- Introduction
- What Is Industrial Espionage?
- Information as an Asset
- Real-World Examples of Industrial Espionage
- How Does Espionage Occur?
- Protecting Against Industrial Espionage
- Trade Secrets
- The Industrial Espionage Act
- Spear Phishing
- Summary
This chapter is from the book
This chapter is from the book
This chapter is from the book
Real-World Examples of Industrial Espionage
Now that you have been introduced to the concept of corporate espionage, let’s look at five actual cases. These case studies are of real-world espionage found in various news sources. This section should give you an idea of what types of espionage activities actually occur. Note that while some of these cases are a bit old, they illustrate the way industrial espionage is done. And it is frequently the case that details of an industrial espionage incident do not emerge until many years later, if at all.
Example 1: Hacker Group
Cyber attacks are being used frequently in corporate espionage. From at least November 2018 to well into 2021, the hacking group RedCurl was linked to 30 separate attacks of corporate espionage against companies in the United Kingdom, Germany, Canada, Norway, Russia, and Ukraine. This group tends to favor using its own custom-developed malware and social engineering to gain access to sensitive data.
Example 2: Company Versus Company
In November 2021 Fiat Chrysler Automobiles accused General Motors of corporate espionage. Fiat Chrysler accused GM of impersonating former employees of Fiat Chrysler in emails. GM in turn accused Fiat Chrysler of engaging in bribery and other schemes. The two companies are engaged in multiple lawsuits against each other.
Example 3: Nuclear Secrets
In 2017 Taiwanese-American engineer Allen Ho was sentenced to 2 years in prison for providing nuclear energy technology information to China’s state-owned China General Nuclear Power Company (CGNPC). According to the indictment, Ho, a naturalized American citizen, used his company Energy Technology International, which was based at his home in Wilmington, Delaware, to gather information on the production of nuclear material from American nuclear power developers, including the Tennessee Valley Authority, and pass that information to the CGNPC. Ho engaged in these activities between 1997 and 2016, through his own efforts and those of unnamed consultants he hired.
Example 4: Uber
In 2017 it became public that Uber Technologies Inc. had paid $7 million to keep secret an alleged corporate espionage program. The program allegedly included wiretapping, hacking, bribery, and the use of former intelligence officers, and the industrial espionage team at Uber was named “Threat Operations Unit.” An attorney for former Uber employee Richard Jacob revealed this information in a courtroom.
This information was disclosed in the course of a lawsuit wherein Uber competitor Waymo accused an ex-Uber employee, Anthony Levandowsky, of stealing 14,000 confidential documents and using them to support Uber’s self-driving program. While all the details of this case have not yet been confirmed, the case does illustrate just how extreme industrial espionage can become.
Example 5: Foreign Governments and Economic Espionage
The U.S. government’s National Counterintelligence and Security Center (NCSC) released a 2018 report titled “Foreign Economic Espionage in Cyberspace,”6 which details multiple ways in which foreign governments are conducting economic/industrial espionage against U.S.-based companies.
One area emphasized in the report is the infiltration of the software supply chain. Backdoors in some software allow access to corporate resources. The report also noted that some nations, such as China, have laws that require companies doing business in China to submit their technology to the Chinese government for security reviews. The report alleged that in some cases, these reviews were a pretense to provide Chinese companies with access to technology from Western companies.
As a case in point, in April 2022 Xiang Haitao was sentenced after pleading guilty to conspiring to commit economic espionage.7 He admitted to being part of a plot to deliver software related to soil nutrient applications to the Chinese government. Haitao had worked as a scientist for Monsanto, which developed software designed to help increase productivity for farmers. The software included a proprietary predictive algorithm to help farmers optimize crop nutrients.
Trends in Industrial Espionage
While the cases just discussed range over a number of years, the problem is not abating. In fact, according to a CNN report, 2015 saw a 53% increase in cases of industrial espionage. The FBI conducted a survey of 165 companies and found that half of those companies had been victims of industrial espionage of some type. A significant number of industrial espionage cases involve insider threats.
Industrial Espionage and You
The industrial espionage cases notwithstanding, most companies will deny involvement in anything that even hints at espionage. However, not all companies are quite so shy about the issue. Larry Ellison, CEO of Oracle Corporation, has openly defended his decision to hire private investigators to sift through Microsoft garbage in an attempt to garner information. Clearly, espionage is no longer a problem just for governments and defense contractors. It is a very real concern in the modern business world. A savvy computer security professional will be aware of this concern and will take the appropriate proactive steps.