Three Chinese hackers have been criminally charged in Manhattan federal court with trading on confidential information obtained from the networks and servers of law firms working on mergers and acquisitions, according to an article in Reuters. The charges include conspiracy, insider trading, wire fraud, and computer intrusion.
The men had listed themselves in brokerage records as IT professionals and made more than $4 million by placing trades in company stocks based on inside information from law firms. By using employee credentials, the hackers installed malware on the firm’s servers to access information from the lawyers’ emails.
The charges come on the heels of new warnings by U.S. officials that law firms could be prime targets for cyber-related securities fraud because of the information they have.
Protecting Your Firm: What You Can Do Right Now
Every lawyer should know the basics of good law firm security. The American Bar Association (ABA) offers the following tips and many more on their website:
- Use strong passwords of at least 12 characters with a mix of letters, numbers and symbols when allowed.
- Vary your passwords and change them regularly.
- Change default user IDs and passwords for software or hardware installations.
- Protect your laptop with whole disk encryption.
- Encrypt backup media. If you’re using a cloud-based, online backup service, make sure the data is encrypted in transit and in storage.
- Encrypt thumb drives and log activity on USB ports.
- Keep your server in physically locked in a closet or room.
- Make sure you have a PIN for your smart phone, and make sure you can wipe your phone’s data remotely in case you lose it.
- Solos and small firms should use a single integrated product to deal with spam, viruses and malware.
- Set up wireless networks with proper security.
- Make sure all critical patches are applied.
- Upgrade software to supported versions to keep it secure.
- Control employees’ access to software.
- Delete the ID and cut possible access for terminated employees.
- Know the terms of security for cloud providers of software applications.
- Be wary of social media applications that ask for access to your credentials.
- Consider getting cyber insurance to protect against the consequences of a breach.
Beyond working with your IT provider, the ABA urges lawyers to do their own checking or hire an independent third party to check that your firm is keeping up with best practices.
The case involving the Chinese hackers is U.S. v. Hong et al, U.S. District Court, Southern District of New York, No. 16-cr-360.
A West Point graduate where he served as captain and military aviator, John Bair continues his commitment to our country through his efforts within the settlement planning industry. He has represented families of victims lost in the Flight 3407 crash, offered pro bono services to the families of 9/11 victims and drafted the first consumer protection bill for plaintiffs (H.R. 3699).