A warning for law firms:
Preet Bharara, the U.S. Attorney for the Southern District of New York, said the case should serve as a “wake-up call for law firms around the world.”
“You are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” Bharara said in a statement.
But here is the most important point to remember, from the DOJ statement, demonstrating that this entire “hack” was a result of compromised email credentials – not the James Bond kind of stuff people like to think about. There were two law firms “hacked” and both started with compromised employee email credentials:
“[B]eginning about July 2014, the Defendants, without authorization, caused one of Law Firm-1’s web servers (the “Law Firm-1 Web Server”) to be accessed by using the unlawfully obtained credentials of a Law Firm-1 employee. The Defendants then caused malware to be installed on the Law Firm-1 Web Server. The access to the Law Firm-1 Web Server allowed unauthorized access to at least one of Law Firm-1’s email servers (the “Law Firm-1 Email Server”), which contained the emails of Law Firm-1 employees, including Partner-1.””
“[T]he Defendants, without authorization, caused one of Law Firm-2’s web servers (the “Law Firm-2 Web Server”), located in New York, New York, to be accessed by using the unlawfully obtained credentials of a Law Firm-2 employee. The Defendants then caused malware to be installed on the Law Firm-2 Web Server.”
Sources:
- Feds bust Chinese hackers for trading on stolen law firm secrets
- DOJ Statement: Manhattan U.S. Attorney Announces Arrest of Macau Resident and Unsealing of Charges Against Three Individuals for Insider Trading Based On Information Hacked from Prominent U.S. Law Firms
You must log in to post a comment.