中國黑客入侵促使美國律所加強網(wǎng)絡安全

Some of the biggest law firms on Wall Street are scrambling to shore up their defences against cyber attacks, in the wake of a raid by Chinese hackers which led to millions of dollars of profits from insider trading.

華爾街一些最大的律師事務所爭相加強針對網(wǎng)絡攻擊的防御，此前傳出的消息稱，中國黑客發(fā)起的一起攻擊導致了數(shù)百萬美元的內幕交易利潤。

Preet Bharara, US attorney for the southern district of New York, this week charged three individuals who he said infiltrated law firms over a period of about 18 months by hacking in to networks and servers.

紐約南區(qū)聯(lián)邦檢察官普里特•巴拉拉(Preet Bharara)本周對三人提出刑事控罪，他表示，這些人在大約18個月期間通過侵入網(wǎng)絡和服務器，對律師事務所進行滲透。

Once inside, the gang targeted the email accounts of senior partners who worked on mergers and acquisitions. They then bought stock in at least five publicly traded companies which were the target of deals, netting profits of about $4m once the transactions were announced.

侵入系統(tǒng)后，這個團伙把目標對準處理并購業(yè)務的高級合伙人的電子郵件賬戶。然后他們買入至少五家屬于交易目標的上市公司的股票，在交易公布后斬獲約400萬美元利潤。

Reports of the probe earlier this year prompted law firms to try to plug gaps, efforts that are likely to be stepped up after the disclosure of criminal charges against the trio.

今年早些時候有關這項調查的報道，促使各律師事務所努力堵住安全漏洞。在檢方宣布對三人提出刑事指控之后，各律所很可能加大這方面的力度。

On Wednesday, New York’s Department of Financial Services added to the urgency by updating a proposed rule on cyber security regulation, which is due to come into force in March.

周三，紐約州金融服務管理局(New York State Department of Financial Services)更新了一項擬議的網(wǎng)絡安全監(jiān)管規(guī)則，該規(guī)則將于3月生效，此舉加大了強化網(wǎng)絡安全的緊迫性。

The rule, the first in the US, requires banks and insurers to make certain that their systems, and the systems of third-party vendors such as law firms, can handle the risks associated with cyber threats.

這套規(guī)則將是美國第一項此類規(guī)則，它要求銀行和保險公司確保其系統(tǒng)和第三方供應商(如律師事務所)的系統(tǒng)能夠應對與網(wǎng)絡威脅相關的風險。

Two of the law firms advising on deals from which the hackers profited were Cravath, Swaine & Moore and Weil, Gotshal & Manges, according to announcements at the time. Both law firms declined to comment.

根據(jù)當時公布的資料，讓黑客得逞的為交易提供咨詢的律所中，有兩家是柯史莫法律事務所(Cravath, Swaine & Moore)和威嘉律師事務所(Weil, Gotshal & Manges)。這兩家律所都拒絕置評。

“It wasn’t us this time, but it could have been,” said a senior partner at another white-shoe law firm. “Every day people are trying to get in.”

“這次不是我們，但我們也可能成為受害者，”另一家“白鞋”律師事務所的一位高級合伙人表示。“每天都有人試圖侵入系統(tǒng)。”

The action is the latest in a series of cases of so-called “outsider trading”, which watchdogs see as an increasingly serious threat to securities markets.

此案是一系列所謂“外線交易”案件中的最新一例，監(jiān)管機構認為此類案件對證券市場構成日益嚴重的威脅。

Unlike classic insider trading, where executives trade stock based on material, non-public information learnt at the office, outsider traders typically have no connection to the company concerned and do not owe a fiduciary duty to anyone.

與典型的內幕交易(高管根據(jù)在辦公室獲得的實質性的、非公開的信息買賣股票)不同，外部交易者一般與相關公司沒有聯(lián)系，也不對任何人負有受托責任。

Last August, US authorities charged a gang of Ukrainian hackers, alleging that they made $30m in illegal profits by trading on stolen information from 150,000 press releases before they were made public.

去年8月，美國有關部門對一伙烏克蘭黑客提出刑事指控，聲稱他們通過竊取15萬份未發(fā)布新聞稿的信息并據(jù)此交易，賺取了3000萬美元非法利潤。

That case inspired other Ukraine-based criminals to test the defences of big law firms, according to Flashpoint, an intelligence agency which says it picked up discussion on dark-web forums about a year ago.

商業(yè)風險情報公司閃點(Flashpoint)表示，該案激發(fā)了烏克蘭其他犯罪分子試探大型律師事務所的防御。該公司大約一年前在一些暗網(wǎng)(dark-web)論壇上注意到了相關討論。

The company put out an alert in March raising awareness of the risk of so-called “spear phishing”, in which hackers use highly targeted emails to trick users into inadvertently downloading software which then attacks their machines.

該公司在今年3月發(fā)出警告，旨在提升對所謂“魚叉式網(wǎng)絡釣魚”(spear phishing)風險的認知，這是指黑客使用高度針對性的電子郵件欺騙用戶在不經(jīng)意間下載軟件，這些軟件隨后攻擊他們的機器。

Similar techniques were used in the China attack, said the US government.

美國政府表示，類似方法被用于中國黑客的攻擊。

Law firms were seen as “kind of a soft target, because of their perceived lack of proper security hygiene”, said Vitali Kremez, a New York-based analyst in Flashpoint’s cyber crime intelligence unit.

閃點公司網(wǎng)絡犯罪情報部門常駐紐約的分析師維塔利•克雷梅茲(Vitali Kremez)介紹說，律師事務所被視為“某種軟目標，因為他們被認為缺乏恰當?shù)陌踩雷o”。