Last week, three Chinese hackers were charged with stealing inside information in order to profit from trading equities.
According to an indictment unsealed Tuesday, Jan. 3, 2017, in the Southern District of New York, the three were charged with “devising and carrying out a scheme to enrich themselves by obtaining and trading on material, nonpublic information (“Inside Information”), exfiltrated from the networks and servers of multiple prominent U.S.-based international law firms with offices in New York.”
The attacks were designed to steal market-moving information ahead of any public announcements so that publicly traded stocks could be purchased ahead of time.
The alleged attack techniques are familiar: Defendants reportedly used stolen credentials to access multiple law firm Web servers, and from there gained access to the email servers and then exfiltrated the information they sought.
The amount of data stolen from each of the victim law firms surpassed 40 gigabytes over a handful of days. Stocks targeted by the scheme included Pitney Bowes, Intermune and Intel.
According to the statement, the three defendants allegedly purchased shares of five publicly traded companies before it was announced publicly that those companies would be acquired. The hackers sold their shares after the acquisitions were announced, resulting in profits of over $4 million.
In each case, the infiltrated law firms represented either the target or a contemplated or actual acquirer in the transaction.
The three defendants – Iat Hong, Bo Zheng and Chin Hung – were charged with Conspiracy to Commit Securities Fraud: Insider Trading, Conspiracy to Commit Wire Fraud, Wire Fraud, Conspiracy to Commit Computer Intrusion, Computer Intrusion – Unlawful Access, and Securities Fraud: Insider Trading.
“As alleged, the defendants – including Iat Hong, who was arrested in Hong Kong on Christmas Day – targeted several major New York law firms, specifically looking for inside information about pending mergers and acquisitions. They allegedly hacked into two prominent law firms, stole the emails of their M&A partners, and made over $4 million in illegal profits.
This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” said Manhattan U.S. Attorney Preet Bharara.
A wake-up indeed.
The full indictment is available here.