Read 16 comments as:
Filter By
Recent raid on WazirX:
https://www.ndtv.com/business/cryptocurrency-exchange-wazirxs-bank-balance-frozen-by-enforcement-directorate-after-searches-3227915

Quote:
Investigators believe Zanmai Labs -- the company that owns WazirX -- has created "a web of agreements" with companies in the US, Cayman Islands, and Singapore. The intention is to "obscure the ownership of the crypto exchange".
Sometime back I have posted this comment:
https://www.legallyindia.com/convos/topic/179364-nishith-desai-associates-caught-in-india-s-panama-papers-dubbed-desai-papers#comment-186733
It was about a discussion thread on a popular cybercrime forum Raidforums which has now been shutdown. This discussion was about how a hacker group had hacked NDA servers as a revenge and had gotten access to its client confidential data. One of the clients whose data was with these guys was WazirX.
If a breach like this happens in a firm like NDA with a lot of security-raises lot of red flags. Hope other t1's take steps to make sure their data is more secure.

Little bit of NDA security- NDA relies on ColorTokens Xshield, built on the ColorTokens Zero
TrustPlatform, to protect its IT networks, application workloads,endpoints, and sensitive client data


https://colortokens.com/wp-content/uploads/Case_study_NDA.pdf
I remember that the discussion thread on Raidforums did refer to this colortokens. The OP there had said that colortokens technology is ancient and it was walk in the park for them to just breach whatever security systems NDA had in place. NDA is very good at PR and NMD likes to show off how high tech NDA is. Just because NMD calls something military grade doesn't mean it is fool proof. He also did not clearly state which county's military he was comparing his firm with.

Jokes apart - there are two lessons for Indian law firms (and the clients who engage them). First, do not take IT security lightly. Second, don't antagonize techies. Even the top law firms are just ordinary netizens in the cyberworld.
Is there a lot you can really technically even do to prevent data being exfiltrated by an internal leak by a disgruntled insiders, let alone a person in the techie team?

Point is, if the NSA didn't manage to stop Ed Snowden, how will a law firm?
Don't look at extremes. Not every tech nerd is Ed Snowden. He's just saying focus on IT security so that chances of your server getting hacked are severely low.
The point is, defending against an 'inside job' - especially from a techy who built the systems - is very very hard for many places (even for someone like the NSA).
NDA leaks were not orchestrated by an techie who built the system for NDA. NDA licenses its tech infra and other than occasional fad (mobile app), has not gotten anything developed internally. So this comparison with Ed Snowden is unwarranted.

An associate was responsible for these leaks. She took the data to a rival firm. Her ex got hold of the data and shared it with Prashant Bhushan, ED, CBDT. That's when NMD messed up. He hired this associate back and sued her ex for accessing NDA's proprietary data illegaly. The house of the ex was also raided and all his electronic devices seized by NDA. It so happens this ex is a techie who is a member of some hacker group. This group avenged the raid by hacking NDA's servers and stealing more data. This is when I think that WazirX documents also got leaked. Details of the story are there on the NDA blog.

Agreed that there is very little that NDA could have done to prevent data being exfiltrated by an internal leak by a disgruntled insiders. However, NMD was totally inane in how he handled this leak - rehiring the same person who leaked the data, raiding his ex and antagonizing the nerds. Big law firms also need to take data security more seriously in today's day and age. They just cannot leave things to chance and under invest. While it may be difficult to completely eliminate leaks, the firms can make it very difficult for anyone to do so.
@xNDA:
NDA organized a webinar on Aug 10 on crypto. The participants were:

Ashish Chandra (Coinswitch Kuber)
Pratik Gauri (5ire)
Neeraj Roy (Humgama)
Vaibhav Parikh (NDA)
Jaideep Reddy (NDA)
Parul Jain (NDA)

The Indian Crypto industry is firmly with/behind NDA despite these leaks and raids. NDA is also firmly behind the lady lawyer responsible for the leak. You can post whatever you want on LI.
Coinswitch Kuber follows WazirX:

https://www.coindesk.com/business/2022/08/25/crypto-exchange-coinswitch-kuber-searched-by-indian-authorities/?outputType=amp

Coinswitch also raided by ED today. I am told that there were less than 10 attendees on this Aug 10 webinar. Must have all been ED sleuths. Bravo Ashish Chandra!!

Ab sarfaroshi ki tamana aur kis NDA client mei hai?

@Ab bolo
NDA has learned its lesson. There was an IVCA event it had done along with Gundeson Dettmer in Mumbai a week back for the PE/VC clients. But it did not advertise this event at all and only sent invites to a closed group. NDA did not even mention this event on its website or SM. That is so un-Nishith like.
i wonder why hasn't ED raided NDA till now if they have the leaked data with them??
I remember reading somewhere on LI that CBI had raided NDA some 12 years ago but could not do anything as NDA claimed the all the seized documents were protected under attorney client privilege.
Well, in that sense is Citrix good enough which SAM/CAM and AZB use? I have heard other entities like JP Morgan etc also use Citrix.
Nothing is good enough. Build a 11 foot wall and someone will find a 12 foot ladder. Firms should use the industry best practices, but not fool themselves it's "enough".
OMG what kinda question is that in the context of this thread! Unless you are in Citrix sales...