Three Chinese individuals allegedly obtained inside corporate information by hacking into two United States law firms. According to Reuters, they targeted the email accounts of the partners of the firms. Prosecutors have charged the three men with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers.
According to the indictment, the three men used a law firm employee’s credentials to install malware on one of the law firm’s servers. This allowed them to gain unauthorized access to confidential email correspondences of lawyers directly responsible for large-scale mergers and acquisitions. The three were also accused of trading on information stolen from a law firm representing Intel on the chipmaker’s acquisition of Altera, Inc. in 2015.
When one thinks of hacking victims, the image that typically comes to mind is either the widespread thievery of credit card information from large corporations or innocent victims having their identities stolen. It is relatively unusual for a law firm to be the target.
Computer Hacking in Federal Law
According to 18 USC § 1030(a)(2), part of the Computer Fraud and Abuse Act, it is unlawful for a person to intentionally access a computer without authorization or to exceed authorized access and by doing so obtain information contained in financial records or other records on any protected computer. That was further clarified by the U.S. Court of Appeals in United States v. Morris (928 F. 2d 504) in which the Court ruled that accessing or using a computer, computer network, or a website in a manner that overcomes a technological or code-based barrier constitutes “accessing without authorization.”
If the prosecution is able to prove the charge of hacking, these three men would likely be responsible for a large monetary fine and probably even jail time. However, even if the prosecution can prove that these men violated the Computer Fraud and Abuse Act as its “access without authorization” clause is interpreted in the Morris case, they would still need to prove the insider trading claim independently.
In United States v. Korchevsky, a Georgia man recently pled guilty to the exact kind of insider trading based on hacking claims of which these three men are now being accused. The only difference in that case was that the man hacked into a large company instead of a law firm. Thus, precedent does exist to bring these men to justice. Cases like this should be a clarion call to all law firms and businesses to beef up their web-based and computer-based security.
What the Chinese Hack Means for Georgia Businesses
What this means for Georgia businesses is twofold. First, every business should take proactive steps to beef up their security protocol. Requiring all employees to change their email passwords monthly and having a trustworthy IT person at the helm are two great starts. Second, it means that we all need to be a bit more vigilant before sending an email or even having a conversation about sensitive information that a dishonest person could use to his or her advantage. Internal confidentiality is no longer the only major issue for an attorney handling mergers, acquisitions, and similar business deals. Law firms will have to adapt with the times to treat hacking seriously and prioritize how to handle it.
Likewise, Georgia business owners should be doubly careful about who they involve in negotiations and deals that involve inside information. Unfortunately, no matter how sturdy the deadbolt on the door to your office might be, we’re now in an age where the firewall on your computer needs to be even stronger.
- The Most Challenging Security Issues Facing the Port of Savannah
- Anti Spam Law for Small Businesses
- 7 Habits of Great Small Business Owners