In what appears to be a coordinated attack, hackers have infiltrated three computer networks at some of the country’s most prestigious law firms.
Federal investigators think that the perpetrators could have been after confidential data for the purpose of insider trading, according to a person familiar with the matter.
According to reports, those firms include Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations. Cravath said that the incident was a “limited breach” last summer, and that it is “not aware that any of the information that may have been accessed has been used improperly.”
The source went on to say that the Manhattan US attorney’s office and Federal Bureau of Investigation are working together on this, and that the probe is in its early stages.
Hacking for insider trading purposes is not unheard-of: In a high-profile case that broke last year, during a five-year period more than 150,000 press releases with earnings figures and other market-impacting corporate information were pilfered and analyzed prior to their release—offering market brokers an opportunity to make some very savvy investments, hours to three days ahead of the game.
“While most companies generate and store some confidential, proprietary information internally, law firms tend to solicit and collect highly valuable data from their clients nearly all the time,” said Tod Beardsley, security research manager at Rapid7. “This presents a unique challenge to those firms' IT and security teams: on the one hand, attorneys and staff need to be reachable and accessible from the outside, and on the other, they need to be careful with the data they collect.”
The challenge of keeping the flow of valuable target data is exacerbated by the fact that the most respected law firms tend to be the embodiment of "legacy systems."
“Cravath Swaine & Moore, like many of its peers, has a legacy measured not in years, but centuries,” Beardsley said. “These firms have had to layer decades upon decades of communications technology in its core IT infrastructure, while simultaneously keep up with the rapidly changing threat landscape.”
Photo © asharkyu