Cybersecurity and IP lawyers say the Justice Department’s (DOJ) indictment of a team of Chinese intelligence officers and hackers for allegedly stealing jet engine manufacturing trade secrets from U.S. and French companies is a wake-up call for American businesses.
On Tuesday, the Justice Department charged Zhang Zhang-Gui, Zha Rong, Chai Meng, Liu Chunliang, Gao Hong Kun, Zhuang Xizowei, Ma Zhiqi, Li Xiao, Gu Gen and Tian Xi with conspiracy to damage protected computers, conspiracy to obtain information and damaging protected computers, in a superseding indictment in the U.S. District Court for the Southern District of California.
The DOJ alleges that intelligence officers Zha Rong and Chai Meng and other co-conspirators worked for the Jiangsu Province Ministry of State Security headquartered in Nanjing, a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security. It is believed that all of the alleged conspirators are still in China, according to media reports. It is not clear if the DOJ plans on extraditing the defendants.
The indictment states that the French company involved in the development of the engine has an office in China. The indictment states that an employee of the unnamed company installed malware into one of its computers, which led to spear-phishing and the use of a company’s website as a “watering hole.” According to the indictment, a “watering hole” attack is when a hacker installs malware on a company’s website to facilitate intrusions.
The indictment further alleges that the employees of the French company worked to actively hinder internal investigators once the hack was discovered.
“I think this is a lesson that oftentimes the biggest threat is already inside,” said Joseph P. Facciponti, a partner at Murphy & McGonigle in New York. “The insiders that are there pose two threats: to assist with the ex-filtration of the data and to subvert investigators,” Facciponti said.
From January 2010 to May 2015 the Justice Department alleges that the intelligence officers and a team of hackers worked to steal secrets so that China’s state-owned manufacturer could recreate the turbofan jet engine. In May 2015, an unnamed supplier based in Oregon was able to identify and remove the malware from its systems.
The only victim named in the indictment, Capstone Turbine Corp. in Los Angeles, did not return messages seeking comment.
Facciponti, a former federal prosecutor and former in-house attorney at HSBC, said this scheme shows the difference between state actors and criminal enterprises.
“I think this shows the reach and power of a well-organized state actor compared to a unorganized criminal enterprise. There is more organization and more funding for a more comprehensive scheme,” Facciponti said.
Beyond cybersecurity initiatives, Facciponti said that those on the in-house legal team need to work with a company’s top security officer to put controls into place that monitor suspicious activity on employee computers.
Edward McAndrew, a partner at Ballard Spahr in Philadelphia and also a former federal prosecutor, said the lesson in this is that IP theft is a “long game” and that companies should begin protecting their IP much as they protect personal data.
McAndrew said that currently IP is often not protected as carefully because there isn’t an immediate effect to the company when it is stolen. If there is a data breach affecting personally identifiable information, however, there are state and federal laws in the U.S. that require public companies to report those breaches and get the word out, unlike for breaches affecting intellectual property.
“You don’t need to disclose and there is no immediate loss. I think that’s a lot of the reason why we don’t see companies paying as close attention to intellectual property,” McAndrew said.
He explained that the foreign actors are not looking for a quick payday.
“If you look at similar indictments you will see the cyber conduct at issue has gone on over a number of years,” McAndrew said. “These companies are being looted on a daily basis and they don’t even know it.”
In the release announcing the indictment, the DOJ also announced that a Chinese intelligence officer has been extradited to the Southern District of Ohio on charges of attempting to steal trade secrets.