The case of three men charged with insider trading based on information they hacked from prominent US law firms “should serve as a wake-up call for law firms around the world”, a New York prosecutor has said.
According to the US Attorney for the Southern District of New York, Preet Bharara, they targeted at least seven unnamed law firms as well as other entities in an effort to unlawfully obtain valuable confidential and proprietary information.
He said that between April 2014 and late 2015, the trio – all from China – were successful in hacking at least two firms by unlawfully obtaining the credentials of employees and then installing malware on the firms’ web servers.
They are also alleged to have repeatedly tried to hack the other five firms in a similar way. Between March and September 2015, for example, they tried to do so no fewer than 100,000 times.
Having obtained access to the law firms’ networks, the defendants are accused of targeting email accounts of law firm partners who worked on high-profile M&A transactions – involving the likes of Intel and Pitney Bowes – and downloading many gigabytes of information.
They are said to have bought shares in at least five publicly-traded companies before the announcements of their acquisition, and then sold the shares for profits of more than $4m.
In each case, one of the two infiltrated law firms represented either the target or a contemplated or actual acquirer in the transaction.
Mr Bharara said: “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”