The Usual Suspects

Physical Security

​​​​Illustration by Andy Martin​​​

The Usual Suspects
 

Whether large or small, from two to 431,000 employees, companies were similarly victimized, according to data patterns revealed in a new study. 

As part of a larger study that focused on the creation of typologies and criminological perspectives related to trade secret theft, the authors of this article analyzed all 102 successful U.S. trade secret theft prosecutions from 1996 to 2014 using FBI and U.S. Department of Justice press releases, indictments, docket information, and other data related to the types of organizations that were victimized. 

Trade secrets discussed in these cases are not public or published like copyrighted and patented materials. Instead, they are protected by the organization through the privilege of nondisclosure. This designation leaves the trade secrets protected in perpetuity—unlike patents and copyrights, which have limitations on the number of years they are safeguarded from use by competitors. 

The theft of this type of protected information is illegal under the Economic Espionage Act (EEA) of 1996. It is considered a form of economic espionage or “larcenous learning,” because secrets are targeted and stolen from the rightful owner by individuals, rival companies, and even foreign countries through economic-espionage related activities.  

And trade secret theft is not a rare occurrence. American businesses owned an estimated $5 trillion worth of trade secrets in 2014, and approximately $300 billion was stolen per year, according to a statement made by Randall C. Coleman, assistant director of the FBI’s Counterintelligence Division, in a hearing before Congress.  

The authors’ analysis of these cases provides insight into the most common types of trade secret and economic espionage activities, as well as the prevalent characteristics of offenders. ​

Who is Vulnerable? 

All companies, regardless of size and type, are vulnerable to trade secret theft. The majority of companies that were victimized were large (employing more than 1,000 employees), and many were easily recognized Fortune 500 companies.  

Organizations in the manufacturing sector were most likely to be victimized (64.6 percent), followed by service industries (19.2 percent), when examining sectors using their Standard Industrial Classification Codes. ​

What is Stolen and How? 

The authors’ review of EEA cases showed that anything of actual or potential value—including current, future, or intrinsic—can be stolen or compromised when it comes to trade secret theft.  

This includes source code, photographs and images of machinery, proprietary software programs, sales order forecasts, customer and client lists, billing information, subscription lists, research data, and project data, to name a few examples. 

While a common assumption may be that trade secret theft involves some degree of sophistication, the study suggests otherwise.  

For instance, a bartender who worked in the corporate dining room of MasterCard’s headquarters in Purchase, New York, stole reams of confidential material from the dining room and surrounding areas—including CD-ROMS and binders—that he offered to sell to Visa.  

Visa, however, reported him to the FBI, which set up a sting operation to negotiate the purchase of the materials. 

In another case, Chinese nationals simply walked into corn production fields owned by Monsanto, DuPont, Pioneer, and LG Seeds, and stole bioengineered seeds after claiming they worked for the University of Iowa. 

Trade secret theft episodes are not always long-term events. In fact, some  are short-term, opportunistic, one-time events.  

One example of this is when two engineers for Wyko Tire Technology—a company that supplied Goodyear parts for its tire assembly machines—were left unescorted in a Goodyear factory. They used the opportunity to take cell phone photos of proprietary machinery at the factory, despite being told not to. A Wyko IT manager later discovered the photos on one of the engineer’s e-mails and forwarded the message to Goodyear. ​

Who’s the Thief? 

There is no one-size-fits-all profile for those who commit trade secret theft, according to the authors’ study. Even though the majority of cases involved insider threats, advanced analysis found no discernable offender profile.  

Additionally, the authors’ review showed that offenders were not distinguished by citizenship, age, gender, or employment status.  

However, some generalizations can be made about trade secret thefts and offenders. Any type of trade secret can be stolen, most thefts are simple, males commit trade secret theft more than females, and most thefts are committed by lone offenders. Citizens—not foreigners—commit most trade secret theft. 

Insider threats. The majority of suspects in EEA cases were insider threats (83.3 percent). In most cases, the insider had legitimate access to trade secrets through the course of his or her daily work.  

These insiders were often in a position of trust, such as network administrators, executive secretaries, computer programmers, engineers, computer specialists, vice presidents, former owners, and IT directors. 

Among these insider threats, most were still employees of the company (71.8 percent) when they were indicted. Next most prevalent were former employees, who committed the theft while still employed but who were detected post-employment (22.4 percent).  

The least likely insider threat was an invitee of the company (5.9 percent). This group included contract employees or subcontractors who had legitimate access to the company.  

The study also found that most insider threats are citizens and lone offenders. The majority of offenders were U.S. citizens (64.6 percent) and were U.S. born (53 percent), males (56 percent), and in their 40s. The majority of the internal threats were also lone assailants (67.5 percent). 

This could be because in many trade secret theft cases, the employee leaving the organization used stolen trade secret–related information for professional gain. 

In 2013, Ketankumar Maniar quit his job at a company that made disposable syringes. Prior to his resignation, however, he downloaded trade secret files onto his work laptop.  

Through an internal investigation, the company discovered that Maniar had downloaded these files. It contacted the authorities, and FBI agents later caught Maniar in a hotel room as he was preparing to leave for India. While FBI agents searched the room, Maniar admitted that he planned to use the trade secrets for future employment opportunities in India. 

In another case, Xiang Dong Yu—an employee of 10 years with Ford Motor Company—quit to take a new position with Beijing Automotive. He was arrested by the FBI when he flew back to the United States and agents found at least 41 Ford design specifications on his Beijing Automotive–issued laptop. 

If not seeking new employment opportunities, however, internal threats often created their own consulting or start-up companies, the study found. Such was the case with Yu Qin, a vice president of engineering and research and development at Controlled Power Company (CPC) who also had his own company for five years, unbeknownst to his employer. 

In this case, Qin and his wife (a former employee of CPC and General Motors) were stealing trade secrets from both CPC and General Motors. Their thefts were discovered when CPC employees found a hard drive, which contained 16,000 confidential files that belonged to General Motors. 

CPC management then sent the files to General Motors, which determined that Qin’s wife had stolen the electronic documents before her voluntary resignation. CPC then realized that Qin had also used trade secrets from CPC for his own consulting company. 

While trade secret theft can help individuals achieve professional gain, personal financial gain should not be discounted. Trade secret theft is also committed by current or existing employees, who in most cases are motivated by financial gain or revenge.  

For instance, Yuan Li—who was employed by Sanofi—held a 50 percent partnership in Abby Pharmaceuticals. Sanofi was unaware of this fact.  

Li accessed an internal Sanofi database and downloaded information about Sanofi chemical compounds onto her Sanofi-issued laptop computer. She then transferred the information to her personal home computer by either e-mailing it to her personal e-mail address or by using a USB thumb drive. Li later made the Sanofi trade secrets available for sale on Abby’s website. 

External threats. While the majority of trade secret theft cases involved internal threats, security professionals should not discount the external threat. External threats, those individuals who have no legitimate access to the company or to secret information, accounted for 16 of the prosecutions analyzed in the study. 

The review of cases showed that these external threats included persons who were classified as true spies (38.9 percent) or employees from a rival company (23.5 percent). Other external threats included friends or relatives of current or former employees (29.4 percent) who exploited their friend or relative’s status as an employee to access and steal trade secrets. 

The majority of these external offenders were also U.S. citizens (52.9 percent), U.S. born (100 percent), and males who were in their 40s. In cases where the number of suspects could be determined, lone assailants were the most common (48.7 percent), followed by pairs of suspects (31.3 percent). However, a few crimes included groups of conspirators. 

For example, former Business Engine Software Corporation (BES) Chief Technology Officer Robert McKimmey from Business Engine Software Corporation conspired with other executives to illegally access competitor Niku’s computer network. McKimmey gained system administrator privileges at Niku and used the passwords from 15 different employees to download more than 1,000 files over a 10-month period ending in 2002. 

The FBI investigated the intrusion, and McKimmey and the other executives later pleaded guilty to conspiracy to misappropriate trade secrets and interstate transportation of stolen property. ​

How Were They Caught? 

The actual means of detection was difficult to determine because a majority of cases did not disclose the specific measures used, the authors’ study found. The information that does exist, however, shows that many incidents were discovered by monitoring the computer use of employees. More interestingly, companies and their employees reported trade secret thefts perpetrated on rivals and competitors. 

For instance, a former Lockheed Martin employee was hired by Boeing. Later, a Boeing employee discovered that the former Lockheed Martin employee had classified Lockheed Martin documents in his workstation and immediately notified his supervisor.  

This led to an internal investigation, and Lockheed Martin and the U.S. Air Force were notified. A subsequent investigation by the FBI revealed that the employee had stolen 25,000 pages of documents from Boeing. 

In another case, a former DuPont employee was seeking technical assistance from current and retired company employees. Several of these solicited employees contacted DuPont’s management because the information the former employee sought was proprietary. DuPont officials then relayed their concerns to the FBI. 

The authors’ study confirmed that, due to the limited number of trade secret indictments and prosecutions, many thefts go undetected by organizations and law enforcement entities. Based on this finding, organizations should develop proactive means to deter and detect such crimes.  

Security professionals must be prepared to protect their trade secrets from individuals who have no identifiable profit. They should adopt a comprehensive and strategic approach toward protecting trade secrets because all companies—large and small—are vulnerable to trade secret theft.   

-- 

Brian R. Johnson, Ph.D., is a professor in the School of Criminal Justice at Grand Valley State University in Allendale, Michigan, and specializes in private security and law enforcement. Christopher A. Kierkus, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in research methods and criminology. Patrick M. Gerkin, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in criminology, ethics, and restorative justice.