The mass number of organizations that are connected to cyberspace in our modern society make for wide varieties of data out there for cyber criminals to attempt to exploit. Such is the case with a series of hacks using phishing that took place last year against prestigious law firms. According to reliable data obtained by Fortune as well as confirmation from law enforcement and firms, the hacks were done by hackers connected to the Chinese government. This was discovered by connecting the attacks to similar patterns of hacking from some connected to the Chinese government. The hacks were labeled by the Wall Street Journal to be for the purpose of insider trading.
There were several different firms that were hit, and varying amounts of data were stolen from each. According to Fortune, “In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing around seven gigabytes of data, according to information obtained by Fortune. That figure would typically amount to tens or hundreds of thousands of emails.” While several firms did fall victim to this hacking, there were others that hacking was attempted upon but was prevented through proper cyber security.
Three Perpetrators Charged in Connection to Law Firm Hacks
The hacks had been under investigation by the U.S. Attorney for the Southern District of New York. This diligent effort has led to the charging of three Chinese traders who were behind the attacks. It was found that they purchased publicly traded shares of a minimum of five companies that were in the middle of mergers or acquisitions, but had not yet announced it. These companies including chip makers and pharmaceutical firms. They profited more than 4 million dollars from using the illicitly obtained trade data.
This major breach that went unnoticed for a significant amount of time arises the questioning of the integrity of law firms cyber security. Law firms can often be privy to very sensitive and confidential information, which can make them optimum targets for cyber criminals. It is critical for law firms to have extremely fortified security for this reason. The fact that the recent breaches were accomplished through a form of phishing shows that points of security in these firms were severely lacking. As phishing attempts can often be mitigated or prevented through simple staff education upon them.