3 Men Charged After Making $4 Million From Hacking U.S. Law Firms
Three Chinese citizens have been charged in the U.S. courts after it was found that they hacked U.S. law firms and then used the stolen information for insider-trading that netted them $4 million dollars.
A Manhattan federal court charged the 3 men this week with conspiracy, insider trading, wire fraud and computer intrusion in a case that mixed cyber-crime with securities fraud.
It has been reported that the trio aged 26, 30 and 50 hacked 2 U.S. law firms, specifically targeting the email accounts of partners working on mergers and acquisitions. The hacking trio used the law firms’ employee's credentials to install malware on the firm's servers in order to access emails from lawyers.
The hackers were searching for commercially sensitive information that would give them an advantage in the second level of the fraud which was to trade on company stocks based on the insider information they had gained about mergers and acquisitions.
Another U.S. Securities and Exchange Commission civil lawsuit has shown that the men were able to avoid suspicion by listing themselves in brokerage records as working at information technology companies.
Law Firms Not Yet Officially Identified
The 2 law firms have not yet been identified, although speculation in a technology news post on the Reuters website suggests that New York-based Cravath, Swaine & Moore LLP may be a likely candidate. The speculation appears to be based on news that the bank represented Pitney Bowes in its 2015 acquisition of Borderfree Inc, which one of the mergers in question in the recent case. It has also come to light that in March 2015 Cravath was reported to have discovered what was described as a "limited breach" of its systems.
Accused of Making Money From Intel’s Altera Inc Acquisition
U.S. prosecutors are reported to have accused the trio of defendants of making large amounts of money by trading using information that they allegedly stole from the law firm that represented Intel on its acquisition of Altera Inc in 2015.
What Does This Mean For Your Business?
It seems that governments, banks and now law firms can be hacked in sophisticated multi-level crimes, most of which result in fraud. This attack has been described as a wake-up call for law firms globally, although it also serves as a reminder to all businesses to prioritise cyber and data security. Businesses have a legal responsibility to protect client data and should take what action they can to protect themselves and their clients and to maintain confidentiality and client trust.
Businesses should now take proactive steps to protect themselves and their clients. Clients need to be able to trust that their information is confidential and is well protected. Having a strong information security management system (ISMS) with cyber security controls is now an important requirement. Disaster Recovery and Business Continuity Plans are now also essential.