Login | April 25, 2024
Chinese nationals charged with hacking M&A info from law firms
RICHARD WEINER
Technology for Lawyers
Published: February 3, 2017
About, oh, 20 years ago, my first feature article on legal technology contained a warning about hackers infiltrating a law firm to download information on pending mergers and acquisitions. My thoughts centered around a scene from the film Wall Street, where Charlie Sheen’s character broke into an office to steal that kind of information. I figured that it was only a matter of time before physically breaking in to an office was replaced by electronic hacking.
The National Law Journal has now recently reported that three Chinese nationals have been arrested for breaking into two law firms in 2014 and 2015, stealing M&A confidential information, and using that info to trade on the stock market. The indictment alleges that the three made a profit of about $4 million on two hacks.
Not a bad day’s work.
The indictment, brought by the U.S. Attorney for the Southern District of New York, lists the deals that were hacked, but not the law firms, but the intrepid Mark Hamblitt at NLJ thinks that he has sussed out the firms.
The three hacked deals were (allegedly) Intel’s 2015, $16.7 billion acquisition of Altera Corporation, the $8.9 billion acquisition of InterMune, Inc. by Roche AG in 2014, and the 2015 acquisition of Borderfree by Pitney Bowes Inc.
Hamblitt wrote that his research indicated that the two afflicted firms were likely Cravath, Swaine & Moore (representing Pitney Bowes), and Weil, Gotshal & Manges (Intel). Both huge firms reported data breaches in the appropriate years and represented those clients in those deals, according to the NLJ.
The U.S. Attorney stated that, once the hackers gained access to the law firms’ systems, they concentrated on email exchanges among lawyers working on the deals. The hackers originally gained access by installing malware on the law firms’ systems that allowed them to access information without being spotted.
In addition to those two firms, the U.S Attorney said that the three went after at least five other firms in 100,000 attempted hacks.
One of the indicted three have been arrested in Hong Kong; the other two remain at large.