Lawyers Without Borders (LWOB), a not-for-profit international organisation that promotes and facilitates the application of rule of law by providing pro bono services to activists seeking to exercise their human rights, is currently under attack from an unknown entity based in China.
Christina Storm, founder and executive director of LWB emphasised to SCMagazinUK.com that the organisation was not currently pursuing any cases in China, nonetheless, since the beginning of October there have been more than 1,000 attacks on its website from a specific location in China.
“We know the commercial building used, we know the IP address and there are attacks every four minutes, so it's not legitimate usage. I have even been unable to get into our own server, with the message that someone else is already logged in using that name. Someone in China has a disproportionate interest in our organisation," said Storm.
The organisation had its previous portal compromised by a different, unnamed, government some years ago, probably using a key logger in a public computer, but it believes its current portal is secure enough to withstand attack.
LWOB has state-of-the-art infrastructure thanks to donated technologies under various companies' corporate social responsibility programmes. After experimenting with various online cloud-based systems – needed due to the global nature of its activities – four months ago LWOB it moved its portal to the Intralinks platform – which is cloud-based with strong security.
While the balance between usability and security was sought, security of documents was the priority.
“Our work can save lives – and lives can be lost if we are compromised. We are not trying to antagonise governments, or even engage in overt advocacy, but we are concerned with building capacity of individuals within countries seeking to compel authorities to abide by national and international commitments that they have made,” Storm told SC.
She added that in addition to optimal security, it needed to be easy to use and easy to manage or the security might not get used by clients and staff. That said, the Intralinks system does requiring a log-in in every time, including if the machine has been inactive for five minutes – and retrieving forgotten passwords is deliberately "and assuringly" arduous. Functionality includes the ability to set a document expiry date in advance so it doesn't get forgotten and left on the system, and it is quick and easy to delete a document if necessary.
For Storm, the main attraction was the ability to synchronise documents on a cloud drive ensuring access for herself at her four computers internationally, as well as easy access for those granted access, along with the ability to both attach documents to emails securely, or alternatively send a link to the workstation to a document in the cloud, “So I don't need to send documents I am working on to myself, a habit that can invite security issues,” commented Storm.