Earlier this year, we reported on the blog about a campaign by hackers to target major U.S. law firms, aimed at stealing confidential information that could be used for insider trading. Well, it appears that a few of these cybercriminals found some success—but then found themselves under indictment.
On December 27, 2016, the FBI and the U.S. Attorney for the Southern District of New York announced that three Chinese citizens have been charged with making profits of more than $4 million by trading on information they got by hacking into law firms. According to the indictment, the men targeted at least seven New York law firms trying to obtain information about deals in the works, and were successful in hacking two firms. Apparently using stolen employee credentials, the hackers accessed the firms’ web servers, and installed malware that enabled them to access email servers. Then the hackers downloaded information from the email accounts of partners who work on high-profile M&A transactions, and identified companies that were the target of pending—but not yet publicly announced—acquisitions. The hackers then bought shares of at least five such publicly-traded companies, and after the deals were were announced and stock prices rose, the hackers sold their shares at a profit.
Preet Bharara, the Manhattan U.S. Attorney, issued a warning that no law firm can take lightly:
“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”
What steps can law firms take to combat these attacks? In our earlier blog post on major U.S. law firms being hacked, we offered some suggestions and identified a few useful resources for law firms. If you’d like to learn even more, please join us at Legaltech New York 2017, where I’ll be moderating a program titled “Can You Trust Your Most Trusted Advisors? Working with Your Law Firms to Improve Data Security.” Our panel, which takes place on January 31 at 3:45 pm, will include experienced corporate legal security professionals, plus three highly-regarded law firm CIOs. This group of experts will explore strategies and practical measures that law firms and their corporate clients can take to shore up data security and privacy at law firms. We hope to see you there!