Hackers Have New Technique: 'Spear Phishing'

WASHINGTON — Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems — a trend that cyber experts say began as far back as two years ago but has grown dramatically.

In many cases, the intrusions are what cyber security experts describe as "spear phishing," attacks that come through personalized spam e-mails that can slip through common defenses and appear harmless because they have subject lines appropriate to a person's business and appear to come from a trusted source.

"Law firms have a tremendous concentration of really critical, private information," said Bradford Bleier, unit chief with the FBI's cyber division. Infiltrating those computer systems, he said, "is a really optimal way to obtain economic, personal and personal security related information."

Alan Paller, director of research at SANS Institute, a computer-security organization, said Monday that a major law firm in New York was hacked into in early 2008 in an attack that originated in China.

FBI officials did not immediately return messages for comment on the China connection. The FBI advisory was dated Nov. 1, 2009.

U.S. officials have been cautious about publicly linking cyber attacks to China. But recent government reports have described computer attacks believed to have originated in China, although it is unclear if the intrusions were conducted by, or with the endorsement of, any element of the Chinese government.

As is often the case with cyber crime, Paller said it is difficult to tell whether hackers were working on behalf of the country's government, located in that country, or simply routing computer traffic through that country.

While some computer network attacks may be linked to countries such as China, in some cases they now can be orchestrated by independent cyber crime groups.

The hackers going after law firms, said Paller, often target companies that are negotiating a major international deal — anything from seeking a patent on a sensitive new technology to opening a plant in another country.

"The best documents to steal are in the law firm that represents that company," said Paller, adding that often they are looking for documents that lay out the company's playbook for the deal, or its negotiating positions and tactics.

While opening a "spear phishing" e-mail itself does not pose a danger, they often contain Web links or attachments that when clicked on or opened will infiltrate the network or install malicious programs.

Once the hacker is in the network, they often plant a computer program that searches for, collects and copies files and sends them to a computer server, usually in another country. The program also may create a back door that will allow hackers to get back in later.

The FBI warned that the attachments or links can appear to be anything from a photo to an executable program.

Speaking to a crowd at an American Bar Association conference Friday, Bleier and other U.S. cyber officials warned that companies need to start re-evaluating what they put on their networks because hackers are getting more sophisticated.

While hackers used to be lone cyber attackers, they now more often are part of larger transnational organized crime operations, said Chris Painter, the White House's acting cybersecurity director.

The FBI said it noticed the increase in attacks on law firms and public relations companies during ongoing investigations.