Three Chinese hackers have been fined nearly US$10 million after they were found guilty of committing corporate espionage. A New York court ordered Iat Hong, Bo Zheng and Hung Chin to pay $8,895,561.12 (£6,889,908.75) for an “insider trading” scam in which the three hacked into major law firms and profited from stolen financial information.
A 5 May filing in the Southern District of New York recommended that the accused should pay the maximum penalty, three times what they made in their scam.
The three primarily infected two law firms with malware and harvested large tranches of emails, and private documents. The information gleaned from those breaches would inform their investments and the trio would proceed to buy thousands of shares in companies who they knew would likely net them a profit. They bought many shares in a company called Altera, for example, when they realised it would soon be acquired by Intel. The practice is said to have gotten them nearly US$3 million (£2.3 million).
The trio's whereabouts is not clear as they have not been extradited and none of them appeared in court to face their charges or even responded to the complaints against them.
The million dollar fines these three will be made to pay does not signal the end of their punishment. The three are also currently facing counts for wire fraud, unlawful access and intentional damage along with conspiracy to commit computer intrusion, wire fraud, unlawful access, intentional damage and securities fraud.
This case seems to be yet another installment in an increasingly popular trend. Late last year, FireEye warned of the threat to companies involved in mergers and acquisitions. 2015 set M&A values in the trillions, wrote FireEye researcher Holly Ridgeway, a number that would surely attract the attentions of cyber-criminals.
The “JPMorgan Breach” serves as perhaps the best example of this kind of scam. In 2015, American authorities indicted four individuals who were meant to have hacked into a variety of large financial institutions including JPMorgan Chase, Dow Jones, a variety of financial news sites, software companies and stockbrokers. The hackers stole the data of millions to aid in their manipulation of the stock markets and making off with $100 million, according to the US Attorney General's Office.Adam Kujawa head of Malware Intelligence at Malwarebytes told SC when the four were indicted in 2015 that this exhibited a bold new frontier in cyber-crime: "We aren't just dealing with casual criminals stealing a little money from individual users, but rather intricate minds utilising both modern technology and traditional psychological attacks to create a new kind of crime.”