FBI says hackers targeting law firms, PR companies
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.
The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms’ computer systems - a trend that cyber experts say began as far back as two years ago but has grown dramatically.
In many cases, the intrusions are what cyber security experts describe as "spear phishing," attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person’s business and appear to come from a trusted source.
"Law firms have a tremendous concentration of really critical, private information," said Bradford Bleier, unit chief with the FBI’s cyber division. Infiltrating those computer systems, he said, "is a really optimal way to obtain economic, personal and personal security related information."
Alan Paller, director of research at SANS Institute, a computer-security organization, said Monday that a major law firm in New York was hacked into in early 2008 in an attack that originated in China.
FBI officials did not immediately return messages for comment on the China connection. The FBI advisory was dated Nov. 1, 2009.
U.S. officials have been cautious about publicly linking cyber attacks to China. But recent government reports have described computer attacks believed to have originated in China, although it is unclear if the intrusions were conducted by, or with the endorsement of, any element of the Chinese government.
As is often the case with cyber crime, Paller said it is difficult to tell whether hackers were working on behalf of the country’s government, located in that country, or simply routing computer traffic through that country.