Deepthroat suggested during the Watergate investigations to “follow the money”- for Nixon then, read hackers now.
Now hackers are going after law firms for exactly the same reason. This month, US prosecutors charged three Chinese traders with securities fraud, saying they had made more than $4m trading on information allegedly stolen from two of the US’s best known law firms.
Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.
Though prosecutors did not identify the firms, the descriptions of them and the work they had done match Cravath, Swaine & Moore and Weil, Gotshal, two firms routinely hired by Fortune 500 companies to help run their big deals. Both firms have declined to comment.
The US Securities and Exchange Commission said the hackers targeted seven firms known for their mergers and acquisitions work, hitting them with more than 100,000 attacks over a three-month period. They then struck gold with two
They then struck gold with two organisations. After installing malware on each law firm’s computer network, they gained access to their IT departments and from there broke into the files and emails of senior M&A lawyers. They ended up stealing nearly 60 gigabytes of data related to at least 10 potential deals.
In several cases, the information bore fruit — the hackers gained early word of Pitney Bowes’ 2015 offer for ecommerce group Borderfree and Intel’s 2015 purchase of Altera, and were able to trade ahead of them.
“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking because you have information valuable to would-be criminals,” said Preet Bharara, the US attorney for Manhattan.
Other professional services firms should take note- your reputation and organisation are at risk from hackers.
This is not the first time the industry has been hit by hackers who specialise in what is becoming known as “outsider trading”. Last year federal prosecutors charged nine people in the US and Ukraine with trading ahead of earnings press releases that had been provided to Marketwired, PR Newswire and Business Wire. That case inspired other Ukraine-based hackers to try their luck with law firms, according to intelligence firm Flashpoint, which put out a warning in March.
Accounting firms that provide tax advice on mergers, boutique advisory firms, and consultants who weigh in on synergies and downsizing plans are almost certainly on the criminals’ hit list. Retailers, telecoms groups and internet companies, including Target, TalkTalk and Yahoo, have already had to pay the price for weak defences.
But in some ways, they got off easy. Most of the stolen passwords were old and the account details rarely included immediately usable information. At most, the hacks involved theft of credit card numbers, which come with fraud defences. So customers have rarely felt much need to hold hacked companies accountable. Yahoo, for example, seems to have suffered very little drop off in customer loyalty after announcing the first of two giant hacks, although the jury is still out after the second one.
Professional services firms will not be so lucky. Banks and companies pay extremely high prices for outside advice. They expect professionalism and confidentiality in return. Getting hacked by a bunch of Chinese traders is hardly a strong recommendation of either.
Faced with a choice of five law firms that invested in cyber defences that were strong enough to withstand a pointed attack, and two who did not, which would you choose?
So if you want to save yourself stress, money and a damaged reputation from a cyber incident please ring us now on 01242 521967 or email safe@cyber139.com or complete the form on our contact page NOW
From: https://www.ft.com/content/f52f6fee-ccf4-11e6-864f-20dcb35cede2