Some of the biggest law firms in the United States have been breached by malicious hackers. Their intent? Confidential information for the purposes of insider training, a report has revealed.
The law firms that represent some of the biggest Fortune 500 and Wall Street companies for lawsuits, mergers and acquisitions, legal counsel and more have been breached, a Wall Street Journal report has revealed.
The targeted firms include Cravath Swaine & Moore LLP, Weil Gotshal & Manges LLP, among others.
While it is still unclear as to what the hackers stole or indeed, were looking for, the subsequent investigation is looking into the possibility of hacking to facilitate insider hacking.
According to sources for the WSJ familiar with the investigation, the FBI and the Manhattan U.S. attorney’s office are both engaged in the probe since the beginning of the year at its earliest stages.
In a statement, Cravath Swaine & Moore claimed:
Last summer, the firm identified a limited breach of its IT systems. We have worked closely with law enforcement authorities who have jurisdiction over this matter. Upon identifying the incident, we immediately supplemented our IT security measures with the assistance of additional outside security consultants.
The attack highlights the increasingly sophisticating ways In which hackers are looking at the landscape to steal sensitive information that could prove to be very lucrative.
Law Firms Under the Scanner
The breach will come as a blow to law firms as it predictably brings concerns to their clients. A number of senior lawyers at firms have reportedly admitted that their clients are conducting their own internal assessments of the firms they hire, as a result of the vulnerability to data breaches.
Law firms make for enticing targets for cybercriminals and hackers looking for sensitive information. The notion of undisclosed, private mergers and acquisitions, if stolen, brings with it the possibility of insider trading.
Information is Money
Financial firms, Wall Street firms, publications and now law firms are being targeted by opportunistic hackers who can use stolen information including client emails for a varied range of cybercriminal activities including spear phishing.
One of the most prominent cases of cybercriminal activity facilitating information theft for insider trading was that of a $100 million insider trading ring. The racket saw crooked Wall Street traders combine with a gang of Ukrainian hackers. The latter, breached newswire agencies to look into press releases before they were published. Altogether, over 150,000 press releases were stolen, across prominent wire agencies in New York, San Francisco and Toronto.
A year later, the SEC brought forward charges against several defendants in the international scheme that saw those involved make away with a speculated $100 million in profits.
Featured image from Shutterstock.