MANHATTAN (CN) – A federal indictment unsealed Tuesday says two men from Macau and one from China made millions in inside trading after hacking powerful law firms with New York offices.
U.S. Attorney Preet Bharara unveiled the 13-count superseding indictment in announcing the Christmas Day arrest of one of the accused hackers.
Iat Hong, 26, was taken into custody in Hong Kong and presented for an initial appearance the next day before a judge there.
Pending his extradition, Hong is expected to have his next court appearance on Jan. 16.
Hong’s co-defendant, 50-year-old Chin Hung is a resident of Macau. The third defendant, Bo Zheng, 30, is a resident of Changsha, China. The Securities and Exchange Commission brought a complaint of its own in the same court. It named Hong’s mother, Sou Cheng Lai in Macau, as “a relief defendant because her accounts received illegal profits from defendant Hong’s trading as part of the fraudulent scheme.”
Prosecutors say the defendants targeted at least seven law firms, and successfully penetrated the networks of at least two unnamed firms from April 2014 through late 2015.
To acquire inside information, the defendants allegedly targeted the email accounts of attorneys who worked on high-profile mergers-and-acquisitions transactions.
Expecting that the implicated companies would see jumps in their stock prices, the defendants bought up shares, according the indictment.
The government says Hong, Hung and Zheng made at least $4 million by investing in at least five publicly traded companies before public announcements that those companies would be acquired, and then selling those shares once the acquisitions were made public.
Omitting any identifying details, the government says one of the hacked firm had been retained in June 2014 to advise a company on the contemplated acquisition of drugmaker Intermune.
Hong, Hung and Zheng began exchanging emails beginning on July 21, 2014, concerning particular partners at the law firm who worked on mergers and acquisitions, according to the complaint.
By July 29, Hong allegedly emailed Hung a list of 11 partners at the law firm, including the attorney who was working on the contemplated Intermune transaction.
Prosecutors say the defendants used the credentials of one employee of the firm that same month to access one of the law firm’s web servers without authorization.
After installing malware on the server, the defendants allegedly gained unauthorized access to the firm’s email.
The unnamed partner from Hong’s list meanwhile began receiving emails about the merger deal in August, according to the complaint.
During those same days, “the defendants caused more than 40 gigabytes of confidential data to be exfiltrated from the Law Firm-1 email server,” a statement from the Justice Department says.
Hong allegedly bought 7,500 shares of Intermune stock on Aug. 13 for certain trading accounts that had never bought Intermune shares prior to that date.
Hong bought another 1,000 shares of Intermune stock in the trading accounts later that day. Hong and Zheng bought an additional 9,500 shares on Intermune stock between Aug. 18 and Aug. 21, 2014, according to the indictment.
Prosecutors say the defendants exfiltrated “approximately 10 gigabytes of confidential data from the Law Firm-1 email server” just days before.
The law firm’s client never went through with the Intermune acquisition.
“Instead, before the market opened on Monday, August 25, 2014, Intermune announced that it had reached an agreement to be acquired by Roche AG,” the statement says. “On that day, Intermune’s share price increased by approximately $19 per share, or approximately 40 percent from the closing price on Friday, August 22, 2014, the last prior trading day.”
The defendants sold their 18,000 shares that day for profits of approximately $380,000.
Two more transactions are detailed in the indictment, including Intel’s plan to acquire the integrated circuit manufacturer Altera in 2015.
After hacking emails and exfiltrating at least 2.8 gigabytes of data, again from Law Firm-1, the defendants began buying up Altera stock in February 2015.
“Prior to that date, none of the Trading Accounts had purchased any shares of Altera,” the Justice Department notes.
Doing so on at least 26 occasions, the defendants ultimately purchased more than 210,000 shares, according to the indictment.
When a financial newspaper published an article reporting on the Intel-Altera merger on March 27, Altera’s share price increased $9 per share, or approximately 26 percent.
The Justice Department says Hong, Hung and Zheng sold their shares that April for a profit of approximately $1.4 million.
The second law firm that the trio allegedly hacked worked advised Pitney Bowes on the contemplated acquisition of Borderfree Inc., an e-commerce company.
As with the other companies, Borderfree was a first-time investment for the trio’s trading accounts.
They bought 113,000 shares of Borderfree in the weeks before the Pitney Bowes-Borderfree transaction became public on May 6, 2015, according to the indictment.
“On that day, Borderfree’s stock price increased by approximately $7 per share, or 105 percent, from the previous day’s closing price,” the Justice Department states. “On May 18, 2015, Hong and Hung sold their Borderfree shares, earning a profit of approximately $841,000.”
Prosecutors say the defendants also used servers of the law firms they hacked to access data on at least 10 additional mergers-and-acquisition transactions, including certain deals that were contemplated but never consummated.
The illegal trading altogether earned the defendants at least $4 million.
Five other law firms saw their networks and servers hacked by the defendants more than 100,000 occasions between March and September 2015.
Aside from the details on Hong’s arrest, the Justice Department does not say whether Hung and Zheng are at large. It does note that Zheng had his own start-up robotics company that “was engaged in the business of developing robot controller chips and providing control system solutions.”
The defendants also allegedly hacked the networks and servers of two robotics companies from April 2014 to late 2015.
“Among other confidential information, the defendants obtained confidential and proprietary information concerning the technology and design of consumer robotic products, including detailed and confidential proprietary design schematics,” the Justice Department statemeny says. “Following these exfiltrations from the robotics company victims, the defendants exchanged emails containing certain of the confidential information they had caused to be exfiltrated from the Robotics Company Victims, including the proprietary schematics.”
The defendants stand accused of securities fraud and wire fraud, among 13 counts, most of which carry a maximum prison term of 20 years.