Allen O’Rourke

Allen O'Rourke

Co-Chair, Cybersecurity and Privacy Practice Group
Robinson Bradshaw

Allen O’Rourke co-chairs the Cybersecurity and Privacy Practice Group at Robinson Bradshaw and is an IAPP Certified Information Privacy Professional (CIPP/US and CIPP/Europe). He leads cyber investigations, helps clients respond to data breaches, and represents clients facing lawsuits and government investigations arising out of cybersecurity incidents. Allen also provides legal guidance on privacy and data security law as well as digital advertising and analytics. Before entering private practice, Allen was a cybercrime prosecutor who helped lead the Cyber Unit at the US Attorney’s Office in Washington, DC, where he received two Special Achievement Awards for his work to combat cybercrime.

Abstract 1: Litigation to Disrupt Cyberattacks and Obtain Third-Party Records

Robinson Bradshaw litigator and former cybercrime prosecutor Allen O’Rourke will discuss how companies such as Microsoft have made civil litigation a part of their cyber defense strategy – using subpoenas and court orders to help investigate and mitigate cyberthreats. In particular, a company may bring a so-called “John Doe” lawsuit against the unidentified cybercriminal responsible for launching a cyberattack. This can enable the company to subpoena third-party records related to the attacker’s malicious accounts and even to seize or take down malicious command-and-control infrastructure. In addition to explaining this strategy, Allen will provide a case study of the recent lawsuit, Microsoft v. John Does 1-2, concerning a widespread cyberattack exploiting the COVID-19 pandemic to compromise Office 365 accounts.

Abstract 2: How Banks Combat Business Email Compromise (BEC) Schemes

This roundtable discussion will explore the role of banks in responding to and working to prevent business email compromise (BEC) schemes – a widespread type of cybercrime that tricks victims into misdirecting large payments, often using fraudulent emails. The speakers will address not only the process of freezing and recovering funds stolen through a BEC scheme but also their role in efforts to prevent fraudulently misdirected payments and to combat specific BEC threats.