Sit back and listen to a story about Justin Scott, a lawyer who admitted to spying on his former firm with TeamViewer. This is eCrimeBytes.com S 2 E 5-3 – Lawyer Spies On Former Firm – Act 3: Justin Scott Comes Clean.
For the background, please listen to the prior acts:
Lawyer Spies On Former Firm – Act 1: The Mysteriously Moving Mouse
Lawyer Spies On Former Firm – Act 2: The Investigation
Sources:
- https://www.abajournal.com/web/article/lawyer-is-censured-for-using-teamviewer-to-snoop-on-former-firms-business-activity
- https://drblookupportal.judiciary.state.nj.us/SearchResults.aspx?type=docket_no&docket_no=22-066
- https://drblookupportal.judiciary.state.nj.us/DocumentHandler.ashx?document_id=1161175
- https://drblookupportal.judiciary.state.nj.us/DocumentHandler.ashx?document_id=1167301
- https://www.databreaches.net/lawyer-censured-for-using-teamviewer-to-snoop-on-former-firms-business-activity/
Transcript:
00:00:10:00 – 00:00:20:14
Keith
Hey, welcome back to eCrimeBytes Season two, Episode five. This is the lawyer Justin Scott spying on his former law firm. We’re an Act three now.
00:00:20:14 – 00:00:50:22
Keith
And this is about Justin Scott coming clean. So to catch you up real fast, Justin Scott and Charles Bratton were partners. They split for whatever reason, either Justin Scott quit or was fired. There was a new person working there with Justin Scott’s computer a year later, and Justin Scott presumably logged into that computer a year later to view on and his former firm.
00:00:50:25 – 00:01:02:22
Keith
And we left you with that cliffhanger of, you know, the the investigation was rolling and basically all the arrows pointed to Justin Scott. And we’re getting to the point now where
00:01:02:22 – 00:01:13:08
Keith
Justin Scott just says, all right, you know, he’s going to come clean and before he did that, though, just, you know, most people, they don’t just come clean on the first questioning, Seth.
00:01:13:08 – 00:01:30:18
Keith
They don’t just say, hey, do you do this? Ah fuck you caught me. You know, it doesn’t ever really work that way. It usually is. Did you do this? No. Did you do this? I might have been in the vicinity. Did you do this? Could have possibly been me. And it’s usually a progression like that. And you’re going to see that in this case, too.
00:01:30:18 – 00:01:55:02
Keith
So it starts with Justin Scott testifying that, hey, when I was at Bratton I used Teamviewer. And if you wonder why you say testify, this is in the disciplinary hearing that we’ll talk about at the very end of this. So this is where we get our evidence from. So he said, while at Bratton I used Teamviewer, it was okay.
00:01:55:03 – 00:02:22:29
Keith
He said it was provided by Bratton’s I.T. company Able Technologies, and he claimed able technologies themselves install the Teamviewer application with Charles Bratton’s knowledge, which is a pretty strong claim. And there’s, you know, testimony to the fact that all what I just read you is true.
00:02:22:29 – 00:02:33:23
Keith
And so he goes on further to say, not only did Bratton install it, but Bratton should have payment records of this application because it’s commercial software.
00:02:33:23 – 00:02:47:29
Keith
It costs money. Right. And he said, look for bills for Teamviewer from Able Technologies. And Justin Scott even says, hey, I even have two emails showing that this happened and here are the emails.
00:02:47:29 – 00:02:55:08
Keith
I’m just going to read these emails for you because they’re very short. The first one is August 18th, 2017, and it simply says,
00:02:55:08 – 00:03:16:23
Keith
Can you turn my computer on so I could access it remotely? Thanks. Somebody from Able Technologies replies and says it is on. And then Justin Scott says, Can you turn on my team viewer and says, Teamviewer is not running, But Able Technologies never actually replied from that.
00:03:16:26 – 00:03:32:24
Keith
And then a year later is the second email. July 18th of 2018. And this is from Able Technology. Just stating, Justin, I would like to start your new laptop configuration this afternoon with this work for you. If that please let me know a good day and time.
00:03:32:24 – 00:03:37:08
Keith
My opinion. There’s nothing in there that says Teamviewer was authorized by Able.
00:03:37:11 – 00:03:44:08
Keith
It just says Justin Scott asking for Teamviewer to be on there. So take that. For what it’s worth.
00:03:44:08 – 00:04:04:03
Seth
Okay, so what was Able’s response on this? So Able technology, the third party that was used to kind of be the i.t provider, you know, basically for the Bratton law firm, they confirmed that it had no record of ever having installed or work with teamviewer at that firm and specifically their spokesperson. I guess it was their head there.
00:04:04:03 – 00:04:26:18
Seth
This guy, Mr. Minker, testified on behalf of able Technology and he stated that his company had provided information technology services to the Bratton Firm since 2017. He confirmed that his company does not regularly use Teamviewer and did not install Teamviewer on any of Bratton’s office computers. So further, he confirmed that his company had not installed Teamviewer on respondent’s personal computers either.
00:04:26:20 – 00:04:55:24
Seth
I guess the idea would be that they did some of that work to really make it super accessible for certain users. So there’s really no factual basis to say that the Bratton firm knew about it or authorized it in any way, shape or form. So Minker also confirmed that he reviewed Able Technologies business records and there was no written documentation of having ever installed Teamviewer on any Bratton office computer or having been paid to do so specifically.
00:04:55:24 – 00:05:13:21
Seth
And as in a December 2020 letter to Bratton Minker of Able mentioned I searched our database of charges and found no reference to us ever installing or working with Teamviewer at your company until the issue arose regarding the unauthorized access by
00:05:13:21 – 00:05:23:29
Seth
by our defendant here. Well, our lawyer friend here. So this is a big problem for, you know, for everybody, right?
00:05:24:01 – 00:05:38:26
Seth
Able Technologies inspection of the respondents former desktop revealed that it was a free version of Teamviewer that had been installed and it was not licensed for commercial use. So able technology provided three reasons why they would never install teamviewer.
00:05:38:26 – 00:05:54:29
Seth
first, the free version is not licensed for commercial use, so they would never use it. Second, they already have a license, Enterprise grade and audit enabled the remote access solution on all company computers that they use specifically for remote support and can share with users
00:05:54:29 – 00:06:12:26
Seth
that need remote access. And third, they would not set up any access based on a user’s personal account, teamviewer or otherwise, which makes sense, right? The whole point is to not allow somebody to log in on their personal computer to go access a corporate machine. That’s generally a no no.
00:06:12:26 – 00:06:28:23
Seth
on a cross-examination Minker acknowledged that although the logs revealed that the respondent had access his former desktop computer during and subsequent to his employment with the firm, those same logs did not reveal who had actually ever
00:06:28:23 – 00:06:35:10
Seth
installed teamviewer on the respondent’s former office desktop, meaning there’s no evidence that Able had done that.
00:06:35:10 – 00:06:40:22
Keith
So on December 10th, 2019, the computer forensic company had a report
00:06:40:22 – 00:07:04:29
Keith
that the report basically said that by using Teamviewer Justin Scott was able to view data within this Time Matters program. And I’ll get back to that in a second. Or any other application on the desktop and anywhere the desktop was authorized to go like the firm’s files, servers and any other type of server, you can imagine that they would need.
00:07:04:29 – 00:07:28:12
Keith
They also tried to figure out if he copied files while he was connected via Teamviewer and found that he had not done so. So this Time Matters program. From what I understood in my research, it’s kind of like a a calendaring program and you can kind of boil it down. Maybe the easiest way of thinking about it, it’s kind of like a glorified outlook.
00:07:28:16 – 00:07:58:08
Keith
If you use Microsoft Outlook in order to, you know, record things you’re doing with clients, you know, make meetings with your coworkers and basically just manage your whole time management process of your firm. So it would be competitive knowledge for somebody to access the Time Matters program if you didn’t work there, because then he would know what type of clients and meetings that Bratton would have.
00:07:58:08 – 00:08:01:05
Keith
Right. And that’s exactly what was done in this case.
00:08:01:05 – 00:08:14:00
Keith
So and March 23rd of 2020, Justin Scott sort of changes his tune and says all right, I accessed it, but it was accidental.
00:08:14:00 – 00:08:28:21
Keith
Justin Scott now claims that Teamviewer was used at his new firm. And because of that, and because Teamviewer was used at his old firm, purportedly he accidentally clicked the wrong portal.
00:08:28:24 – 00:08:56:29
Keith
So if you can imagine, you kind of log in. If you log in to one area, it would have his brand new law firm, the picture we showed you at the beginning of this podcast. But if you were to click on the other icon or log in to the other account, it would then give you the Bratton Law firm, both Teamviewer, but they’re just different views or different accounts of what he could access.
00:08:56:29 – 00:09:05:14
Keith
So he’s saying, I thought I was in my new firm and I started clicking around and access some stuff and I found out that I was actually in Bratton’s.
00:09:05:14 – 00:09:26:04
Keith
He said he had no need or intention to access the Bratton computers. He kept this portal, meaning this extra connection back to the Bratton firm through Teamviewer. And I’m really trying to make this not technical, but this like other button you can think of as sort of like this other way of getting in.
00:09:26:07 – 00:09:31:18
Keith
He kept it even though he left this other firm because he thought maybe
00:09:31:18 – 00:09:43:29
Keith
He would have to service some of the clients from the Bratton Law Firm in the future that followed him to his new firm, which seems kind of weird that he was still keeping access. But that’s his explanation.
00:09:43:29 – 00:09:50:02
Keith
Now we jump to August 24th of 2020, and now we have Justin Scott saying.
00:09:50:05 – 00:09:51:01
Seth
All right.
00:09:51:03 – 00:10:10:01
Keith
It was actually intentional. He says, I was trying to build my new practice when I was in his computer and was mostly interested in seeing how Mr. Bratton’s practice was doing. I think it’s fair to say that each and every log in by me was to see what I could learn regarding Mr. Bratton’s calendar and who was referring business to him.
00:10:10:03 – 00:10:32:24
Keith
Typically, I would search specific names to see which professionals were referring clients to him. When I went to Mr. Bratton’s system, I often check the calendar day by day to see what his activities were. I would also go through the various staff members to see who was busy and who was it. I had no intention of removing or copying anything of value.
00:10:32:26 – 00:10:45:28
Keith
My goal was to sit on my couch and compare Mr. Bratton’s week to mine. I also search Matt’s email a few times to see what other professionals had emailed to him, and that was Bravette that we talked about.
00:10:45:28 – 00:11:03:27
Seth
Yeah, my bullshit meter is going off here for a few things. First of all, once you start getting into looking at someone’s email, obviously that tends to carry a lot of different things. If you’re a partner at a law firm like anyone else at a professional, probably has hundreds or thousands of emails that go through. They have a lot of access to a lot of things.
00:11:03:29 – 00:11:29:15
Seth
That’s scary. Also brings several issues about their clear lack of security controls at that firm. But this clearly goes to, I think, what Scott was trying to establish, which was, well, whose clients were his. So I think in any kind of business, identifying and segregating or that’s a client I brought in versus not the client you brought in, it’s very rarely a very easy and identifiable thing.
00:11:29:15 – 00:12:00:11
Seth
It’s probably often very gray area, but whoever kind of controls, I guess, the database that states who gets, I guess the credit, so to speak, for that client controls things. And I’m quite sure there was a difference of opinion there. That’s probably why he left. So I don’t want to get too far into conjecturing here, but I’m pretty sure there’s a whole bunch of detail on this case that we’d love to learn about identifying the real source of the problems between Scott and Bratton and why they went from having a larger firm where Scott was an associate to a separate in a new firm where Scott was a name partner on the firm to suddenly
00:12:00:11 – 00:12:15:13
Seth
being out in a relatively short amount of time with a short lawyer probably ties to some over promises being made on, you know, being able to bring in clients in the elder law space and I guess massive disagreements on who actually had originated work.
00:12:15:13 – 00:12:42:15
Keith
Yep. And with that, that’s the finale of act three. And we’re going we’re setting you up for a last act, which is punishment is served in the act four so if you liked anything in what you heard or saw, please whatever application you’re watching this or listening to this on like us subscribe to us and if you’re on Apple Podcasts specifically, please give us a five star review and just, you know, say anything nice that you want to say.
00:12:42:17 – 00:13:03:15
Keith
It helps us move up the charts there and that’s one of our biggest sources of audio listeners at about half of our listeners and those those ratings just help us move up the charts. We would appreciate that. So with that, do come back tomorrow and we’re going to get right into how the punishment is served. Thanks.
#ecrimebytes #cybersecurity #computer #electronic #truecrime #podcast #security #hacker #humor #funny #comedy #lawyer #spy #spies #teamviewer
Leave a Reply