Plenty of law firms, companies and individuals today – both intentionally and inadvertently – are hiring hackers  to gain access to third-party systems and data.  And plenty of them are getting caught.  Consider these two examples.

California: Two Hackers, One Keylogger Tool and a Ten-Count Federal Indictment

Earlier this month, two private investigators in California, their client and two hackers were charged with federal crimes of Conspiracy, Accessing a Protected Computer and Obtaining Information, and Interception of Electronic Communications (U.S. v. Moser, et al., U.S. Northern District Court of California – San Jose Division, CR15-00013. 7 Jan. 2015).  One of the private investigators was a former San Francisco police officer, according to the Marin Independent Journal.

  • The client, the Security Director of a company, hired a private investigator, who then brought in another private investigator, to obtain information to support the lawsuit his company filed against a competitor and former employees who went to work for the competitor, according to San Francisco Bay Area News KRON-TV. 
  • The private investigators then hired two computer hackers to access the email and Skype accounts and protected computers of four individuals without authorization. 
  • According to the indictment, they also installed and used a “keylogger,” a tool that intercepts and logs the particular keys struck on a keyboard so that the person using the keyboard does not know their actions are being monitored. 

New York: An FBI Investigation Exposes a Private Investigator’s Engagement of a Hacker

New York is also making headlines in this regard.  A private investigator, Edwin Vargas, is likely to plead guilty to charges of paying a hacker $4,000 to steal email passwords and credentials belonging to 43 people, the New York Times reported.  The FBI investigation was sparked by the identities of the investigator’s clients, which have included lawyers.  Possibly related to the case is an NYPD detective, who, in 2013 pleaded guilty to charges stemming from hiring a firm to hack into the email accounts of NYPD employees for personal use.

Know the Rules.  And Ensure Any Investigators You Engage Are Following Them.

We spend a lot of time on this topic during our Continuing Legal Education presentation on “Ethics in Conducting Investigations” to law firms. The presentations stress the importance of attorney oversight when supervising or conducting an investigation.   Under the ABA Model Rules of Professional Responsibility and the corresponding Illinois Rules of Professional Conduct, Sections 5.3 (Responsibility Regarding Non-lawyer Assistance) and 8.4 (Maintaining the Integrity of the Profession), attorneys are responsible for the investigative techniques used by the investigators they employ, oversee or supervise.  While investigations may include computer data analysis, document gathering and witness interviews, employing “hacker-for-hire” firms is neither ethical nor legal, and can never be used in connection with an investigation.

What’s this mean for you?  If you oversee investigations, for your company or clients, make sure the investigator, techniques and methods used are legal.

This blog is for informational purposes only and does not constitute a legal opinion or advice.

_____________________________

To learn more about our Illinois Ethics Continuing Legal Education presentation, please contact Howard Fisher, Esq., VP of Strategic Relationships.