Email backup causes embarrassing email leak for ACS:Law

All over the Tech news today is story about the email leak from the unpopular piracy solicitors ACS:Law.

They take great pleasure in hunting down people who’ve been sharing files illegally- now they’re about to get a taste of their own medicine, from the Solicitors Regulation Authority and the Information Commissioner.

The UK’s Information Commissioner (ICO), speaking after the initial leak, told the BBC that ACS:Law had a number of questions to answer.

“The question we will be asking is how secure was this information and how it was so easily accessed from outside,” said Christopher Graham.

“We’ll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.

“The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the [Data Protection Act],” he added.

It all started because the ACS:Law web site was brought down during a DDoS attack. When they restored service, a folder that contained a backup of their emails was restored to a folder contained within their web site. This meant that anyone could download their email backup.

While not everyone did, we know for a fact that someone did. Not only did they download it, but they’ve shared it widely on torrents, which means the world is currently reading through ACS:Law’s emails.

The collection includes the incoming and outgoing emails of Andrew Crossley and his employees, complete with attachments, and contains masses of information about how ACS:Law goes about its business and how much money it makes, plus embarrassing personal details. (Broadband Genie excerpt)

As a Cloud vendor we are frequently queried about our security and how it stacks up. This is because many customers firmly believe that holding on to their data and keeping it on servers located in-house or within their control will be far safer than trusting a secure third party. The ACS:Law breach, no matter how amusing for the many people who dislike this firm and its practices, is a perfect example of how dangerous it can be to keep copies of data peppered around your own environment.

Backups represent a massive collection of logically connected intellectual property that can be easily found (and retrieved) IN A SINGLE FILE!

We are absolutely not condoning the behavior of the perpetrators behind the DDoS, in fact we protect many of our customers from DDoS’s, it merely disproves the fallacy that data is safer on-site and that things can, and often do, happen that are beyond our own internally limited control. It also shows us how dangerous is can be to keep backups on servers in an internal environment.


[VIDEO] A real world example of why backup is not as simple as we think.

Often we talk about the complexity involved in restoring data.

Join Barry Gill and Justin Pirie as they talk through some real issues that recently faced a Microsoft Exchange administrator.


Justin: Welcome back to the Mimecast blog.
I’m here again with Barry Gill, one of our esteemed bloggers.


Now, where's that email?

An old topic, but one that is going to take many years to go away.

Just this morning I found myself helping a sysadmin who was in a flat spin trying to find old emails.
The messages he needed were all dated 2002-2003 and the only place he could even begin his search was in his predecessors tape archive.

After a trip to the basement to find an old tape drive that would support the tapes where the data was, a lengthy device cleaning session to make sure the drive didn’t just destroy the tape and a lot of holding thumbs he was set to go.

Opening up the tape store he immediately found that the “email backup 2002” tape he was looking at had full backup of the companies old Exchange 2000 server mail store.


This is when he started asking around for help and where I came into the picture.

I quickly explained that there really is no easy way to do this considering that he had already progressed long past Exchange 2000 and that we would have to restore the backup of the old mail store into a version of Exchange that supported it, i.e. Exchange 2000.

“OK, I’ll do that, build a Windows 2000 server and then install Exchange 2000 on it.
I’ll then restore from tape to it.

On another note, do you know where I could get a copy of Exchange 2000?
Is it still available on a Microsoft site?”

ROADBLOCK! (more…)