Earlier this month, the FBI’s cyber division issued an alert that it has information that hackers are specifically targeting international law firms as part of an insider trading scheme.
“In a recent cyber criminal forum post, a criminal actor posted an advertisement to hire a technically proficient hacker for the purposes of gaining sustained access to the networks of multiple international law firms,” the alert from March 3rd stated.
The FBI alert — 160304-001 — didn’t share any other information, such as the name of the forum where it saw this post, or when it exactly it was posted. But it did say that it believed the criminal behind the post is interested in obtaining sensitive information for insider trading purposes. The alert which was sent to some law firms did not appear to be posted online.
CLICK ON THE IMAGES ABOVE TO ENLARGE.
Corporate law firms have long held material non-public information that’s been desirable for insider trading schemes. In February, Big Law Business ran down the details of six firms caught up in such schemes, including Fox Rothschild, Wilson Sonsini Goodrich & Rosati, Simpson Thacher & Bartlett, Holland & Knight, Thompson Hine, Hunton & Williams.
In each of those cases, insiders including both lawyers and staff abused their position of access to the servers. What’s different about the FBI alert is that warns about outsiders hacking in to a law firm’s servers.
“This goes well beyond hacking to obtain personal data and credit card numbers, " Michael Overly, a partner at Foley & Lardner who focuses on cyber security issues, wrote in an email, adding the alert highlights the growing sophistication of hackers.
“In all honesty, I believe many law firms, particularly small and mid-size firms are behind the curve when it comes to addressing information security,” Overly added. “That is certainly changing as clients are now routinely sending security due diligence questionnaires to their counsel to assess the security preparedness of their firms.”
In March 2015, the New York Times reported on an internal Citigroup report that found “digital security at many law firms, despite improvements, generally remains below the standards for other industries.”
Overly predicted that firms with poor security will lose clients and those with better security will gain a competitive advantage.
Brian Finch, a partner at Pillsbury who works on cyber security, said that although there’s been a learning curve and some firms are better than others, many international law firms have been investing heavily in their security networks in recent years. This is particularly true of law firms with large financial institutions as clients, which have been demanding tighter security and even conducting audits, Finch said.
“It’s also becoming an ethics requirement among the state bars,” he said. “They’re increasingly focused on it and I think that’ll drive attention to the issue.”
Finch added, “I think if firms aren’t doing a lot, they’ll probably be forced to do more in the future.”
Laura Jehl, a Sheppard Mullin Richter & Hampton partner who works on cyber security, said the alert was “disturbing,” but “not really surprising.”
“We’ve known for a while that law firms are a frequent target of hackers because they hold significant amounts of non-public information,” Jehl wrote in an email. “The FBI warning is a clear reminder to firms that they need to protect their networks and be alert to increasingly sophisticated phishing and other schemes.”