Tag Archives: Hacking

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)

U.S. makes limited exceptions to sanctions on Russian spy agency

cars drive past headquarters

By Joel Schectman and Dustin Volz

WASHINGTON (Reuters) – The U.S. Treasury Department on Thursday adjusted sanctions on Russian intelligence agency FSB, making limited exceptions to the measures put in place by former President Barack Obama over accusations Moscow tried to influence the 2016 U.S. presidential election with cyber attacks on political organizations.

The department said in a statement it would allow U.S. companies to make limited transactions with FSB that are needed to gain approval to import information technology products into Russia.

At the White House, President Donald Trump responded to a reporter’s question about whether he was easing sanctions on Russia, saying, “I’m not easing anything.”

Sanctions experts and former Obama administration officials stressed the exceptions to the sanctions imposed in December do not signal a broader shift in Russia policy.

In a conference call with reporters, a senior Treasury Department official said the exceptions were “a very technical fix” made in response to “direct complaints” from companies that were unable to import many consumer technology products without a permit from the FSB. The action had been in the making for weeks before Trump took office on Jan. 20, the official said.

Beyond its intelligence function, the FSB also regulates the importation of software and hardware that contains cryptography. Companies need FSB approval even to import broadly available commercial products such as cell phones and printers if they contain encryption.

Peter Harrell, a sanctions expert and former senior U.S. State Department official, said Treasury officials likely had not considered the issue in December.

“I don’t think when they sanctioned FSB they were intending to complicate the sale of cell phones and tablets,” Harrell said.

David Mortlock, a former National Security Council advisor for Obama said that before granting such exceptions, the administration would ask who a sanction was hurting and who it was benefiting.

Mortlock, now an attorney, said “here it’s a pretty easy calculus” because it was clear tech companies were the ones harmed by not being able to import software into Russia, not the spy agencies.

U.S. intelligence agencies accused the FSB of involvement in hacking of Democratic Party organizations during the election to discredit Democrat Hillary Clinton and help Republican Trump.

The agencies and private cyber security experts concluded the FSB first broke into the Democratic National Committee’s computer system in the summer of 2015 and began monitoring email and chat conversations.

They said FSB was one of two Russian spy agencies involved in a broad operation approved by top-ranking people in the Russian government. In December, Obama expelled 35 suspected Russian spies and sanctioned two spy agencies. He also sanctioned four Russian intelligence officers and three companies that he said provided support to the cyber operations.

(Reporting by Joel Schectman and Dustin Volz; additional reporting by Yeganeh Torbati and Jason Lange; Editing by Alistair Bell and Grant McCool)

As attacks grow, EU mulls banking stress tests for cyber risks

file graphic of man using a computer representing cyber attacks

By Francesco Guarascio

BRUSSELS (Reuters) – The European Union is considering testing banks’ defenses against cyber attacks, EU officials and sources said, as concerns grow about the industry’s vulnerability to hacking.

Cyber attacks against banks have increased in numbers and sophistication in recent years, with criminals finding new ways to target banks beyond trying to illicitly obtain details of their customers’ online accounts. Last February $81 million was taken from the Bangladesh central bank when hackers broke into its system and gained access to the SWIFT international transactions network.

Global regulators have tightened security requirements for banks after that giant cyber fraud, one of the biggest in history, and in some countries have carried out checks on lenders’ security systems.

But complex cyber attacks have kept rising, as revealed in November by SWIFT in a letter to client banks and by the theft of 2.5 million pounds ($3 million) from Tesco Plc’s banking arm in the first mass hacking of accounts at a Western lender.

Banks “are struggling to demonstrate their ability to cope with the rising threat of intruders gaining unauthorized access to their critical systems and data,” a report of the European Banking Authority (EBA) warned in December.

The next step from European regulators to boost security could be an EU-wide stress test.

The European executive commission is assessing additional initiatives to counter cyber attacks, a commission official told Reuters. “These include cyber-threat information sharing or penetration and resilience testing of systems.”

The European Central Bank announced last year it would set up a database to register incidents of cyber crime at commercial banks in the 19-country euro zone. But exchanges of information among national authorities on cyber incidents remains scant.

The Commission is studying whether EU-wide tests would help step up security, a source at the EU executive said. This would be in addition to controls already carried out by national authorities.

EBA, which is in charge of stress-testing the bloc’s banks, is expected to detail in summer the checks it intends to conduct in the next exercise planned in mid 2018.

EBA tests banks’ capital cushions and can conduct checks on specific issues. Last year it monitored risks caused by fines, as EU lenders faced sanctions from U.S. regulators.

An EBA official said cyber security was on the agency’s radar but no decision had been made on a possible stress test. The body’s chairman, Andrea Enria, has urged EU states to stress-test their financial institutions for cyber risks.

Lloyds Banking Group is working with law enforcement agencies to trace who was behind a cyber attack that caused intermittent outages for customers of its personal banking websites almost two weeks ago, according to a source familiar with the incident. Lloyds said it would not speculate on the cause of the attack. No customers suffered any losses.

BLOCKCHAIN

As European banks keep relying on digital infrastructure that is “rigid and outdated”, according to EBA, regulators are considering new technologies that could boost security.

Blockchain, the technology behind the most successful virtual currency, Bitcoin, is being closely monitored in Brussels “to establish the advantages and possible risks” but also to weigh possible moves to enable blockchain where it is hindered, the Commission source said.

More than 1 billion euros have been invested in blockchain startups, a World Economic Forum report said.

The EU agency for network and information security (ENISA) said in a report last week the technology offered new opportunities and could cut costs, but may also pose new cyber security challenges, mostly caused by its decentralized network.

Ukraine’s power outage was a cyber attack: Ukrenergo

Dispatchers at Ukraine's national power company

By Pavel Polityuk, Oleg Vukmanovic and Stephen Jewkes

KIEV/MILAN (Reuters) – A power blackout in Ukraine’s capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday.

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station “North”, were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said.

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.

The comments make no mention of which individual, group or country may have been behind the attack.

“It was an intentional cyber incident not meant to be on a large scale… they actually attacked more but couldn’t achieve all their goals,” said Marina Krotofil, lead cyber-security researcher at Honeywell, who assisted in the investigation.

In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.

Ukrainian security services blamed that attack on Russia.

In the latest attack, hackers are thought to have hidden in Ukrenergo’s IT network undetected for six months, acquiring privileges to access systems and figure out their workings, before taking methodical steps to take the power offline, Krotofil said.

“The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure,” she said.

The attacks against Ukraine’s power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.

(Writing by Oleg Vukmanovic; reporting by Pavel Polityuk in Kiev, Oleg Vukmanovic and Stephen Jewkes in Milan; editing by Susan Fenton/Ruth Pitchford)

Democrats want 9/11-style special commission to probe Russia

rainy day at Capitol Hill

WASHINGTON (Reuters) – Democratic members of the U.S. Congress called on Monday for the creation of an independent commission to investigate Russia’s attempts to intervene in the 2016 election, similar to the Sept. 11 panel that probed the 2001 attacks on the United States.

Their “Protecting our Democracy Act” would create a 12-member, bipartisan independent panel to interview witnesses, obtain documents, issue subpoenas and receive public testimony to examine attempts by Moscow and any other entities to influence the election.

The panel members would not be members of Congress.

The legislation is one of many calls by lawmakers to look into Russian involvement in the contest, in which Republican Donald Trump defeated Democrat Hillary Clinton in the White House race, confounding opinion polls. Republicans also kept control of the Senate and House of Representatives by larger-than-expected margins.

U.S. intelligence agencies on Friday released a report saying that Russian President Vladimir Putin ordered an effort to help Trump’s electoral chances by discrediting Clinton.

Russia has denied the hacking allegations. A Kremlin spokesman said Monday they were “reminiscent of a witch-hunt.”

“There is no question that Russia attacked us,” Senator Ben Cardin, the top Democrat on the Senate Foreign Relations Committee, told a news conference.

Versions of the bill were introduced in both the Senate and House. In the Senate it has 10 sponsors. In the House it is backed by every member of the Democratic caucus, said Representative Elijah Cummings, the top Democrat on the House Oversight Committee.

However, no Republicans currently back the bill, so its prospects are dim, given Republican control of both houses of Congress.

While a few Republicans, notably Senators Lindsey Graham and John McCain, have supported calls for an independent probe, party leaders have resisted the idea, saying that investigations by Republican-led congressional committees are sufficient.

Senator Amy Klobuchar, who just returned from a trip to the Baltic states, Ukraine and Georgia with Graham and McCain, said Russia’s actions justified a probe by an independent panel of national experts.

“This is not just about one political party. It’s not even about one election. It’s not even about one country, our country. It is a repeated attempt… around the world, to influence elections,” Klobuchar said.

After Sept 11, 2001, Congress established an independent commission to look into the attacks and make recommendations about how to prevent similar actions in the future. Many of the recommendations were adopted into law.

“The American people felt good about what they did,” Cummings said.

(Reporting by Patricia Zengerle; editing by Grant McCool)

Congress begins Russia hacking probe, Trump still skeptical of U.S. intelligence

Donald Trump

By Dustin Volz

WASHINGTON (Reuters) – Senior U.S. intelligence officials will testify in Congress on Thursday on Russia’s alleged cyber attacks during the 2016 election campaign, even as President-elect Donald Trump casts doubt on intelligence agencies’ findings that Moscow orchestrated the hacks.

The hearings come a day before Trump is due to be briefed by intelligence agency chiefs on hacks that targeted the Democratic Party.

Trump is heading for a conflict over the issue with Democrats and fellow Republicans in Congress, many of whom are wary of Moscow and distrust the New York businessman’s praise of Russian President Vladimir Putin and efforts to heal the rift between the United States and Russia.

Director of National Intelligence James Clapper, National Security Agency Director Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are expected to appear before the Senate Armed Services Committee, which is chaired by Republican John McCain, a vocal critic of Putin.

Their testimony on cyber threats facing the United States will come a week after President Barack Obama ordered the expulsion of 35 Russian suspected spies and imposed sanctions on two Russian intelligence agencies over their alleged involvement in hacking U.S. political groups in the 2016 election.

U.S. intelligence agencies say Russia was behind hacks into Democratic Party organizations and operatives before the presidential election, a conclusion supported by several private cybersecurity firms. Moscow denies the hacking allegations.

U.S. intelligence officials have also said the Russian cyber attacks aimed to help Trump defeat Democrat Hillary Clinton in the Nov. 8 election. Several Republicans acknowledge Russian hacking during the election but have not linked it to an effort to help Trump win.

Documents stolen from the Democratic National Committee and John Podesta, Clinton’s campaign manager, were leaked to the media in advance of the election, embarrassing the Clinton campaign.

In a tweet on Wednesday, Trump said: “(WikiLeaks founder) Julian Assange said ‘a 14 year old could have hacked Podesta’ – why was DNC so careless? Also said the Russians did not give him the info!”

Trump also quoted Assange as telling Fox News that U.S. media coverage of the matter was “very dishonest.”

He and top advisers believe Democrats are trying to delegitimize his election victory by accusing Russian authorities of helping him.

FIRMER RESPONSE URGED

Some lawmakers, including McCain, said a firmer response was needed to check Russian aggression in cyberspace and elsewhere. He is among a handful of Republicans to join Democrats in pushing for a special committee to investigate Russia’s political hacking, although that effort has lost traction in the face of opposition from Republican leaders in Congress.

Obama instructed U.S. intelligence agencies last month to conduct a full review of the election hacks. That review could be completed and delivered to Obama as soon as Thursday, said sources familiar with the matter.

Five Democratic senators introduced legislation on Wednesday calling for the creation of an independent, nonpartisan commission to investigate Russian interference in the election.

Trump has also nominated people seen as friendly toward Moscow to senior administration posts, including secretary of state nominee Rex Tillerson, who while Exxon Mobil chief executive, was awarded the Order of Friendship, a Russian state honor, by Putin in 2013.

Rogers, the NSA chief, visited the president-elect in New York in November and is among a handful of people being considered by Trump to succeed the retiring Clapper as U.S. spy chief, in addition to former Republican Senator Dan Coats, according to sources familiar with the matter.

The Senate Foreign Relations Committee will also hold a closed-door hearing on Thursday to examine Russia’s alleged hacking and harassment of U.S. diplomats.

(Additional reporting by Patricia Zengerle and Mark Hosenball in Washington; Editing by Yara Bayoumy and Peter Cooney)

Russia will not expel anyone in response to U.S. sanctions, Putin says

A guard screens cars entering the Russian embassy on Wisconsin Avenue in Washington, U.S.

By Polina Devitt and Polina Nikolskaya

MOSCOW (Reuters) – President Vladimir Putin said Moscow would not expel anyone in response to Washington’s decision to throw out 35 suspected Russian spies and sanction intelligence agencies it believes were involved in computer hacking in the 2016 presidential election.

Foreign Minister Sergei Lavrov earlier proposed expelling 35 U.S. diplomats after outgoing U.S. President Barack Obama ordered the expulsions and sanctions on Thursday.

But Putin said he would wait for the actions of President-elect Donald Trump, who will take office on Jan. 20, before deciding on any further steps in relations with the United States.

“We will not expel anyone,” Putin said in a statement on Friday. “While keeping the right for retaliatory measures, we will not descend to the level of ‘kitchen’, irresponsible diplomacy.”

He even invited the children of U.S. diplomats to a party in the Kremlin.

It was not clear whether Trump, who has repeatedly praised Putin and nominated people seen as friendly toward Moscow to senior administration posts, would seek to roll back the measures which mark a new post-Cold War low in U.S.-Russian ties.

Russian officials have portrayed the sanctions as a last act of a lame-duck president and suggested that Trump could reverse them when he takes over the White House.

“Further steps towards the restoration of Russian-American relations will be built on the basis of the policy which the administration of President D. Trump will carry out,” said Putin.

In a separate message of New Year congratulations to Trump, he said Russia-U.S. relations were an important factor for maintaining global safety and stability.

The U.S. sanctions also closed two Russian compounds in New York and Maryland that the administration said were used by Russian personnel for “intelligence-related purposes”.

However, a former Russian Foreign Ministry employee told Reuters that the facility in Maryland was a dacha used by diplomatic staff and their children.

Lavrov also proposed banning U.S. diplomats from using a dacha in Moscow’s prestigious waterfront park area, Serebryany Bor.

But Putin said Russia would not prohibit U.S. diplomats and their families from their usual vacation spots. “Moreover, I invite all children of American diplomats accredited in Russia to the New Year and Christmas party in the Kremlin,” he said.

Obama, a Democrat, had promised consequences after U.S. intelligence officials blamed Russia for hacks intended to influence the 2016 election. Officials pointed the finger directly at Putin for personally directing the efforts and primarily targeting Democrats.

Washington put sanctions on two Russian intelligence agencies, the GRU and the FSB, four GRU officers and three companies that he said “provided material support to the GRU’s cyber operations”.

“EMBITTERED LOSERS”

Russian Prime Minister Dmitry Medvedev was more outspoken in his criticism. “It is regrettable that the Obama administration, which started out by restoring our ties, is ending its term in an anti-Russia death throes. RIP,” he wrote on his official Facebook page.

Russian Foreign Ministry spokeswoman Maria Zakharova called the Obama administration “a group of embittered and dimwitted foreign policy losers”.

Obama said Americans should be alarmed by Russia’s actions in the U.S. election.

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” he said in a statement from Hawaii, where he is on vacation.

The sanctions were the strongest response yet by the his administration to Russian cyber activities. However, a senior administration official acknowledged that Trump could reverse them and allow Russian intelligence officials back into the United States once he takes office.

Trump has brushed aside allegations from the CIA and other intelligence agencies that Russia was behind the cyber attacks. He said on Thursday he would meet with intelligence officials soon. “It’s time for our country to move on to bigger and better things,” Trump said in a statement.

“Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation,” he said, without mentioning Russia.

U.S. intelligence agencies say Russia was behind hacks into Democratic Party organizations and operatives before the Nov. 8 presidential election. U.S. intelligence officials say the Russian cyber attacks were aimed at helping Trump defeat Democrat Hillary Clinton.

Incoming White House Chief of Staff Reince Priebus told Fox News he did not condone foreign governments hacking U.S. institutions.

“It’s wrong and it’s something we don’t agree with,” Priebus said. “However, it would be nice if we could get to a place where the intelligence community in unison can tell us what it is that has been going on and what the investigation was and what it has led to so that we can respond.”

“PERSONA NON GRATA”

Obama said the State Department declared as “persona non grata” 35 Russian intelligence operatives and was closing the two Russian compounds. The 45-acre complex in Maryland includes a Georgian-style brick mansion, swimming pool, tennis courts and cottages for embassy staff.

A senior U.S. official told Reuters the expulsions would come from the Russian embassy in Washington and consulate in San Francisco.

The Russians have 72 hours to leave the United States, the official said. Access to the two compounds will be denied to all Russian officials as of noon on Friday.

The State Department has long complained that Russian security agents and traffic police have harassed U.S. diplomats in Moscow, and U.S. Secretary of State John Kerry has raised the issue with Putin and Lavrov.

The U.S. official declined to name the Russian diplomats who would be affected, although it is understood that Russia’s ambassador to the United States, Sergei Kislyak, will not be one of those expelled.

Obama said the actions announced on Thursday were just the beginning.

“These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” Obama said.

A report detailing Russia’s interference in the 2016 election as well as cyber attacks in previous election cycles would be delivered to Congress in the coming days, he added.

(Additional reporting by Dustin Volz, Yeganeh Torbati, Eric Beech and Nikolai Pavlov in Washington and Katya Golubkova and Svetlana Reiter in Moscow; Writing by Anna Willard; Editing by David Stamp)

Obama sanctions Russia for intervening in 2016 election

U.S. Democratic presidential nominee Hillary Clinton's campaign chairman John Podesta walks off the stage after addressing supporters at the election night rally in New York, U.S.,

HONOLULU (Reuters) – President Barack Obama on Thursday authorized a series of sanctions against Russia for intervening in the 2016 U.S. presidential election and warned of more action to come.

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” Obama said in a statement.

“These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said.

Obama said a report by his administration about Russia’s efforts to interfere in the 2016 election would be delivered to Congress in the coming days.

(Reporting by Jeff Mason; Editing by Chris Reese)

U.S. expels 35 Russian diplomats, closes two compounds

U.S. President Barack Obama and Russian President Vladimir Putin walk into a photo opportunity before their meeting at the United Nations General Assembly in New York

WASHINGTON (Reuters) – The United States expelled 35 Russian diplomats and closed two Russian compounds in New York and Maryland in response to a campaign of harassment against American diplomats in Moscow, a senior U.S. official said on Thursday.

The move against the diplomats from the Russian embassy in Washington and consulate in San Francisco is part of a series of actions announced on Thursday to punish Russia for a campaign of intimidation of American diplomats in Moscow and interference in the U.S. election.

The Obama administration was also announcing on Thursday a series of retaliatory measures against Russia for hacking into U.S. political institutions and individuals and leaking information to help President-elect Donald Trump and other Republican candidates, two U.S. officials said.

Trump, who takes office on Jan. 20, has called for better relations with Russia. It was not clear if he will be able to immediately overturn the measures announced on Thursday.

The Russian diplomats would have 72 hours to leave the United States, the official said. Access to the two compounds, which are used by Russian officials for intelligence gathering, will be denied to all Russian officials as of noon on Friday, the senior U.S. official added.

“These actions were taken to respond to Russian harassment of American diplomats and actions by the diplomats that we have assessed to be not consistent with diplomatic practice,” the official said.

The State Department has long complained that Russian security agents and traffic police have harassed U.S. diplomats in Moscow, and U.S. Secretary of State John Kerry has raised the issue with Russian President Vladimir Putin and his foreign minister, Sergei Lavrov.

“By imposing costs on the Russian diplomats in the United States, by denying them access to the two facilities, we hope the Russian government reevaluates its own actions, which have impeded the ability and safety of our own embassy personnel in Russia,” the official said.

The U.S. official declined to name the Russian diplomats who would be affected, although it is understood that Russia’s ambassador to the United States, Sergei Kislyak, will not be one of those expelled.

(Reporting by Lesley Wroughton; Editing by Yara Bayoumy and Alistair Bell)

U.S. accuses Chinese citizens of hacking law firms, insider trading

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore i

By Nate Raymond

NEW YORK (Reuters) – Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, U.S. prosecutors said on Tuesday.

Iat Hong of Macau, Bo Zheng of Changsha, China, and Chin Hung of Macau were charged in an indictment filed in Manhattan federal court with conspiracy, insider trading, wire fraud and computer intrusion.

Prosecutors said the men made more than $4 million by placing trades in at least five company stocks based on inside information from unnamed law firms, including about deals involving Intel Corp and Pitney Bowes Inc.

The men listed themselves in brokerage records as working at information technology companies, the U.S. Securities and Exchange Commission said in a related civil lawsuit.

Hong, 26, was arrested on Sunday in Hong Kong, while Hung, 50, and Zheng, 30, are not in custody, prosecutors said. Defense lawyers could not be immediately identified.

The case is the latest U.S. insider trading prosecution to involve hacking, and follows warnings by U.S. officials that law firms could become prime targets for hackers.

“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” U.S. Attorney Preet Bharara in Manhattan said.

Prosecutors said that beginning in April 2014, the trio obtained inside information by hacking two U.S. law firms and targeting the email accounts of law firm partners working on mergers and acquisitions.

Prosecutors did not identify the two law firms, or five others they said the defendants targeted.

But one matched the description of New York-based Cravath, Swaine Moore LLP, which represented Pitney Bowes in its 2015 acquisition of Borderfree Inc, one of the mergers in question.

The indictment said that by using a law firm employee’s credentials, the defendants installed malware on the firm’s servers to access emails from lawyers, including a partner responsible for the Pitney deal.

Cravath declined to comment. In March, Cravath confirmed discovering a “limited breach” of its systems in 2015.

Prosecutors also accused the defendants of trading on information stolen from a law firm representing Intel on the chipmaker’s acquisition of Altera Inc in 2015.

Intel’s merger counsel on the deal was New York-based Weil, Gotshal & Manges LLP. The law firm declined to comment.

In Beijing, Chinese Foreign Ministry spokeswoman Hua Chunying said she was aware of the reports about the case but knew nothing about it.

The case is U.S. v. Hong et al, U.S. District Court, Southern District of New York, No. 16-cr-360.

(Reporting by Nate Raymond; Additional reporting by Ben Blanchard in Beijing; Editing by Jeffrey Benkoe and Richard Chang)