31 Mar 2016

Russian cyber criminal targets elite law firms

A Russian cyber criminal has targeted nearly 50 elite law firms, including four in Chicago, to collect confidential client information for financial gain.
The mastermind, a broker named “Oleras” living in Ukraine, has been attempting since January to hire hackers to break into the firms' computer systems so he can trade on insider information, according to a Feb. 3 alert from Flashpoint, a New York threat intelligence firm.

Kirkland & Ellis L.L.P., Sidley Austin L.L.P., McDermott Will & Emery and Jenner & Block L.L.P. all were listed on a spreadsheet of potential marks. It named 46 of the country's largest law firms, plus two members of the UK's Magic Circle.
A spokeswoman for Flashpoint said the firm had notified law enforcement and declined to comment further.
The FBI was investigating as of March 4, when it published its own industry alert detailing the threat. The agency's press office did not return a message seeking comment.
Kirkland was aware of the threat, and no client data was accessed, the firm's chief information officer, Dan Nottke, said in an email. The firm subscribes to several security information-sharing services, including ones operated by the FBI and the Financial Services Information Sharing and Analysis Center, the cyber security information clearinghouse for the financial services industry.
Spokesmen for McDermott and Jenner declined to comment. Messages to Sidley seeking comment were not returned.
Law firms have largely trailed their clients in confronting the possibility of hackers accessing their networks for illegal profit. Though they hold vast repositories of confidential information, many firms are slow to adopt up-to-date defenses against malware and spyware, said Jay Kozie, principal at Keno Kozie Associates, a Chicago-based law firm technology consultancy.
“I've always been surprised, frankly, that the law firms have not been more aggressively targeted in the past,” he said. “If you've got confidential information about a merger or a patent, it's going to be very valuable.”
In this latest scheme, Oleras posted on a cyber criminal forum a plan to infiltrate the law firms' networks, then use keywords to locate drafts of merger agreements, letters of intent, confidentiality agreements and share purchase agreements. The list of targeted law firms also included names, email address and social media accounts for specific employees at the firms.
“Overall, Oleras wanted to know in advance which companies were going to be merged with the help of the stolen law firm documents and subsequently leverage this information to execute algorithmic insider trading activities,” the Flashpoint alert says, with the money then laundered through front companies in Belize and Cypriot bank accounts.
The broker hoped to recruit a black-hat hacker to handle the job's technical aspects for $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1 million.
On Feb. 22, another Flashpoint alert noted that Oleras had singled out eight lawyers from top firms, including one from Kirkland's management committee, for a sophisticated phishing attack. The phishing email appeared to originate from an assistant at trade journal Business Worldwide and asked to profile the lawyer for excellence in M&A

businessinsurance