U.S.|Tue Dec 27, 2016 | 3:04pm EST U.S. accuses Chinese citizens of hacking law firms, insider trading The Dow Jones Industrial Average is displayed on a screen at the New York Stock Exchange (NYSE) in Manhattan, New York City, U.S. December 27, 2016.REUTERS/Andrew Kelly ByNate Raymond|NEW YORK Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, U.S. prosecutors said on Tuesday. Iat Hong of Macau, Bo Zheng of Changsha, China, and Chin Hung of Macau were charged in an indictment filed in Manhattan federal court with conspiracy, insider trading, wire fraud and computer intrusion. Prosecutors said the men made over $4 million by placing trades in at least five company stocks based on inside information from unnamed law firms, including about deals involving Intel Corp (INTC.O) and Pitney Bowes Inc (PBI.N). The men listed themselves in brokerage records as working at information technology companies, the U.S. Securities and Exchange Commission said in a related civil lawsuit. Hong, 26, was arrested on Sunday in Hong Kong, while Hung, 50, and Zheng, 30, are not in custody, prosecutors said. Defense lawyers could not be immediately identified. The case is the latest U.S. insider trading prosecution to involve hacking, and follows warnings by U.S. officials that law firms could become a prime target for hackers. "This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals," U.S. Attorney Preet Bharara in Manhattan said. Prosecutors said that beginning in April 2014, the trio obtained inside information by hacking two U.S. law firms and targeting the email accounts of law firm partners working on mergers and acquisitions. Prosecutors did not identify the two law firms, or five others they said the defendants targeted. But one matched the description of New York-based Cravath, Swaine & Moore LLP, which represented Pitney Bowes in its 2015 acquisition of Borderfree Inc, one of the mergers in question. The indictment said that by using a law firm employee's credentials, the defendants installed malware on the firm's servers to access emails from lawyers, including a partner responsible for the Pitney deal. Cravath declined to comment. In March, Cravath confirmed discovering a "limited breach" of its systems in 2015. ALSO IN U.S. U.S. appeals court revives Clinton email suit Holiday weekend provides no respite from Chicago's violence Prosecutors also accused the defendants of trading on information stolen from a law firm representing Intel on the chipmaker's acquisition of Altera Inc in 2015. Intel was represented by Weil, Gotshal & Manges LLP and Gibson, Dunn & Crutcher LLP. Weil Gotshal did not respond to requests for comment. Gibson Dunn, which advised Intel on antitrust matters, had no immediate comment. The case is U.S. v. Hong et al, U.S. District Court, Southern District of New York, No. 16-cr-360. (Reporting by Nate Raymond in New York; Editing by Jeffrey Benkoe and Richard Chang)
I've often thought about this and how talented hackers could potentially make a fortune by gaining access to the emails/computers at some of the larger M&A law firms. I would be curious to know how they were caught. If it was picked up from data the SEC receives or if one of the law firms happened to discover what took place and reported it.
If they got inside the firewall the foreign ip address will appear on logs. I wonder if they could siphon the email before entering the servers. They must of had some kind of inside leak, most hacks start off with something but only go so far without leaving a trail. Then greed sets in and they're exposed. imho they have been doing this for years.
I am not a hacker or a network specialist. This is basic info, as you should know. An external US IP address would be foreign inside the firewall. FYI they were caught.
Generally I find it's a good idea not to pontificate on something if you don't know anything about it. There is no such thing as an "external US IP address" that would be "foreign inside the firewall", in fact that sentence is pretty much gibberish. I am curious if they were caught by network security or SEC market surveillance. I'm guessing it was market surveillance, since I doubt law firms get the best and brightest of the IT pool. If the same trader wins on several M&A acquisitions in a row it's probably pretty trivial for the SEC to catch them. Also much easier to identify the responsible party than trying to track down an intrusion, which is virtually impossible to do without NSA level assets as long as the hacker isn't a complete idiot and knows how to use Tor or something similar.
Likely by SEC market surveillance first, all broker / dealers regularly receive SEC surveillance requests to retrieve trading records for suspicious accounts (I have gotten a few when I briefly running Ops at a brokerage firm). Results of aggregated suspicious trading record are then forwarded to the firms that are part of non-disclosed information (i.e., M&A advisors, law firms, even printing firms that print those tomes). If I were to guess, one of these individuals have worked at some IT consultancy that did work for some of the law firms, so they would know the weaknesses (some are fairly trivial "weaknesses", unchanged VPN passwords, etc). Personally I find law firms to be very weak IT-wise (very different from investment banks, which spend a fortune on cyber-security), law partners simply do not understand the cost involved in running a secure IT platform. It was so bad that one of the investment bank I was with, would rather have the outside counsel use bank's own IT platform (e-mail, mobile, etc), than let them use their own.
What would even be easier and less high tech would be to buy off someone at the wireless carriers, and track CEO's cellphone movements via GPS. Say you tracked the CEO of Fitbit(Park) and you saw him showing up several times at Nike's HQ. CaChing. Will work in any industry with any CEO. lol