Law Firm Hacked by 4Chan Being Investigated Over User Data Leak

UNITED KINGDOM—The fallout from the DDoS attacks last week by 4Chan is turning out to be more serious than originally thought. The embarrassment factor of having the websites for MPAA, RIAA and other entertainment trade groups taken offline was bad enough, but really only a temporary setback. The revelation that 5,300 Sky internet users also had their personally identifiable information leaked as a result of the attacks could have far more serious repercussions.

Ironically, one of the targets of the DDoS attacks, law firm ACS: Law, may incur the harshest punishment in the form of a half-million-pound fine. According to the BBC, an investigation is under way by the U.K.’s information commissioner (ICO) to find out exactly how Sky internet user information was able to be accessed by the hackers.

“[ACS: Law] has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court,” reported the BBC.

“The question we will be asking is how secure was this information and how it was so easily accessed from outside," said ICO’s Christopher Graham. “We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.”

Graham added that as Information Commissioner he has significant power to take action and can levy fines of “up to half a million pounds on companies that flout the [Data Protection Act].”

The BBC reported that the leaked data contained approximately 1,000 confidential emails in addition to the list containing names and addresses of the Sky internet users, all of which was uploaded to The Pirate Bay file-sharing website.

Since the public unveiling of the information this weekend, file-sharing news sites such as Torrent Freak have been on a rampage sifting through the emails and pulling out the ones they allege indicate the ruthless measures taken by ACS: Law to get money out of accused pirates.

In one such correspondence, the site reports, "A single mother of two explains how her husband who left her the previous year could have been responsible for the infringement and offers to pay the ‘fine’ of £495 in instalments for £20/£30 per month. Despite ACS:Law accepting that the lady did not infringe, a company employee advises, 'I believe this [the offer to pay in instalments] should be accepted.'"

Torrent Freak, which admittedly has no love lost for the tactics of firms like ACS: Law, concludes, "We have hardly reached the tip of the iceberg with these emails, there are many hundreds left to go but even at this stage, things are certain. Nearly all emails revolve around money. Money being demanded, money being transferred from one company to another. Emails promising employees of more money if they do this, that. Emails to companies telling them how much money they can make by becoming a partner in all of this.

"This is not about copyrights and reducing piracy," they add. "Copyrights are simply being used as a method to generate money. Thus far, we have not seen a single email or piece of correspondence which talks about reducing piracy."

The BBC reports that an investigation it conducted in August also unveiled a number of people who said they had been wrongly accused of illegal file-sharing by ACS: Law, which is currently under investigation “by the Solicitors Regulation Authority over its role in sending letters to alleged pirates.”

ACS: Law’s sole principal, Andrew Crossley, whose private emails to employees were among those compromised and posted to The Pirate Bay, declined to discuss individual emails with the BCC, but when asked about the DDoS attack, said, “We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade.”

The situation with ACS: Law could not have come at a more relevant time for adult studios in the United States, several of which are currently suing users of BitTorrent networks for allegedly stealing copyrighted content. AVN has a call into one of the law firms overseeing some of those lawsuits, but had not received a response by post time.