As threats of computer intrusions proliferate, many companies have rightly focused their efforts on fending them off. But few train their staffs on how to spot or respond to other techniques used to steal company secrets, including those exploited by employees with inside access. This topic came up during a recent discussion that my old friend and Stratfor colleague Fred Burton and I participated in for a webinar produced for Stratfor's Threat Lens site called "Beyond the Cyber Espionage Threat." In the course of our presentation, we noted how employees who steal a company's intellectual crown jewels can be driven by a range of motives. While money is often the goal, other factors, including satisfying egos or opposing a company's activity, can push employees to bite the hand that feeds them.
Shortly after the Dec. 6 webinar ended, news came out of the U.S. District Court for the Northern District of California that indictments had been unsealed charging four former senior employees of Applied Materials with stealing trade secrets. Another story of industrial espionage surfaced in the news media two days later. The Idaho Statesman reported on two cases that involved alleged attempts by Chinese competitors of Idaho-based chipmaker Micron to steal trade secrets with the help of employees from two of its subsidiaries. Taken together, these cases provide an interesting window into the profound threat that insiders pose to intellectual property.
The Threat Posed by Entrepreneurial Insiders
The indictments in the Applied Materials case detailed activities that the four executives were alleged to have engaged in since 2012. They each had been at the company for about two decades:
- Liang Chen was corporate vice president and general manager for Applied Materials' Alternative Energy Products division. He had worked for Applied Materials since 1995.
- Donald Olgado was the managing director of engineering in Applied Materials' Product Business Group. He had worked at the company since 1992.
- Wei-Yung Hsu was the vice president and general manager of Applied Materials' Semiconductor LED Division. He was hired in 2000.
- Robert Ewald was director of energy and environmental systems in Applied Materials' Alternative Energy Products Division. He also joined the company in 2000.
All were charged with conspiring to steal proprietary methods that Applied Materials had developed for the high-volume manufacturing of semiconductor wafers used in lighting and in electronic devices such as smartphones and flat-screen televisions. The alleged theft included not only blueprints for machines and facilities, but also lists of materials, including information on sourcing, recipes for chemicals used in the processes and even the marketing materials and plans for these chips.
The indictment charges that beginning in September 2012, the defendants conspired to steal information from Applied Materials in order to establish a new company called Envision, which would be based in China and the United States. According to the indictment, the group used personal email accounts to plan the Envision launch and discuss what information they would need to steal to do so. They then allegedly obtained files containing proprietary information while also directing subordinates, none of whom have been accused of wrongdoing, to gather some of the information for them. The indictment said that the executives uploaded the stolen materials to a Google Drive account and that during that process, the conspirators even discussed their progress on transferring the documents. The indictments also quoted them discussing their efforts to find investors in China to fund Envision.
At this point, it looks as if the conspirators may have been motivated by greed and only sought Chinese funding after having hatched their plan, rather than, as has happened in similar cases, recruited by a Chinese business to steal trade secrets. However, it is not unusual for Chinese investors to fund a company based on stolen proprietary information. In January 2016, five employees of pharmaceutical manufacturer GlaxoSmithKline were indicted on charges that they tried to use stolen trade secrets to attract Chinese investors to a company they had established in China called Renopharma. And in October, a former employee of the Chemours Co., the world's largest maker of sodium cyanide, was indicted on charges related to an attempt to use purloined information to win Chinese backing to establish a competitor based in China. As in the Applied Materials case, these also involved the alleged use of personal email accounts to transmit critical information outside the company.
When Insiders Are Poached by the Competition
The Micron cases appear to have followed a different path from the Applied Materials indictments. Criminal charges in the first case, filed in Taiwan in 2016 and in the Northern District of California on Dec. 5, involve Stephen Chen, the former chairman of Micron Memory Taiwan, a Micron subsidiary that produces dynamic random-access memory (DRAM) chips used in computers and other electronics. Chen left Micron's Taiwanese subsidiary in 2015 to take a job with United Microelectronics Corp. The Taiwanese indictment alleges that Chen recruited two high-ranking employees of Micron Memory to steal information, which they downloaded onto flash drives before quitting the company to take lucrative positions with United Microelectronics. That company then entered into an agreement with the China-based Fujian Jinhua Integrated Circuit Co. to produce DRAM chips. The indictment charges that United Microelectronics had not produced DRAM chips before entering into the agreement with Jinhua and that the stolen information would allow Jinhua to become a Micron Memory competitor and a serious force in the DRAM market.
The second case involving Micron that was detailed in the newspaper report occurred in 2016 when five high-level employees from Inotera Memories Inc., a Taiwanese company Micron had purchased, resigned to take jobs with the Chinese company Tsinghua Unigroup Ltd. They were indicted on charges of illegally passing trade secrets in Taiwan in October 2017. The group is alleged to have taken proprietary DRAM information with them as they left. Interestingly, the Idaho Statesman notes that Tsinghua Unigroup had attempted to purchase Micron in 2015 but dropped its bid after the U.S. government raised national security concerns over the implications of such a sale. It appears that Tsinghua was able to acquire the DRAM manufacturing technology far more cheaply without buying all of Micron. The acquisition of Inotera by Micron, an American company, may also have made the decision by the Taiwanese employees to jump ship easier, as they likely did not feel much loyalty to Micron or to the company’s leadership.
Some cases of proprietary information theft have cost companies upward of billions of dollars.
How Can The Theft of Ideas Be Stopped?
As illustrated by these cases, an insider can pose a significant threat. Some cases of proprietary information theft have cost companies upward of billions of dollars. These staggering losses have made a system that will identify insider threats a sort of holy grail for many companies — especially if such a system could do so in a nondiscriminatory fashion. While much effort is being put into developing a comprehensive turnkey system that roots out insider threats, the quest may well prove to be impossible.
However, some interesting approaches to the problem are being developed, including the use of machine intelligence to watch for changes in an employee's pattern of access and work using company computer systems. Is Employee X suddenly downloading material irrelevant to his position or information that he's never used in the past? Is Employee Y asking colleagues in other parts of the company to send her documents she has no apparent legitimate need to access? Is Employee Z copying sensitive company information to an external drive or uploading it to the cloud? Obviously, such patterns could be indicators of skullduggery, but since there could also be logical and innocent explanations for such changes in behavior, a degree of human investigation would still be required.
One problem for many companies is that they have not undertaken audits of sensitive information to categorize what is critical to keep secret from what is merely sensitive. Such categories would make it easier to protect the critically important information by limiting access to employees who have a true need to know. For instance, the secrets could be protected by storing them in a stand-alone or segregated computer system that limited the ability for them to be easily copied or uploaded to a third-party site.
Court records in the Applied Materials case indicate that the alleged conspirators ran into a roadblock when the company suddenly disabled users' abilities to download information from company computers onto flash drives. This could be an indication that someone had gotten wind of the scheme, or perhaps it was just a routine IT administrative change.
But aside from technical countermeasures such as disabling USB ports or prohibiting access to virtual private networks outside the company, nontechnical approaches can be used to mitigate the insider threat. Perhaps the simplest countermeasure — and one that is often overlooked — is employee education. Co-workers, managers, subordinates and others who are trained in what to look for are often in the best position to notice changes in a fellow employee's behavior that might indicate a brewing problem. But beyond teaching them how to watch for signs of industrial espionage, employees and managers must also be trained to understand the nature of the threat as well as the types of information considered critical and why protecting it is important. Finally, employees must get the message that industrial espionage is not just a problem for other people to worry about, but that it represents a threat to their employer's future (and their jobs) and that they are the first line of defense. In the end, after all, insider threats are a problem that must be addressed holistically, not just by corporate security, the information technology team or the legal department.
Indeed, just as in a successful campaign to prevent workplace violence, all parts of a company must work together to combat the industrial espionage threat, and company leadership must ensure that the corporate culture encourages and empowers employees to report suspicions and provides them with an avenue to do so.