ciso
June 12, 2018
5 min. read

Economic Espionage: How Nation-State-Funded APTs Steal Billions in Secrets

By Ray Pompon

Because of an international criminal act, you can get a cheap morning latte. Historically, the country of Yemen had a monopoly on coffee, forbidding the export of the plants and seeds—their intellectual property. However, in 1616, a Dutch merchant managed to smuggle out a few coffee plants from the city of Mocha in Yemen. Holland then began its own coffee empire in the Dutch colony of Java, and coffee spread around the world.1 As a result, Yemen lost its competitive advantage and is currently one of the Arab world’s poorest nations.2

Trade secrets can indeed be a matter of national security.

Former FBI director Louis Freeh once said, “Economic Espionage is the greatest threat to our national security since the cold war.”3 Why? The theft of intellectual property (IP) is estimated to be a $600 billion loss each year to America.4 This is a not a new threat but still a very relevant one for cyber defenders. In a 2015 FBI survey, half of the 165 surveyed companies claimed to be victims of economic espionage or theft of trade secrets.5 It’s likely this number is far higher since many companies either aren’t aware this is happening or don’t report the loss to law enforcement.

Economic espionage is the theft of IP by agents of foreign powers, as opposed to the theft being committed by independent criminals. Foreign governments, aligned overtly or covertly with their national industries, will intentionally target advanced technologies to give themselves a competitive advantage in the world marketplace. The state actor involvement makes this not an average criminal matter. Consequently, the FBI investigates these cases under its counterintelligence division and gives them a higher priority. Note also that these cases differ from typical espionage, where spies target political or military secrets. Economic espionage is always about using theft to obtain scientific and technological advantages for a foreign government’s industries.

Key Economic Espionage Cases

  • Xiaodong Sheldon Meng tried to sell his defense contractor fighter-pilot simulation software.6
  • Chi Mak, a defense contractor engineer, stole sensitive technology secrets.7
  • Dongfan Chung, an aerospace engineer, stole Boeing trade secrets related to the space shuttle and other related space programs.8
  • Hanjuan Jin, a software engineer, stole push-to-talk technology from Motorola.9
  • Sixing Liu, a defense contractor employee, stole design and performance data for aerial guidance systems.10
  • Liu Yuanxuan and Robert Maegerle conspired to steal trade secrets from DuPont on chemical processing.11
  • Samarth Agrawal stole French high frequency trading source code for a rival U.S. hedge fund.12
  • University Professor Hao Zhang, along with five others, illegally acquired sensitive U.S. mobile radio technologies.13

How it Works

In economic espionage, trade secrets are the primary target. This includes data on research and development, business plans, source code, manufacturing processes, market plans, and customer information. Since the value is in the information and innovation, both large and small companies are targeted. Even startups with breakthrough technology need to be wary of the threat.

Economic espionage is more of a threat than standard hacking because we’re dealing with advanced attackers using advanced tactics. They are more prone to using multi-pronged attacks with electronic, physical, and social methods. As noted in the above example cases, these attackers are very likely to try to co-opt an insider, either directly through bribery or indirectly through social engineering. Economic espionage agents specialize in psychological techniques of deceit and enticement. One big reason for this is that economic espionage isn’t just about stealing the intellectual property but is also about acquiring the expertise to make use of it. So, employees and former employees are lured away in violation of their employers’ confidentiality and non-compete agreements. Economic espionage attackers are also willing to risk more since nation-states themselves are rarely harmed, even when their agents end up in prison or exile. Usually it is the co-opted insider that often gets the harshest punishment.

What to Do

First, defenders need to do a thorough inventory and valuation of their intellectual property as well as the systems that hold it. Organizations need to also become aware of what information about them is publicly available. Potential attackers will use this to target employees and tailor their enticements. Executive management and the general counsel should be briefed on economic espionage as it is an existential threat to the company. If a foreign competitor steals your IP, you could be out of business.

Historically, general counsel plays a huge role in economic espionage cases because they are often responsible for protecting company IP and advising the executive team on law enforcement response. Counsel should also be leveraged to include appropriate protections in non-disclosure agreements (NDAs) and non-compete agreements.

Employee education is another critical economic espionage defense. Training should include details on how economic espionage attackers can tempt both current and retired employees. Ensure that organization obligations such as the NDAs and non-competes are spelled out in training, as well. Travel training should be included with physical security advice and warnings about letting valuable IP on laptops go on foreign trips. With regards to training, organizations can share with their staff the FBI’s free and charming short movie called The Company Man: Protecting America’s Secrets,14 based on a real case of economic espionage.15

Technically, you need to ensure that you are using network segmentation and least privilege to reduce the exposure of intellectual property. All access to that information should be logged and those logs retained. Access, both physical and electronic, should be swiftly revoked for terminated employees. In fact, the FBI suggests that access logs be reviewed after an abrupt resignation that is followed by sudden foreign travel. This is a warning sign for exploitation by economic espionage agents.

Lastly, if you suspect economic espionage is occurring, perhaps if one of your employees has been solicited by a possible foreign agent asking for competitive information, you are encouraged to contact your local FBI office.

Need-to-know

Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.