September 24, 2018

China/Russia Steal Trade Secrets from U.S. Visitors

In case you missed it, the New York Times published a front page article on February 11, 2012, entitled,”Traveling Light in a Time of Digital Thievery,” which describes how foreign governments, especially the Chinese and Russians, steal government information and trade secrets from digital devices carried by U.S government and corporate employees.  The article quotes, Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence that “[i[f a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices your devices will get penetrated.”  The article also provides a number of examples of organizations, including the U.S. Chamber of Commerce, whose computers were hacked and did not even know about it for several months after the valuable information had been stolen.  The bottom line is that companies with employees who do business in China and Russia must be particularly sensitive to this issue and should learn from the example of Google that prohibits its employees from bringing sensitive data to China and requires employees to bring only a loaner laptop to China or have their own laptop inspected upon their return to the United States.

What the article does not point out is that the state sponsored theft of trade secrets  from U.S. corporations is not limited to those thefts committed outside the United States.  As noted in my previous post, The Latest on the Economic Espionage Act, I am analyzing the approximate 125 prosecutions that the government has brought to date under the EEA and, while I have not finished, my research suggests that foreign entities are increasingly seeking to steal the trade secrets from U.S. corporations.  Many of the early prosecutions under the EEA, especially during the EEA’s first five years involved a single defendant, usually a U.S. citizen, who stole trade secrets with the intent to start a domestic company.  More recently, however, an entirely new type of defendant has emerged.  Out of the 15 most recent prosecutions under the EEA, approximately 12 have involved defendants who, at least according to the U.S. government were intending to start a foreign company or for theft to benefit a foreign company or entity.  For example, on September 28, 2011, Yuchun Yang was indicted for theft of trade secrets from his former employer,  CME Group.  Yang allegedly downloaded and removed computer source code and other proprietary information from CME while at the same pursuing business plans to improve an electronic trading exchange in China.  According to the indictment, Yang and two unnamed business partners, allegedly developed business plans to form a business referred to as the Tongmei (Gateway to America) Futures Exchange Software Technology Company (Gateway), with the purpose of increasing the trading volume at the Zhangjiagang, China, chemical electronic trading exchange (the Zhangjiagang Exchange).  Yang allegedly expected that Gateway would provide the Zhangjiagang Exchange with technology to allow for high trading volume, high trading speeds, and multiple trading functions.

These and other recent cases highlight the risk posed to U.S. companies by foreign theft of trade secrets and that the resulting loss of the information has never been higher.  If you want further information about how to better protect your trade secrets, please see my book, Intellectual Property & Computer Crimes or contact me directly at  My analysis of the EEA will also be available shortly.



Are You Ready To Be Hacked?

A number of the largest ever computer security breaches have occurred over the past several months.  For example, at the end of March, computer hackers stole the names and email addresses of customers of Barclayscard US, Capital One and other large firms from the email provider Epsilon.  Then in April, 2011, reports suggest that hackers obtained credit card information and other personal identifiable information of potentially 77 million Sony Playstation users in 59 countries.  There have also been a number of other large scale attacks since then. While it is extremely difficult to measure with precision the total costs and damages caused by a security breach, especially for ones as large as these, it is estimated that Epsilon and Sony may be out tens of millions of dollars.  According to one estimate, the average cost to respond to a breach in 2010 was more than $300 per affected customer.  Thus, if the estimates are correct, Sony could be facing a bill of more than $20 billion just for notifying affected customers.
[Read more…]