$4m? Not a bad haul eh?!
It has recently been reported by the Wall Street Journal that three Chinese market traders earned more than $4,000,000 in illegal profits after they hacked the computer systems of US law firms and stole Mergers & Acquisitions information.
These traders used this information, which hadn’t been made public yet, to buy shares in 5 publicly traded companies.
This is an area of risk we have discussed over the past couple of years with many of our clients and their professional advisers. Indeed we produced a blog on this a couple of years back entitled ‘Strangers at the Door’ (re-blogged here)
It is useful to quickly examine just how the hackers accessed the information and why.
- The law firms were involved in M&A negotiations on behalf of clients
- The lawyers held information on the publicly traded companies involved and what stage negotiations were.
- The hackers recognised that having access to that information gave them a valuable time advantage and enabled them to buy shares in the companies well before it became public knowledge.
- The hackers installed malware on the firms’ computer networks. This allowed them to download from email accounts, including email attachments detailing the proposed purchase prices of impending deals
- They then compromised the accounts of an IT employee at each of the law firms, then posed as that employee to gain access to the firms’ private networks and email servers.
- The M&A information was accessed several times over the course of the crime.
Law firms are clearly a good source of confidential business information relating to M&A activity and other business transactions. Accountants, corporate financiers and even IFA’s also control valuable information.
The companies involved in the M&A activity were quoted companies. The hackers made money by buy shares before the mergers were announced. When they were announced, the share prices rose and the hackers sold their shares thereby making a profit.
It is important to recognise that hacking is on the rise, no doubt about it. It easy and cheap to recruit a hacker via the Dark Web, at very low cost and almost complete confidentiality.
This means that your company information is vulnerable both on your own servers and those of your professional advisers. How secure are all systems?
Hackers (your competitors both in the UK and overseas) may target you tender document submissions, your business plans, your new product development information, your pricing strategies and so on.
This is not a far-fetched scenario. Think carefully about the value of your business information to a competitor, check your own cyber protection systems (in particular your vulnerability to phishing attacks via your employees) and seek confirmation that your professional suppliers have stringent security protection and cyber insurance cover in place.