The U.S. Securities and Exchange Commission (SEC) recently charged three Chinese traders with fraudulently trading on hacked, nonpublic, market-moving information stolen from two prominent New York-based law firms, racking up almost $3 million in illegal profits. The agency is also seeking an asset freeze that would prevent the traders from cashing in on their illicit gains.
This is the first time that the SEC has issued charges in regards to hacking into a law firm’s computer network.
The SEC’s complaint alleged that Iat Hong, Bo Zheng and Hung Chin executed a deceptive scheme to hack into the networks of two law firms and steal confidential information pertaining to firm clients that were considering mergers or acquisitions.
The alleged hacking incidents involved installing malware on the law firms’ networks, compromising accounts that enabled access to all email accounts at the firms, and copying and transmitting dozens of gigabytes of emails to remote internet locations.
Hong and Zheng in particular coveted the emails of attorneys involved in mergers and acquisitions as they exchanged a list of partners who performed the work at one of the law firms prior to the hack at that firm.
According to the SEC, Hong, Zheng and Chin used the stolen confidential information contained in emails to purchase shares in at least three public companies ahead of public announcements about entering into merger agreements. The agency alleged that they spent roughly $7.5 million in a one-month period buying shares in semiconductor company Altera in advance of a 2015 report that it was in talks to be acquired by Intel. Within 12 hours of emails being extracted from one of the firms, Hong and Chin allegedly began purchasing shares of e-commerce company Borderfree so aggressively that they accounted for at least 25% of the company’s trading volume on certain days in advance of the announcement of a 2015 deal. Hong and Zheng also allegedly traded in advance of a 2014 merger announcement involving InterMune, a pharmaceutical company.
Antonia Chion, associate director of the SEC’s Division of Enforcement, commented:
As we allege, the defendants’ ‘hacking to trade’ scheme involved numerous levels of deception as they gained broad access to the nonpublic networks of two law firms, stole confidential information and then used it for substantial personal gain. This action marks the end of their alleged deception and serves as a stark reminder to companies and firms that your networks can be vulnerable targets.
In a parallel action, the U.S. Attorney’s Office announced criminal charges.