Ride the Lightning

Russian Cybercriminal Aims to Breach Top U.S. Law Firms

April 4, 2016

Crain's Chicago Business reported on March 29^th that a Russian cybercriminal called "Oleras", living in the Ukraine, has been trying since January to hire hackers to break into the computer networks of nearly 50 elite law firms so he can trade on insider information. The source of the story was a February 3^rd alert from Flashpoint, a New York threat intelligence firm.

Oleras posted on a cybercriminal forum that he planned, once the law firms were compromised, to use keywords to locate drafts of merger agreements, letters of intent, confidentiality agreements and share purchase agreements. His list of targeted law firms included names, e-mail addresses and social media accounts for specific law firm employees.

Oleras hoped to hire a black-hat hacker to handle the technical part of breaking into the law firms, offering to pay $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1,000,000. Sporting of him.

On February 22, another Flashpoint alert said that Oleras had singled out eight lawyers from top firms, for a sophisticated phishing attack. The phishing e-mail appeared to come from an assistant at trade journal Business Worldwide and asked to profile the lawyer for excellence in mergers and acquisitions.

The firms targeted reads like an entry from Who's Who Among Law Firms. Targets included Akin Gump, Allen & Overy, Baker & Hostetler, Baker Botts, Cadwalader Wickersham & Taft, Cleary Gottlieb, Covington & Burling, Cravath Swaine (which we now know suffered a breach last year), Davis Polk, Debevoise & Plimpton, Dechert, DLA Piper, Ellenoff Grossman, Freshfields Bruckhaus, Fried Frank, Gibson Dunn, Goodwin Procter, Hogan Lovells, Hughes Hubbard, Jenner & Block, Jones Day, Kaye Scholer, Kirkland & Ellis, Kramer Levin, Latham & Watkins, McDermott Will & Emery, Milbank Tweed, Morgan Lewis, Morrison & Foerster, Nixon Peabody, Paul Hastings, Paul Weiss, Pillsbury Winthrop, Proskauer Rose, Ropes & Gray, Schulte Roth, Seward & Kissel, Shearman & Sterling, Sidley Austin, Simposon Thacher, Skadden Arps, Sullivan & Cromwell, Vinson & Elkins, Wachtell Lipton, Weil Gotshal (which also suffered a breach last summer), White & Case and Wilkie Farr.

It strikes me that there is no secret about which firms hold M&A data that could allow insider trading. It was confirmed by the Wall Street Journal that two firms on the list had been breached last year – and no doubt many more. The secrecy surrounding law firm data breaches is unsettling – the failure to abide by the letter and spirit of data breach notification laws and lawyers' ethical duties to advise clients of compromised confidential data has not exactly burnished the reputation of the firms. The "we can't be sure what data was touched/taken" doesn't hold much water with clients. With the sophisticated technology of large law firms today, it is unlikely that they cannot determine what data was touched. The chorus of "no comment" replies to media inquiries about breaches abound. The "cone of silence" around law firm data breaches is a shameful one.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson