Hacking Target Seven Law Firms
The three individuals were arrested for targeting seven law firms in the US who were involved in Mergers and Acquisitions for several different companies. All seven law firms are unnamed. The individuals are Chinese Nationals.
The three individuals are charged with somehow gaining access to employee credentials from two of the seven targeted law firms and then exploiting the mail server and dumping 40 Gigabytes of data from the server containing information on pending mergers and acquisitions of different companies.
Email Credentials were most likely obtained by “Phishing” Attacks said Jeff Jones, CISSP and Managing Partner for Topgallant Partners, a Cyber Security Consulting Firm based outside of Boston in Londonderry, New Hampshire.
Jones said that his firm sees this type of attack as the most prevalent type of attack these days based the proliferation of effective anti-virus and network intrusion detection software on the market.
“Phishing is a way to trick an individual into giving up their username and password,” Jones said “and this type of thing is more of a con artist approach than a technical head on Attack.”
“There is technically very limited means for protecting your Network against Phishing Attacks and the only effective means is through user training and testing,” Jones said.
Press Release from Department of Justice can be viewed at: