US prosecutors have charged three Chinese men with making more than $4m (£3.2m) by allegedly trading on information obtained from hacking top merger and acquisition law firms.
The defendants are charged with targeting at least seven top international law firms with offices in New York, which advised companies on corporate mergers and acquisitions.
The men are alleged to have successfully obtained inside information from at least two firms by hacking their networks and servers. Once they obtained access to the law firms’ networks, they targeted email accounts of law firm partners who worked on high-profile M&A transactions.
That information was used to purchase stock in five companies before the public announcements were made. By purchasing shares before the public announcements were made, they made $4m.
In addition, the defendants are alleged to have repeatedly attempted unauthorised access to the networks and servers of five other firms. Between March and September 2015, they attempted to cause unauthorised access on more than 100,000 occasions.
The three men charged with insider trading and hacking are Iat Hong, Bo Zheng and Chin Hung.
The United States attorney’s office and the Federal Bureau of Investigation said Hong was arrested in Hong Kong on Christmas Day.
Manhattan US attorney Preet Bharara said: "This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”
FBI assistant director-in-charge William Sweeney said: “The subjects charged in this case allegedly stole nonpublic information through unauthorised access to law firms’ computers, and used the information for their own personal gain.
"The FBI works around the clock to keep these types of alleged securities fraudsters and cyber criminals from trading on stolen information, potentially manipulating the market at the cost of legitimate investors, and harm to corporations.” ®
Sponsored: Webcast: Simplify data protection on AWS