Saturday, November 05, 2011

Chinese Trade Secret Cases via Internet Might Be Tip of The Iceberg

Foreign Spies Stealing US Secrets In Cyberspace, Report to Congress on Foreign Economic Collection and Industrial Espionage 2009-2011 is published this October, see here.

In the report both China and Russia were named as the most important culprits in the area of misappropriation of intellectual property and stealing trade secrets. The reports confirms that data on the internet are, indeed, vulnerable to cyber attacks. And that corporate victims are, indeed, not very eager to share to the world that they there information has been stolen because they do not want to expose the vulnerabilities in their system to their world.

The most interesting of the report is that only so little corporate trade secret thieves were caught. Based on the sheer number of inhabitants in China these cases below must have been the tip of the iceberg:
  • "In a February 2011 study, McAfee attributed an intrusion set they labeled “Night Dragon” to an IP address located in China and indicated the intruders had exfiltrated data from the computer systems of global oil, energy, and petrochemical companies. Starting in November 2009, employees of targeted companies were subjected to social engineering, spear-phishing e-mails, and network exploitation. The goal of the intrusions was to obtain information on sensitive competitive proprietary operations and on financing of oil and gas field bids and operations." (p. 5)
  • "In January 2010, VeriSign iDefense identified the Chinese Government as the sponsor of intrusions into Google’s networks. Google subsequently made accusations that its source code had been taken—a charge that Beijing continues to deny." (p.5)
  • "Mandiant reported in 2010 that information was pilfered from the corporate networks of a US Fortune 500 manufacturing company during business negotiations in which that company was looking to acquire a Chinese firm. Mandiant’s report indicated that the US manufacturing company lost sensitive data on a weekly basis and that this may have helped the Chinese firm attain a better negotiating and pricing position." (p. 5)
  • "Participants at an ONCIX [Office of the National Counterintelligence Executive] conference in November 2010 from a range of US private sector industries reported that client lists, merger and acquisition data, company information on pricing, and financial data were being extracted from company networks—especially those doing business with China." (p.5)
Then the report is naming and shaming the thieves of corporate trade secrets.
  • "Dongfan Chung was an engineer with Rockwell and Boeing who worked on the B-1 bomber, space shuttle, and other projects and was sentenced in early 2010 to 15 years in prison for economic espionage on behalf of the Chinese aviation industry. At the time of his arrest, 250,000 pages of sensitive documents were found in his house." (p. 2) Read the Bloomberg article Ex-Boeing Engineer Chung Guilty of Stealing Secrets by Edvard Pettersson, here
With the following convicts the photos are included. I have my doubts about whether this deterrent is effective or justified for convicts that are already serving time in prison.
  • "David Yen Lee ... chemist with Valspar Corporations ... between late 2008 and early 2009 used access to internal computer network to download about 160 secret formulas for paints and coatings to his own storage media ... intended to take his proprietary information to a new job with Nippon Paint in Shanghai, China ... arrested March 2009 ... pleaded guilty to one count of theft of trade secrets; sentenced in December 2010 to 15 months in prison." (p. 4)  Read the article Trade Secrets: They're Not Just for Civil Actions Anymore. New Justice Department Task Force Takes Aim At Prosecuting Trade Secret Theft by Robert Silverman of Foley and Lardner, here.
  • "Men Hong ... DuPont Corporation research chemist ... in mid-2009 downloaded proprietary information on organic light-emitting diodes (OLED) to personal e-mail account and thumb drive ... intended to transfer this information to Peking University, where he had accepted a faculty position; sought Chinese government fundting to commercialize OLED research ... arrested October 2009 ... pleaded guilty to one count of theft of trade secrets; sentenced in October 2010 to 14 months in prison." (p. 4) Read the Computerworld article DuPont sues Chinese scientist for trade-secret theft by Jaikumar Vijayan here
  • "Yu Xiang Dong (aka Mike Yu) ... product engineer with Ford Motor Company who in December 2006 accepted a job at Ford's China branch ... copied approximately 4,000 Ford documents onto an external hard drive to help obtain a job with a Chinese automotive company ... arrested in October 2009 ... pleaded guilty to two counts of theft of trade secrets; sentenced in April 2011 to 70 months in prison." (p. 4) Read the WSJ article China Singled Out for Cyberspying by Siobhan Gorman here.

No comments: