US charges three Chinese nationals over law firm hacks

Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, US prosecutors said on Tuesday.

Iat Hong of Macau, Bo Zheng of Changsha, China, and Chin Hung of Macau were charged in an indictment filed in Manhattan federal court with conspiracy, insider trading, wire fraud and computer intrusion.

Prosecutors said the men made over US$4 million (A$5.6 million) by placing trades in at least five company stocks based on inside information from unnamed law firms, including about deals involving Intel and Pitney Bowes.

The men listed themselves in brokerage records as working at information technology companies, the US Securities and Exchange Commission said in a related civil lawsuit.

Hong, 26, was arrested on Sunday in Hong Kong, while Hung, 50, and Zheng, 30, are not in custody, prosecutors said. Defence lawyers could not be immediately identified.

The case is the latest US insider trading prosecution to involve hacking, and follows warnings by US officials that law firms could become a prime target for hackers.

"This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals," US Attorney Preet Bharara said.

Prosecutors said that beginning in April 2014, the trio obtained inside information by hacking two US law firms and targeting the email accounts of law firm partners working on mergers and acquisitions.

Prosecutors did not identify the two law firms, or five others they said the defendants targeted.

But one matched the description of New York-based Cravath, Swaine & Moore LLP, which represented Pitney Bowes in its 2015 acquisition of Borderfree, one of the mergers in question.

The indictment said that by using a law firm employee's credentials, the defendants installed malware on the firm's servers to access emails from lawyers, including a partner responsible for the Pitney deal.

Cravath declined to comment. In March, Cravath confirmed discovering a "limited breach" of its systems in 2015.

Prosecutors also accused the defendants of trading on information stolen from a law firm representing Intel on the chipmaker's acquisition of Altera in 2015.

Intel's merger counsel on the deal was New York-based Weil, Gotshal & Manges LLP. The law firm declined to comment.