June 24, 2023
A law firm hacked by a Russian-linked cyber extortion gang had 63 federal government clients and worked on sensitive cases including those involving Kathleen Folbigg and Brittany Higgins.
HWL Ebsworth, which lost millions of documents relating to prominent Australian companies and the federal government when it was hacked in April, worked pro bono for the Australian Academy of Science on the case that saw Ms Folbigg pardoned after serving 20 years in jail over the deaths of her four babies.
It was also the firm contracted by the Department of Finance to negotiate the settlement with Ms Higgins in December.
Urgent investigations are now under way to see if any documents relating to the sensitive cases were among the four terabytes of data stolen, including 1.4 terabytes already uploaded to the dark web after the company refused to pay a ransom demanded by the hackers.
Ms Higgins received a substantial personal injury compensation payment from the Labor government after alleging she was raped by fellow former Liberal staffer Bruce Lehrmann in 2019, a claim he strongly denies.
The revelations that HWL Ebsworth undertook the highly confidential negotiations with lawyers for Ms Higgins have raised further concerns about the true extent of data that may have been compromised by the BlackCat hacking gang, also known as ALPHV and Alpha Spider.
The hack has also shed light on the extraordinary reach of the company across the Australian government.
Sixty-three government agencies – from the giant Department of Defence to the tiny Organ and Tissue Authority – have used the firm in recent years. The Department of Finance, which negotiated the Higgins deal, is the firm’s largest government client.
Finance Minister Katy Gallagher’s office referred questions about the issue to the Department of Finance, which said it would not be able to respond to questions in time “during this busy period”.
In her first substantial comments on the hack, Cyber Security Minister Clare O’Neil on Friday confirmed the seriousness of the cyber attack, which has gone largely under the radar due to an injunction taken out by HWL Ebsworth seeking to limit public discussion about the stolen data.
“HWL Ebsworth is a very significant incident and the Australian government is deeply concerned about it,’’ she said. “I would place it in the realm of the most significant cyber incidents that we’ve experienced as a country over the last year, along with Latitude, Optus and Medibank.’’
Ms O’Neil’s comments came as she announced senior air force commander Air Marshal Darren Goldie, would be appointed our first National Cyber Security Co-ordinator, to handle government responses to such attacks.
The AusTender website, where the government lists its taxpayer-funded contracts, shows HWL Ebsworth has in recent years held 1643 government contracts, contract extensions or panel appointments worth tens of millions of dollars. Some date back to 2009, but the vast majority are from 2013, two years after it opened its Canberra office in the heart of the parliamentary triangle.
The Finance Department awarded the firm 305 contracts, followed by Defence with 210.
As both Labor and Coalition governments increasingly outsourced their legal work, HWL Ebsworth was hired to provide legal advice, legal services, temporary personnel, business administration services, management advisory services and human resources services.
Other current or recent clients include the Administrative Appeals Tribunal, Australian Criminal Intelligence Commission, Austrade, Department of Foreign Affairs and Trade, Australian National Audit Office, AUSTRAC, CrimTrac, the Department of Parliamentary Services, the Office of Public Prosecutions, Office of the Parliamentary Counsel and departments of Social Services, Education, Industry and Veterans’ Affairs.
The firm’s presence across government is so ubiquitous one source described it as “basically a department of the Attorney-General’s Department”.
It did not respond to questions.
Numerous people spoken to by The Weekend Australia were astounded at firm’s reach into government, saying it was low-profile, not a big political donor, and didn’t have teams of lobbyists stalking the corridors of Parliament House.
The HWL Ebsworth lobbyist listed on the federal register, Canberra heavyweight Jannette Cotterell, from Executive Counsel Australia, has not represented the firm for some time. It has aggressively and unashamedly targeted government work, spruiking its “value for money’’ approach.
Hundreds of its government contracts are for as little as $10,000, while others, amended and increased multiple times, total more than $3m.
“HWL Ebsworth is the only firm appointed to all Australian government legal services panels,’’ it says on its website. “HWL Ebsworth takes pride in delivering the highest-quality legal services at a highly competitive rate.’’
It’s believed the company has been ringing its contacts in Canberra to apologise for the hack.
The awkwardly named law firm was born from the 2008 merger of two grand old legal companies – Ebsworth & Ebsworth, first formed in Sydney in 1896, and Home Wilkinson Lowry, formed in Melbourne in 1897.
Home Wilkinson Lowry managing director Juan Martinez became the managing director of the new HWL Ebsworth behemoth.
A self-made success story and the son of working-class Spanish migrants who came to Australia at the age of three and lived in migrant camps and Housing Commission premises before the family established themselves in Melbourne’s west, Mr Martinez embarked on an aggressive campaign of growth, opening an office in every state and territory.
The firm has represented everyone from the disgraced Chinese billionaire Huang Xiangmo, kicked out of the country after failing an ASIO security assessment, to the Australian Academy of Science in its successful campaign to free NSW woman Ms Folbigg.
It is not known if documents relating to any of these cases have been compromised in the hack.
The cyber gang claims to have compromised documents relating to the highly secret Woomera missile testing site in South Australia, the navy’s $3bn plan to replace its attack helicopters, and Australia’s new Indo-Pacific strategy, including in Solomon Islands.
The hacking of HWL Ebsworth has caused deep concern across government and a large number of ASX-listed companies it has represented, including the big four banks, which are racing to see what data has been exposed.
There are also questions being asked behind the scenes about how the attackers were able to get so much data – millions of documents potentially going back years – after compromising the log-on credentials of one of the firm’s mid-level lawyers.
While HWL Ebsworth’s corporate headquarters is in suitably upmarket Collins St in Melbourne, the heart of its government operation is the HWL Ebsworth Building, at 6 National Circuit, Barton.
The neighbours at No.4 include the office of Ms O’Neil (the Home Affairs Department is a client with 17 contracts or extensions listed on AusTender). The law firm’s offices are across the road from the Attorney-General’s Department (also a client with 39 contracts) and half a block from the Department of Prime Minister and Cabinet (seven contracts). The Australian Federal Police (111 contracts) is another block away.
The Australian Federal Police and Victoria Police have jointly launched Operation Gresford to investigate the cyber breach. The NSW Supreme Court injunction obtained by HWL Ebsworth on the King’s Birthday public holiday on June 12 has presumably been ignored or disregarded by the overseas hackers, but has muted public understanding in Australia about what has been stolen.
The government has not initiated the emergency response plan, as it did for the Medibank and Optus hacks, but is holding daily crisis meetings and set up a working group to try to identify commonwealth exposure to the hack.
Opposition cyber security spokesman James Paterson said the government had “finally admitted what was clear for some time: this is a very serious breach and it includes sensitive information held on behalf of government clients”.
“What they still have not been upfront about is exactly which government agencies have been affected and what data has been lost,’’ he said. “It is time for them to be transparent with the Australian people about the true extent of this breach and its consequences.’’
Senator Paterson offered bipartisan support for the appointment of Air Marshal Goldie, and said the government should have appointed him in March, as promised, so he would have been in place before the HWL breach.
“The first task of the co-ordinator must be to get to the bottom of what government data has been lost in the HWL Ebsworth attack, the implications of the breach and how to mitigate them, and steps being taken to inform and support affected parties,’’ he said.
“Given the Albanese government’s failure to be transparent about the nature, extent and impact of the attack, it falls to the new co-ordinator to conduct Australia’s cyber response in an open and transparent manner.’’
HWL Ebsworth has called in McGrathNicol and other forensic experts to investigate the cyber breach, and says it will advise affected clients in line with its obligations under the Privacy Act.
“They tried to float on the stock market a few years ago’’ one observer noted, citing HWL Ebsworth’s failed 2020 bid to go public, which resulted in it cancelling an IPO after failing to raise enough capital.
“I bet they’re glad it failed – their shares would be in the toilet now.’’