A Russian
cyber criminal has targeted nearly 50 elite law firms, including four in
Chicago, to collect confidential client information for financial gain.
The
mastermind, a broker named “Oleras” living in Ukraine, has been
attempting since January to hire hackers to break into the firms'
computer systems so he can trade on insider information, according to a
Feb. 3 alert from Flashpoint, a New York threat intelligence firm.
Kirkland
& Ellis L.L.P., Sidley Austin L.L.P., McDermott Will & Emery
and Jenner & Block L.L.P. all were listed on a spreadsheet of
potential marks. It named 46 of the country's largest law firms, plus
two members of the UK's Magic Circle.
A spokeswoman for Flashpoint said the firm had notified law enforcement and declined to comment further.
The
FBI was investigating as of March 4, when it published its own industry
alert detailing the threat. The agency's press office did not return a
message seeking comment.
Kirkland
was aware of the threat, and no client data was accessed, the firm's
chief information officer, Dan Nottke, said in an email. The firm
subscribes to several security information-sharing services, including
ones operated by the FBI and the Financial Services Information Sharing
and Analysis Center, the cyber security information clearinghouse for
the financial services industry.
Spokesmen for McDermott and Jenner declined to comment. Messages to Sidley seeking comment were not returned.
Law
firms have largely trailed their clients in confronting the possibility
of hackers accessing their networks for illegal profit. Though they
hold vast repositories of confidential information, many firms are slow
to adopt up-to-date defenses against malware and spyware, said Jay
Kozie, principal at Keno Kozie Associates, a Chicago-based law firm
technology consultancy.
“I've
always been surprised, frankly, that the law firms have not been more
aggressively targeted in the past,” he said. “If you've got confidential
information about a merger or a patent, it's going to be very
valuable.”
In
this latest scheme, Oleras posted on a cyber criminal forum a plan to
infiltrate the law firms' networks, then use keywords to locate drafts
of merger agreements, letters of intent, confidentiality agreements and
share purchase agreements. The list of targeted law firms also included
names, email address and social media accounts for specific employees at
the firms.
“Overall,
Oleras wanted to know in advance which companies were going to be
merged with the help of the stolen law firm documents and subsequently
leverage this information to execute algorithmic insider trading
activities,” the Flashpoint alert says, with the money then laundered
through front companies in Belize and Cypriot bank accounts.
The
broker hoped to recruit a black-hat hacker to handle the job's
technical aspects for $100,000, plus another 45,000 rubles (about $564).
He offered to split the proceeds of any insider trading 50-50 after the
first $1 million.
On
Feb. 22, another Flashpoint alert noted that Oleras had singled out
eight lawyers from top firms, including one from Kirkland's management
committee, for a sophisticated phishing attack. The phishing email
appeared to originate from an assistant at trade journal Business
Worldwide and asked to profile the lawyer for excellence in M&A
businessinsurance