Hackers breaching law firms for insider trading info

Two of the most prestigious law firms in the US, best known for their financial services and corporate practices, have had their computer networks compromised by hackers.

According to the WSJ, the FBI is investigating breaches at Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, trying to ascertain whether the attackers managed to access information that could have helped them with their insider trading efforts.

Warnings are sent out

Apparently, other law firms have been targeted as well – so many, in fact, that the FBI sent a warning to law firms about the attacks.

“The FBI has issued a Private Industry Notification to law firms indicating that a cyber crime insider trading ring is targeting ‘international law firm information used to facilitate business ventures,'” shared Linn Foster Freedman, a litigator who leads Robinson+Cole’s Data Privacy and Security Team.

“According to the FBI ‘the scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information… This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit,'” she noted.

Apparently, a criminal actor has recently posted a job offer on a cyber criminal online forum for hackers who could gain “sustained access to the networks of multiple international law firms.”

Iin February, a post on an underground Russian website was made by an individual looking to get hired for his phishing skills, and in the posting he pointed out specific law firms as potential targets.

The investigation into these attacks has been going on since last year, and the breach at Cravath Swaine & Moore LLP dates back to last summer, so this might be an attack campaign that has been going on for a while.

In the meantime, security firm Flashpoint has also been warning law firms about possible attacks, and information on these attacks has also been propagated through the Financial Services Information Sharing and Analysis Center (FS-ISAC).

“The discovery of these breaches is yet another example of how exposed professional organizations truly are,” says Adam Levin, chairman of IDT911.

“The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain. The FBI is currently investigating to determine whether confidential information was stolen for the purpose of insider trading. Unfortunately, it is equally likely that employee and client records were also accessed,making them prime targets for further spear phishing and social engineering attacks.”

He advises lawyers or staff members who may have been exposed to be hyper-vigilant about monitoring accounts for fraudulent activity.

“They must not click on any links or attachments in emails without confirming the authenticity of the sender, change passwords for potentially compromised accounts and update security programs to protect personal data,” he noted.

“Professional organizations need to acknowledge their constant state of vulnerability and radically change their corporate culture by implementing more sophisticated security protocols, stepping up employee awareness training programs and adopting robust damage control programs that can limit the inevitable fallout from events such as these.”

Why law firms?

Law firms are ideal targets for insider traders, as they usually hold trade secrets and other sensitive information about corporate clients.

But they are not the only ones that have this kind of info. Last August, the US Securities and Exchange Commission announced civil fraud charges against 32 individuals – 2 hackers and 30 traders – who allegedly hacked into newswire services (Business Wire, PR Newswire, Marketwired) to obtain nonpublic information about corporate earnings announcements, and used that information to place illicit trades in stocks, options, and other securities.

The hackers and some of those traders have also been hit with criminal charges tied to the scheme.

Dodi Glenn, VP of cyber security at PC Pitstop, says that we are seeing a large spike in corporate law firms – specific to patent and IP attorneys – being breached, and that there are a couple reasons why.

The first one is getting confidential information of insider trading. “Secondly, these law firms house email addresses of critical, and sometimes high level executive management, at very large organizations. Lists can be compiled and sold on the black market for hackers looking to try phishing attacks, which are often designed to steal PII or have financial transactions illegally conducted, such as wire transfers, etc.”