law enforcement. Ideally, these technological affordances are given to the police with the understanding that they will stop crime faster and bring to justice those that have done wrong. Still, in practice, these are no more than an extension of the government’s access to your location and privacy.

This information is troubling, not simply because it flies in the face of our common sense expectation of privacy, but because of the ways these oversights have been and will continue to be weaponized against citizens^[3]. There is a well-documented issue within the justice system of innocent suspects taking plea bargains simply because a narrative could be constructed out of tenuous circumstantial evidence^[4] or because they don’t understand the extent of their rights. The more we allow law enforcement unfettered access to personal data, the more we allow shortcuts in due process.

The Importance of Privacy

Privacy is a right that is hard to reclaim after it’s taken from us. The Patriot Act, for example, has famously overstayed its initial welcome^[5], and we feel those effects every single day. A polite society has a basic respect for the privacy of its citizens, and we’ve seen first-hand how quickly technology can find new and bizarre ways to pull information out of us. A trinket on your door is not worth having your front yard beamed directly into your local police precinct every time a squirrel runs across the lawn, and we should not be expected to shoulder that burden for modern conveniences.

It is for that reason and more that AXEL believes in the importance of privacy. A draft of your novel is just as personal and private as your tax information. Our commitment to the privacy of our users is the foundation of our business. You can sign up for a 14-day free trial of AXEL Go premium and experience convenient and secure file sharing, storage, and retrieval without sacrificing privacy or quality.

---

Citations

^[1] FOX CAHN, ALBERT. 2022. “The Supreme Court Is Building Its Own Surveillance State”. Wired. https://www.wired.com/story/the-supreme-court-is-building-its-own-surveillance-state

^[2] Wroclawski, Daniel. 2021. “What to Do If the Police Ask for Your Video Doorbell Recordings”. Consumer Reports. https://www.consumerreports.org/legal-rights/police-ask-for-video-doorbell-recordings-what-to-do-faq-a8950763605/.

^[3] Bambauer, Jane. 2022. “Letting police access Google location data can help solve crimes”. Washingtonpost.com. https://www.washingtonpost.com/outlook/2022/03/28/geofence-warrant-constitution-fourth-amendment/.

^[4] Redlich, A. D; Summers, A & Hoover, S. 2022. “APA PsycNet”. Doi.apa.org. https://doi.apa.org/doiLanding?doi=10.1007%2Fs10979-009-9194-8.

^[5] 2022. “Surveillance Under the Patriot Act”. American Civil Liberties Union. https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act.

We all see massive cyber breaches in the news. When industry giants are the victims of a security breach, we typically first think about the customers and their personal data. News stories covering cyberattacks look at how many passwords were leaked or the number of lost credit card numbers. Still, there’s something we tend to overlook when hackers find an opening in a big business’s digital armor: small businesses. Vulnerabilities that are discovered by picking away at a major player’s security measures are immediately redirected to companies with fewer resources. Let’s take a look at some massive breaches and their secondary effects on the small businesses that support our daily lives.

Verizon’s Employee Breach

In May of 2022, Verizon was the victim of a data breach. In this data breach, the full names, email addresses, and other identifying information such as corporate ID numbers and phone numbers of Verizon employees were plucked from Verizion’s internal databases by hackers. A report from Motherboard, as well as a statement from Verizon themselves, have confirmed the data breach in question did indeed take place. Verizon claims that it will refuse to engage with the hacker because Verizon does not believe the information is sensitive enough to warrant any sort of worry^[1]. 

Motherboard reporters went the extra mile, however, and combed through the leaked database to confirm that the hackers were indeed genuine in their findings. Employees, both past and present, were contacted with phone numbers and other contact information found in the package shared with reporters. This alarming breach of privileged company data was executed by a surprisingly simple trick in the hacker’s toolbelt — they were welcomed in with open arms. 

According to the hacker, they simply posed as an internal employee and asked for remote assess to a corporate terminal. From there, they were able to root around for any information they could find. Now that they have their hands on a much more robust set of identifying credentials, the next attempt may be much easier and more effective. 

There were no lost social security or credit card numbers, and no passwords were leaked. Knowing that the hackers used a minimal amount of identifying credentials to gain access to Verizon’s corporate servers means that the information leaked could lead to a much more devastating breach next time. Even if the hackers don’t target Verizon headquarters again, they could very easily run a series of sophisticated scams now that they have internal names and ID numbers.

MGM’s Data Leak

On Telegram, the social messaging app, a rather hefty 8GB database stuffed to the brim with the personal information of around 30 million MGM Resort guests, was discovered by vpnMentor Research Team. vpnMentor Research Team can be thought of as digital volunteer firefighters. They tackle cybersecurity threats and spend their time teaching organizations how they can better protect their clients and their data. 

According to reports from Hackread, the data had been obtained as early as July 2020. A group or perhaps an individual going by the name NightLion^[2] claims to have plucked the personal information from a data-leak monitoring service called DataViper. Part of the delayed response to the news was due to DataViper’s insistence that the breach had, in fact, not occurred and further asserted they had no access to MGM’s internal storage. The package’s release on Telegram and the statements from vpnMentor prove otherwise. 

The data leaked in the package, similar to Verizon’s leak, contain reams of identifying credentials. This data ranges from full names and dates of birth to postal addresses and over 24 million unique email addresses and accompanying phone numbers. This data is now in the hands of bad actors that can easily slot this database into one of their own. The names, numbers, and the mere fact that they have been proven customers of MGM Resorts^[3] can now be used in rather sophisticated phishing schemes and a bevy of other petty scams. The data can be weaponized against MGM Resorts themselves. Hackers and scam experts can use this data to convincingly pose as past customers to give themselves approximately 20 million attempts at a thriving racket of their own design.

How Does This Affect Small Businesses?

It’s easy to see the consumer-related consequences of these data breaches. In two attacks, a population the size of the state of Florida^[4] has been exposed to the whims of any hacker with access to the right Telegram channel. That data can easily be used for email scams, phishing calls, and anything else you can think of with a bit of creativity. What we often have a more challenging time seeing is how these breaches can be directed at small businesses.

As hackers land on breach methods that break through the sophisticated protection methods of large businesses and the resources they have available, they will use those methods to breach small businesses and their more limited defenses. Suppose a small business unwittingly allows remote access to one of its internal machines or their storage system is breached, and they lose their client data. In that case, their business could very easily buckle under a proposed ransom or a negligence claim. 

What Can AXEL Do?

Our storage methods and our security solutions are built to be people-proof in some respects. Documents stored with AXEL Go are digitally fragmented and stored separately across a number of independent servers. To supplement this, actions taken within AXEL’s infrastructure are encrypted from end to end with military-grade AES-256 technology. Any prying eyes that have wormed their way into a small business’s systems would need to break through billions of layers of encryption, and following documents to their destination quickly becomes a fool’s errand with decentralized storage. 

Best of all, AXEL Go never lays eyes on your data, meaning no stray unauthorized copies are floating around on the internet to be scraped by a clever bot, and AXEL Go doesn’t discriminate based on company size. Individuals getting their practice off the ground have the same protection as premium power users. Protection of small business with the zeal and professionalism normally reserved for big businesses creates a safer internet for all, and we intend to build it.

You can sign up for a 14-day trial of AXEL Go Premium with all of our features unlocked and see why AXEL Go is leading the future of file-storage

---

Citations

[1] Cantisano, Timi. 2022. . Xda-developers.com. https://www.xda-developers.com/verizon-data-breach-employees-data/.

[2] 2022. “Exclusive: What Happened? A dispute between NightLion Security and Astoria Company Escalates”. Databreaches.net. https://www.databreaches.net/exclusive-what-happened-a-dispute-between-nightlion-security-and-astoria-company-escalates/.

[3] Conneller, Philip. 2022. “MGM Resorts Data Hack: Customer Info Stolen in 2019 Now on Telegram”. Casino.org. https://www.casino.org/news/mgm-resorts-data-hack-customer-info-stolen-in-2019-now-on-telegram.

[4] WAQAS. 2022. “142 Million MGM Resorts Records Leaked on Telegram for Free Download”. HackRead | Latest Cyber Crime – InfoSec- Tech – Hacking News. https://www.hackread.com/142-million-mgm-resorts-records-leak-telegram-download/.