The United States Attorney for the Southern District of New York has unsealed an indictment of three Chinese hackers accused of targeting merger-advising law firms in order to conduct insider trading. According to the DA, the defendants bought shares of five companies before mergers were announced and sold them afterwards, resulting in profits of around $4 million. One of the defendants has been arrested in Hong Kong and faces extradition to the United States:
Law firms that advise on mergers once had to worry about a rogue employee trading on deal tips. Now, they have to worry about hackers doing the same.
Federal prosecutors in Manhattan have charged three Chinese citizens with making more than $4 million by trading on information they got by hacking into some of the top merger-advising law firms in New York. The three men targeted at least seven New York law firms to try to obtain information about deals in the works, according to an indictment unsealed on Tuesday.
The men were successful in hacking two firms, stealing emails of partners who work on mergers, prosecutors said. The three then bought shares of target companies, selling them after the deals were announced, prosecutors said.
(Score: 4, Interesting) by urza9814 on Friday December 30 2016, @06:40PM
According to TFA, the "hackers" were able to carry out this extremely difficult and sophisticated attack of...logging in with valid credentials. And yet there's not even a mention of the law firm or lawyer whose credentials they used facing any consequences for their negligence that allowed their account and ultimately the entire company's infrastructure to be compromised. No mention of how they managed to miss the fact that someone was dumping data from their email servers tens of gigabytes at a time to China. Nobody noticed that? For 18 months?
Once again, no consequences if you fail to take even the most basic precautions with sensitive customer data. They only punish the people who expose it. I could understand someone like Xynga having such a low level of security, but these guys are lawyers working for freakin' INTEL, they ought to have half a clue about securing their communications. Keeping client data secure is part of the job description of a lawyer; if you can't do that you shouldn't even be in the business.
(Score: 0) by Anonymous Coward on Friday December 30 2016, @06:58PM
Thanks -- I was about to post the same thing. For all the money M&A law firms collect, it's criminal that they don't have top drawer computer security.
(Score: 1) by Francis on Friday December 30 2016, @07:09PM
Don't be silly, everybody knows that consequences are only for people that don't have money.
(Score: 2) by takyon on Friday December 30 2016, @08:58PM
If the hacked law firms were named and shamed (the minimal consequence), they would just reorganize under new names. Hell, even the lawyers could get their names changed if they wanted to.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday December 31 2016, @12:48AM
They could've installed a keystroke logger on a lawyer's home PC through malware, or maybe they just relied on the fact that many lawyers choose estoppel as their password.