1 00:00:00,080 --> 00:00:03,680 Speaker 1: It's a combination of cyber crime and insider trading, and 2 00:00:03,720 --> 00:00:06,200 Speaker 1: it's aimed at the law firms doing the legal work 3 00:00:06,240 --> 00:00:10,600 Speaker 1: for mergers. Manhattan federal prosecutors have charged three Chinese hackers 4 00:00:10,640 --> 00:00:14,040 Speaker 1: with making more than four million dollars and illicit profits 5 00:00:14,080 --> 00:00:17,119 Speaker 1: by trading on information they got from breaking into the 6 00:00:17,160 --> 00:00:20,520 Speaker 1: servers of top corporate law firms in New York. They 7 00:00:20,520 --> 00:00:25,560 Speaker 1: would steal emails of partners working on mergers, but by 8 00:00:25,640 --> 00:00:29,080 Speaker 1: shares of target companies and sell them after the deals 9 00:00:29,120 --> 00:00:32,720 Speaker 1: were announced. Our guest is Christian Berthelson. He wrote about 10 00:00:32,760 --> 00:00:37,240 Speaker 1: this for Bloomberg News. He's the Bloomberg News Federal court reporter. Christian. 11 00:00:37,320 --> 00:00:40,200 Speaker 1: It's a new twist on insider trading where you don't 12 00:00:40,240 --> 00:00:44,040 Speaker 1: have to actually know and talk to an insider. Did 13 00:00:44,120 --> 00:00:48,159 Speaker 1: they how did they get into the systems? Yeah? This 14 00:00:48,280 --> 00:00:51,440 Speaker 1: is a sort of a new twist on the insider 15 00:00:51,479 --> 00:00:54,760 Speaker 1: trading prosecutions which we've seen a lot of since the 16 00:00:55,440 --> 00:00:58,680 Speaker 1: UH sort of end of the financial crisis. In this case, 17 00:00:58,880 --> 00:01:03,000 Speaker 1: the hackers seem to have started out by stealing the 18 00:01:03,040 --> 00:01:08,080 Speaker 1: log on information of of law firm employees at these 19 00:01:08,480 --> 00:01:13,560 Speaker 1: elite transaction law firms UH and then using that access 20 00:01:13,600 --> 00:01:17,800 Speaker 1: to then place malware that would allow them continued access 21 00:01:17,840 --> 00:01:22,160 Speaker 1: to the system and to emails of partners that we're 22 00:01:22,200 --> 00:01:26,760 Speaker 1: working on the transactions, and enabled them to to take 23 00:01:26,800 --> 00:01:31,679 Speaker 1: an enormous amount of both data and email communications between 24 00:01:31,720 --> 00:01:35,320 Speaker 1: partners who were working on the deals over a bit 25 00:01:35,360 --> 00:01:40,440 Speaker 1: more than a year's time from and in those emails, 26 00:01:40,440 --> 00:01:44,840 Speaker 1: they're getting all the details of these transactions, because that's 27 00:01:44,840 --> 00:01:48,600 Speaker 1: what the lawyers are talking about. It's correct. I mean 28 00:01:48,840 --> 00:01:51,640 Speaker 1: these in some cases, these were the partners who were 29 00:01:51,720 --> 00:01:56,080 Speaker 1: directly responsible for handling the legal work on the transactions. 30 00:01:56,200 --> 00:02:00,080 Speaker 1: The information at their disposal was incredibly detailed and of 31 00:02:00,120 --> 00:02:04,320 Speaker 1: course incredibly sensitive and in secret at the time, so 32 00:02:04,360 --> 00:02:08,320 Speaker 1: it gave these hackers a real bird's eye view into 33 00:02:08,639 --> 00:02:10,920 Speaker 1: these transactions and how they were pricing and what the 34 00:02:11,000 --> 00:02:14,120 Speaker 1: timing was on them and that sort of thing. Um. Ultimately, 35 00:02:14,240 --> 00:02:18,720 Speaker 1: some of the transactions were not consummated, but it appears 36 00:02:18,760 --> 00:02:22,160 Speaker 1: from the charging documents that in nearly all cases they 37 00:02:22,200 --> 00:02:24,840 Speaker 1: still wound up making money on them, because you know, 38 00:02:24,840 --> 00:02:28,320 Speaker 1: there would be media reports that talks were in the works, 39 00:02:28,560 --> 00:02:32,280 Speaker 1: or in one case, another buyer swooped in and you know, 40 00:02:32,400 --> 00:02:35,720 Speaker 1: the transaction that was being contemplated didn't happen, but then 41 00:02:35,720 --> 00:02:38,560 Speaker 1: a second buyer came in uh and took it over, 42 00:02:38,680 --> 00:02:41,720 Speaker 1: and so they still they still wound up making money. 43 00:02:41,919 --> 00:02:45,480 Speaker 1: They weren't always successful during you write that during one 44 00:02:45,600 --> 00:02:50,320 Speaker 1: six month period last year, they allegedly tried on more 45 00:02:50,400 --> 00:02:53,880 Speaker 1: than one hundred thousand occasions to break into the networks 46 00:02:53,919 --> 00:02:57,520 Speaker 1: of five law firms. Was there something about the protection 47 00:02:57,639 --> 00:03:02,160 Speaker 1: those law firms had that stopped them? I believe there 48 00:03:02,160 --> 00:03:06,880 Speaker 1: were seven law firms that were targeted by the group, 49 00:03:07,720 --> 00:03:11,880 Speaker 1: but only to whose networks were actually penetrated, So uh, 50 00:03:11,919 --> 00:03:16,040 Speaker 1: they did have difficulty accessing the systems of five other 51 00:03:16,120 --> 00:03:19,960 Speaker 1: firms that were involved in these deals. UM, I mean 52 00:03:20,639 --> 00:03:24,360 Speaker 1: in to try one hundred thousand times in six months, 53 00:03:24,360 --> 00:03:26,880 Speaker 1: I think that works out to an attempt of about 54 00:03:26,919 --> 00:03:30,640 Speaker 1: five hundred five hundred attempts per day, which suggested they 55 00:03:30,639 --> 00:03:34,720 Speaker 1: were using some kind of computerized program uh to to 56 00:03:35,160 --> 00:03:37,800 Speaker 1: attempt these hacks, and you know, not that they were 57 00:03:37,960 --> 00:03:41,240 Speaker 1: sort of manually trying to key in each time. This 58 00:03:41,320 --> 00:03:43,960 Speaker 1: isn't the first time that law firms have been hacked, 59 00:03:44,040 --> 00:03:47,640 Speaker 1: is it. I think actually this is a relatively new 60 00:03:47,640 --> 00:03:53,200 Speaker 1: wrinkle in the in the hacking for insider trading scheme. 61 00:03:53,240 --> 00:03:56,760 Speaker 1: I mean, we've seen cases before where hackers access the 62 00:03:56,800 --> 00:04:00,280 Speaker 1: networks of like pr Newswire and business wire. You know 63 00:04:00,400 --> 00:04:07,840 Speaker 1: companies that uh that publish um sensitive deal information when 64 00:04:07,880 --> 00:04:11,440 Speaker 1: it's to be announced and and so you've seen them 65 00:04:11,520 --> 00:04:14,320 Speaker 1: sort of try to access information that way. But in 66 00:04:14,400 --> 00:04:18,640 Speaker 1: terms of of attacking and hacking the law firms that 67 00:04:18,640 --> 00:04:21,800 Speaker 1: are directly involved in the deal, I don't think that's 68 00:04:21,800 --> 00:04:26,359 Speaker 1: something we've seen before. Manhattan US Attorney Preet Berarra says 69 00:04:26,480 --> 00:04:29,760 Speaker 1: the case of cyber Meats securities fraud should serve as 70 00:04:29,760 --> 00:04:32,760 Speaker 1: a wake up call for law firms around the world. 71 00:04:33,400 --> 00:04:36,600 Speaker 1: So what will this wake up call make them? Do 72 00:04:38,000 --> 00:04:41,040 Speaker 1: you know, it's one case. I don't know if it's 73 00:04:41,080 --> 00:04:47,440 Speaker 1: possible to generalize about the quality of of security um 74 00:04:47,480 --> 00:04:51,839 Speaker 1: practices at law firms sort of across the industry. But 75 00:04:51,920 --> 00:04:55,440 Speaker 1: I think any major law firm, particularly those that are 76 00:04:55,480 --> 00:05:00,160 Speaker 1: working on transactional type of work, are probably like they're 77 00:05:00,160 --> 00:05:02,640 Speaker 1: going to take a look at their own systems and 78 00:05:02,720 --> 00:05:05,240 Speaker 1: ensure that they've got sort of best practices when it 79 00:05:05,279 --> 00:05:10,839 Speaker 1: comes to maintaining top security practices. Do we know how 80 00:05:11,320 --> 00:05:16,320 Speaker 1: the federal prosecutors or the sec discovered that this was 81 00:05:16,360 --> 00:05:20,919 Speaker 1: going on. That is not laid out in the documents 82 00:05:20,920 --> 00:05:23,120 Speaker 1: that have been made public so far. I mean, the 83 00:05:23,520 --> 00:05:28,680 Speaker 1: enforcement agencies have have pretty detailed means these days of 84 00:05:28,720 --> 00:05:33,400 Speaker 1: seeing who is trading before announcements are made, or you know, 85 00:05:33,520 --> 00:05:38,800 Speaker 1: who is trading insecurities that they don't frequently trade. Um, 86 00:05:38,839 --> 00:05:42,839 Speaker 1: you know, all the basically all the indicia of people 87 00:05:42,920 --> 00:05:46,560 Speaker 1: using insiderer information to try and get ahead of the market. 88 00:05:47,160 --> 00:05:50,440 Speaker 1: So it could have been detected in that way. It's 89 00:05:50,480 --> 00:05:55,280 Speaker 1: just not clear. So this fits in with pre barraras 90 00:05:55,320 --> 00:06:00,160 Speaker 1: insider trading gold medals, I guess because I can't think 91 00:06:00,160 --> 00:06:03,160 Speaker 1: of any other federal prosecutor who has as many insider 92 00:06:04,000 --> 00:06:08,839 Speaker 1: trading prosecutions to his name. That's right. Well, that seems 93 00:06:08,880 --> 00:06:11,280 Speaker 1: to have been a priority of his office since he 94 00:06:12,120 --> 00:06:14,479 Speaker 1: became U S Attorney back in the aftermath of the 95 00:06:14,480 --> 00:06:18,000 Speaker 1: financial crisis. Uh, you know, insider trading, of course did 96 00:06:18,000 --> 00:06:20,200 Speaker 1: not cause the financial crisis, but it is one of 97 00:06:20,240 --> 00:06:25,000 Speaker 1: the more easily prosecutable white collar crimes. Financial type crimes. 98 00:06:25,000 --> 00:06:27,400 Speaker 1: They're out there as opposed to you know, a fraud 99 00:06:27,480 --> 00:06:30,640 Speaker 1: or a market manipulation. So the office has done a 100 00:06:30,680 --> 00:06:33,479 Speaker 1: lot of those kinds of cases. Uh, they've more often 101 00:06:33,560 --> 00:06:37,359 Speaker 1: actually focused on the insiders, you know, the the you know, 102 00:06:37,480 --> 00:06:41,479 Speaker 1: members of boards of directors who are passing information to 103 00:06:42,080 --> 00:06:46,080 Speaker 1: hedge fund managers, you know, as we saw in some 104 00:06:46,200 --> 00:06:50,279 Speaker 1: of the some of the cases involving rajak Gupta and 105 00:06:50,880 --> 00:06:55,159 Speaker 1: raj rajaratnam Uh and others like it. But this is 106 00:06:55,240 --> 00:06:57,680 Speaker 1: sort of again sort of a new and different take. 107 00:06:57,720 --> 00:07:01,240 Speaker 1: Whereas you pointed out earlier on that this is not 108 00:07:01,560 --> 00:07:04,560 Speaker 1: these are not actually insiders. These are people thousands of 109 00:07:04,600 --> 00:07:10,080 Speaker 1: miles away with no apparent connection to anything, who are 110 00:07:10,400 --> 00:07:15,239 Speaker 1: gleaning inside information remotely. It really opens up a whole 111 00:07:15,240 --> 00:07:18,160 Speaker 1: new door to insider trading and perhaps we'll be seeing 112 00:07:18,200 --> 00:07:21,240 Speaker 1: more of these kinds of prosecutions. Thank you for joining 113 00:07:21,320 --> 00:07:24,960 Speaker 1: us on Bloomberg Law. That's Christian Berthelsen. He is Bloomberg 114 00:07:25,000 --> 00:07:28,400 Speaker 1: News Federal court reporter, and he wrote about this coming 115 00:07:28,480 --> 00:07:32,160 Speaker 1: up on Bloomberg Law. How pool client accounts at US 116 00:07:32,240 --> 00:07:37,160 Speaker 1: law firms create a loophole in international anti money laundering 117 00:07:37,400 --> 00:07:41,120 Speaker 1: safeguards and what lawyers should be doing about that. I'm 118 00:07:41,200 --> 00:07:43,000 Speaker 1: June Grass. This is Bloomberg