UK law firm ACS:Law, known for its letter-writing campaigns to individuals suspected of illegal file sharing, has been hit by a distributed denial-of-service (DDoS) attack that left an archive of the firm’s website, including a large number of private email communications, exposed to the public.
Last week the firm’s website was taken offline by a DDoS attack, which hacker group 4chan has admitted to carrying out. When the site came back online on Friday evening, a 350 MB backup version was found to be available on the site’s front page, according to reports. Over the weekend the archive was widely distributed via websites and torrent-download sites, reports said.
The archive included company emails, amongst which were personal and business emails sent by Andrew Crossley, the firm’s main partner, and its only registered solicitor, as well as financial information regarding the company, according to reports. One email contained the personal information of about 10,000 suspected file-sharers, including their names, addresses, postcodes and IP addresses, according to reports.
“This firm collected this information by spying on Internet users, and now it has placed thousands of innocent people at risk,” said PI advisor Alexander Hanff in a statement.
PI said ACS:Law had breached the Data Protection Act by allowing an archive containing personal data to be stored on a public-facing web server. The organisation said it is preparing a complaint to be filed with the Information Commissioner’s Office (ICO).
Crossley has twice been found guilty of conduct unbefitting a solicitor by the Solicitors Regulation Authority (SRA). In August the SRA confirmed Crossley had been summoned to his third disciplinary tribunal, in response to a complaint filed by the consumer magazine Which? over the letter-writing campaigns.
DigiProtect, a German law firm that works with ACS:Law in the UK, in April defended the use of letter-writing campaigns.
In May the regulator Ofcom published a draft of its code of practice for tackling copyright infringement over the Internet, including a ‘three strikes’ rule, which could see persistent infringers being taken to court for illegal file-sharing. Ofcom said the code should come into force in early 2011.
Under the code, which puts into practice the terms of the Digital Economy Act, the IP address of anyone caught committing online copyright infringement three times will be added to a ‘blacklist’ held by their Internet service provider. Copyright holders, including music firms and film studios, will then be able to access the list and issue a court order to begin further legal action.
The European Comission has argued that, although it is illegal, file-sharing is the only way for some European users to download content, due to the lack of a unified European digital marketplace.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
This law firm is, I understand now under investigation by the Information Commisioner.
It should really be investigated by the police. A client of mine (I am an IT consultant) approached me about 8 months ago because they had received a letter from ACS saying that they (the client) had been detected downloading a porno film and unless they sent, I think it was about £500, they would be prosecuted. My client is a retired elderly lady who, at the time of the download was not even in the UK.
I did some research on this company and found that they were in the habit of mass e-mailing people whose addresses they got hold of (from Sky?) demanding money. I told her to ignore it but she was very worried and tried phoning the 'law' company. Her only joy was to get a recorded message telling her that there was no-one available.
They want prosecuting not the alleged downloaders.