January 19, 2017

Bill Ross Gives Update From The State Bar Business Law Section’s Corporations Committee – SEC Files Charges For Hacking Into Law Firm Networks

FOR THE FIRST TIME SEC CHARGES PERSONS FOR HACKING INTO LAW FIRM COMPUTER NETWORKS

On December 27, 2016, the Securities and Exchange Commission announced charges against three Chinese nationals for trading on the basis of material nonpublic information. According to the SEC’s complaint filed in the United States District Court for the Southern District of New York, the individuals hacked into the private networks of two prominent unidentified New York-based law firms and stole confidential information regarding merger and acquisition discussions involving several public companies. The defendants then traded on the information, amassing approximately $3 million in profits. In a related action, on December 27, 2016 the U.S. Attorney for the Southern District of New York announced criminal charges against the individuals and the arrest of a fourth person, and indicated that the individuals had targeted at least seven law firms.

The SEC action is the first time it has charged anyone with hacking into the computer network of a law firm. The defendants allegedly installed malware on the computer networks that enabled them to circumvent access and related security controls, then compromised the user accounts of information technology employees at the law firms and thus gained access to nonpublic emails at the firms, including the email accounts of the leaders of the M & A practice group. The defendants allegedly covered up their breaches of the network by deceptive acts, such as disguising their activity as routine network traffic, thereby preventing detection by the security systems of the law firms.

Antonia Chion, Associate Director of the SEC’s Division of Enforcement, stated: “This action … serves as a stark reminder to companies and firms that your networks can be vulnerable targets.”  Manhattan U.S. Attorney Preet Bharara said: “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”

This e-Bulletin was prepared by William Ross, of counsel to Hirschfeld Kraemer LLP, where he represents clients on corporate matters.