Cyber espionage and the S.P.I.E.S. taxonomy.

Author:Fitzpatrick, William M.


Between 2004 and 2014, the U.S. State Department issued 4,150,359 FI student visas to individuals desirous of pursuing educational opportunities in the United States (United States Department of State, 2007; 2012; 2014). While some students utilize these visas in order to advance or enhance their skill sets, other persons have exploited these entry permits as a ruse to commit acts of economic espionage and trade secret theft (Fink, 2002; Fitzpatrick, Dilullo, & Burke, 2004). This stratagem is documented in a recent economic espionage and trade secret misappropriation indictment of six Chinese nationals by the U.S. Department of Justice (U.S. v. Wei Pang, Hao Zhang, Huisui Zhang, Jinping Chen, Zhao Gang and Chong Zhou, 2015; U.S. Department of Justice; 2015). Prior to earning their doctorates in engineering from the University of Southern California (U.S.C.) in 2005, Wei Pang and Hao Zhang worked on a project at U.S.C. dealing with thin-film bulk acoustic resonator (FBAR) technologies. This university sponsored research was funded by the U.S. Defense Advanced Research Projects Agency (U.S. Department of Justice, 2015). FBAR technologies are used in a variety of wireless devices in order to insure that the "user only receives and transmits the specific communications intended by the user" (U.S. Department of Justice, 2015, p.2). The filtering technology has significant applications for consumer, military and defense communications (U.S. Department of Justice, 2015). Global revenues associated with the sales of these technologies are approximately $1 billion annually (Sanger & Perlroth, 2015).

While working on university/DARPA sponsored research on technologies, Pang and Zhang realized that enhancing their expertise related to FBAR technologies might (a) enhance their own academic job prospects in the People's Republic of China; (b) assist the PRC government in gaining access to advanced communications technologies; and (3) enable them to develop their own commercial manufacturing capabilities for these communications technologies upon their return to the PRC (U.S. Department of Justice, 2015; U.S. v. Wei Pang et al, 2015). Therefore, Pang and Zhang respectively leveraged their college research experiences in order to obtain employment at Avago Technologies and Skyworks Solutions, Inc. After beginning their employment at these companies, Pang and Zhang began their real career in economic and industrial espionage. These espionage activities were accomplished by initiating a series of internal cyber attacks which permitted Pang and Zhang to misappropriate their employer's trade secrets related to FBAR technologies. These internal cyber attacks were exemplified by the downloading of screen captures, employer power point presentations, source code, design masks and corporate documents containing proprietary information/trade secrets. Once in possession of these trade secrets, Pang and Zhang used corporate email servers to transfer this proprietary information to external confederates in the People's Republic of China. In order to bolster their academic job ambitions, Pang and Zhang sought to independently and illicitly patent these misappropriated trade secrets in both the United States and China (U.S. v. Wei Pang et al., 2015). Additionally Pang, Zhang, their co-conspirators and Tianjin University created a joint venture (ROFS Microsystems) in order to mass produce FBAR technologies based upon the trade secrets stolen/misappropriated from Avago Technologies and Sykworks Solutions, Inc. In 2009, Zhang and Pang resigned their U.S. employment, (a) returned to the People's Republic of China; (b) assumed academic positions at Tianjin University; and (c) assisted ROFS Microsystems in gaining manufacturing contracts from both commercial firms and the military within the PRC (U.S. Department of Justice, 2015).

Wei Pang next traveled to the United States on May 16, 2015. He was promptly arrested by the Federal Bureau of Investigation. Pang and his co-conspirators have been indicted under the provisions of Economic Espionage Act (1996) and are currently charged with committing acts of both trade secret misappropriation and economic espionage. If convicted, Wei Pang and his confederates could be potentially sentenced to a maximum of 50 years imprisonment (U.S. Department of Justice, 2015). The United States does not have a criminal extradition treaty with the People's Republic of China (18 USC 1381, 2015). By remaining in the PRC, Pang's co-conspirators are currently beyond the reach of U.S. law.

Like many victims of economic espionage and trade secret misappropriation, Avago Technologies and Skyworks Solutions, Inc. have lost the financial and commercial benefits of years of research and development. For Avago Technologies, 20 years and $50 million of R & D expenditures have been compromised. Additionally, Avago Technologies and Skyworks Solutions now face new international competitors which seek to utilize these misappropriated trade secrets against them in international markets (U.S. Department of Justice, 2015).

The Avago Technologies and Skyworks Solutions experience is not unique to the world business community. The use of cyber attacks to capture trade secrets and proprietary information has been significantly increasing in recent years (PriceWatershouseCoopers, 2014). For companies, cyber espionage results in lost revenues, decreased consumer confidence and reduced competitive advantage in the global market place (Almeling, 2012; McAfee, 2009; Marsh, 2013; Lewis & Baker, 2015). For nations which host these victimized companies, lost economic growth, taxes and job growth have also resulted from this new form of espionage (Almeling, 2012; McAfee, 2009; Marsh, 2013; Fitzpatrick & Dilullo, 2013; Lewis & Baker, 2015).

Many recent government reports and major news organizations have documented cyber espionage threats which originate from foreign nations and their intelligence operatives (Clapper, 2014; Office of National Counterintelligence Executive, 2011; Federal Bureau of Investigation, 2014; Corrin, 2013; Center for Strategic and International Studies, 2014). While these hostile actions by nation states have captured much public attention (Mamiit, 2015; Lemos, 2015), the fact remains that most cyber and conventional economic espionage is committed by a firm's current and former employees, consultants and value chain partners (PriceWatersHouseCoopers, 2015; Fitzpatrick & Dilullo, 2013; Shey, 2013).

The purpose of this paper is to provide a systematic analysis of the espionage strategies/methodologies utilized by these latter agent provocateurs and the vulnerabilities of corporate security systems to these cyber and conventional assaults on their trade secrets. This analysis is accomplished within the context of a newly developed paradigm entitled the S.P.I.E.S. taxonomy. The S.P.I.E.S. taxonomy seeks to explore these espionage strategies and corporate vulnerabilities by documenting (1) Situational Threats [S] and actors which are responsible for initiating espionage activities; (2) Penetration Methodologies [P] which are used to facilitate the theft of organizational trade secrets; (3) Information Targets [I] which constitute the objective of economic espionage/trade secret misappropriation activities; (4) Espionage Enforcement [E] activities initiated by the law enforcement and judicial communities; and (5) Security Vulnerabilities [S] of corporate security infrastructures to acts of cyber and/or conventional industrial espionage activities. Examination of these aforementioned relationships is accomplished through both (a) a review of exiting literature/industry studies (PriceWatershouseCoopers, 2015; Shey, 2013; Anderson, 2014; Mandiant, 2015) and (b) reporting the results of a new small sample study conducted by the authors which examines interrelationships among each of the S.P.I.E.S, variables/constructs (Cyber and Industrial Espionage Data Base). Data for this latter study has been created through a systematic content analysis of legal decisions, complaints and indictments of economic espionage and trade secret misappropriation cases occurring between 2008 and 2015.


Conceptual Dimensions of Cyber Espionage

Cyber espionage represents a category of cyber attacks/warfare which targets the information infrastructure of organizations (Symantec, 2104). However, specific definitions of the construct tend to vary more widely (Kostadinov, 2015). Some researchers seek to define the cyber espionage construct in terms of the specific methodology used to illicitly obtain access to an organization's proprietary information or trade secrets (Hersh, 2010; Janczewski & Colarik, 2008; Lin, 2010). Other researchers define cyber espionage more broadly so as to include a description of both the clandestine activities and cyber technologies used to illicitly gather/collect and subsequently transmit proprietary information to an organization's adversaries (NATO Cooperative Cyber Defense Center of Excellence, 2012). This present paper adopts a viewpoint consistent with this latter conceptualization of the cyber espionage construct.

The Emerging Threat of Cyber Espionage

PriceWatershouseCoopers [PWC] recently published the results of a survey on the global state of information security (PriceWatershouseCoopers, 2014). The sample comprising this study included 9700 top level managers (i.e., CEOs, CFOs, CIOs, CSOs and IT directors) in 154 countries. The survey asked respondents to provide relevant information on security practices, incidents of cyber attack/espionage and the financial damages associated with the cyber theft of their firm's proprietary information. The study reports that cyber-based global security incidents have increased by 48% between 2013 and 2014. Data from survey respondents indicate approximately 117,339 cyber attacks occur on a...

To continue reading