Category Archives: Insider Threat

Commentary on issues insider threat which involves:  Espionage to trade secret / intellectual property theft

Prevendra: Intellectual Property Theft

Departing Zynga Employees Heist Intellectual Property?

Easiest way to lose your intellectual property?  When your departing employee walks your intellectual property right out the door. It happens far too often and the insider threat you thought of as a hypothetical?  Well, it is now a reality.

This is what apparently happened to Zynga.

Zynga (yes the game company is still alive and kicking) alleges in their complaint (United States District Court Northern District of California), that a number of employees have left their employ and went to a competitor, Scopely, with Zynga’s intellectual property in hand.

Nothing wrong with jumping ship to a greener pasture. Non-compete does not exist in California … so the move is all good.  However, it’s not ok to take the intellectual property of your employer (even if you had a hand in creating it) out the door with you for use at your next employer.

Let’s look at the ‘alleged’ smoking guns.

If your employee is looking for 'how to erase or delete their hard drive' CLUE: #insiderthreat Click To Tweet


Zynga

Prevendra - ZyngaPrevendra - ScopelyZynga filed suit against a direct competitor, Scopely. The claim: Former-employees departed Zynga and took (stole) the intellectual property of Zynga on their way out the door and directly to Scopley.

How much of Zynga’s intellectual property did the departing employee(s) take? What other agreements did the employees violate?

The complaint alleges:

Massimo Maietti (Maietti worked for Zynga as a senior level game designer and is now employed by Scopely as a Vice President and General Manager of Product Development). Forensic examination of Maietti’s laptop two days after his departure from Zynga showed how one day before he tendered his resignation he downloaded Zynga Google Drive folders to his laptop. Maietti then inserted a USB drive into the laptop, copied all the folders to the USB drive. The laptop drive’s “trash” file contained 20,000 files. An analysis of the corresponding Google Drive folders revealed that Maietti took over 14,000 files and approximately 26 GB  which were from the  folders. Within this treasure trove of documents was Zynga’s new Project Mars.  (NOTE: Maietti’s access to these files were within his Zynga approved access, i.e. he had natural access to these folders on the Zynga Google Drive.)

Ehud Barlach (Barlach worked for Zynga as General Manager of Hit It Rich! Slots (“Hit It Rich!”). Forensic examination of Barlach’s Zynga issued computer revealed that when Barlach accepted Scopely’s offer of employment, he also offered to help Scopely raid Zynga’s workforce, which Scopley’s HR representative noted that had he not offered they would have asked on his first day.

It’s a dog eat dog world in the trenches of employee retention, and Zynga details the wholesale raid by Scopely on its talent pool, as a result of their contact with Maietti and Barlach. Three of which were Derek Heck, a Product Manager, Evan Hou, a Manager Data Analytics, and Zynga Lead Product Manager, Joshua Park.

The complaint indicates Zynga’s forensic analysis reveals “Barlach, Heck, and Hou all attached external USB devices to their Zynga-issued laptop computers in the weeks before resigning to go to work for Scopely. Heck also deleted more than 24,000 files and folders in the last month of his employment with Zynga, and referenced articles entitled, “How to erase my hard drive and start over” and “How to Erase a Computer Hard Drive…”.

Employee departs to competitor? #insiderthreat preserve their drive! Click To Tweet

What did Zynga do right?

They had their departing employees attest they had returned all Zynga’s intellectual property prior to their departure.

They also had the departing employee agree and sign that they would not solicit employees from Zynga for a period of one year.

“Maietti reaffirmed in writing that he had returned all of Zynga’s trade secrets and would not solicit its employees.”

They also preserved the laptop hard drives of employees who departed to competitors. The complaint explains: “Zynga realized that its key talent was being solicited and hired by Scopely with increasing frequency, Zynga commissioned a forensic examination of the departed employees’ computers, going back to Maietti’s resignation months earlier.”

Demonstrated forensic support capability should be in every company’s arsenal (in-house or out-sourced), Zynga was able to include the time line of Maietti’s removal of their intellectual property from the Google Drive to the laptop and then to the USB drive in their complaint.

• 9:01 a.m. – External USB device connected to laptop

• 9:04 a.m. – Google search for “download a google drive folder”

• 9:06 a.m. – Zip files downloaded to laptop

• 9:20 a.m. – Zip files copied onto external USB device

• 10:18 a.m. – Original Zip files placed in Trash (but not the copies Maietti created on his USB device)

Raw Material

Want to learn more and draw your own conclusions. Here is the Zynga complaint and the Scopley response — good reading.

Zynga-Scopely-Complaint – 29 November 2016

Scopely – Zynga – Response 08 December 2016

How this plays out will be one worth watching.

Prevendra's Email Updates
Get the latest content first.
100% Privacy. We don't spam.
Prevendra - Canada - Privacy breaches in Canadian health services

Insider Threat – Canadian privacy breached as PHI/PII goes missing in Manitoba

Patients in Manitoba are receiving notification from their healthcare providers, that their personal and sensitive information has been lost or inappropriately accessed. As all who have responsibility for the security of information, the insider threat is very real. Often times we associate the insider threat to be associated with the actions of nefarious individual. As you’ll read below, the breaches involved an employee wanting to update their contact list and a hard-copy file walking out of a locked and access controlled office.

In both instances, the health authorities have an excellent opportunity to heighten the awareness of all employees as to the sensitivity of individual patient records. The security and privacy awareness training should include special admonishment on the requirement to follow the principles of least privileged access. That is to say, only access that which you must in order to do your assigned duties and then return the information to its secure, at rest location. Carelessness and curiosity are two very real insider threats which all entities need to address to ensure the protection of sensitive and private information of the individual.

#Insiderthreat: Does your DLP protect against inappropriate access? #privacy #infosec #Canada Click To Tweet

Inappropriate Access

In mid-November 2016, the Winnipeg Free Press, reported that a former worker of  the Manitoba Health, Seniors and Active Living (MHSAL) broke the trust between the MHSAL and their constituency, when the individual took a peek into the confidential protected health information (PHI) records of approximately 197 individuals. The reason? The employee wanted to update her address book. The Manitoba Health Minister, Kelvin Goertzen said Monday his department has wrapped up an internal investigation and the employee has moved on to other opportunities, outside of the MHSAL.

Read the full article:  Private data breach ‘not nefarious’; former Health worker wanted to update contacts

A file goes for a walk

Separately,  the CBC reports that the Winnipeg Regional Health Authority (WRHA) is dealing with a data breach involving the the PHI and personal identifying information (PII) on over 1,000 people, when an administrative file was taken from a “locked” office inside Winnipeg Health Sciences Centre on Oct. 7.  Réal Cloutier, the WRHA’s vice-president and chief operating officer said, “We take our responsibility as a trustee of health information seriously and we expect that we protect that information, and unfortunately in this case we have a situation where information was taken.” (See video below).

Read the full article: File with 1,000 patients’ personal details taken from Winnipeg hospital

Prevendra - China Agro Espionage

Agro Espionage – Rice to China – Wengui Yan’s guilty plea

Prevendra - Wengui Yan guilty plea

Click to view Plea Agreement

On 24 October 2016, Wengui Yan, an Arkansas resident, an employee of the USDA Dale Bumpers National Rice Research Center since 1996, and a naturalized US citizen originally from the PRC, successfully negotiated a plea-bargain with the Kansas US Attorney in his agro espionage case. Yan and his co-defendant, Weiqiang Zhang, PRC citizen, facilitated the theft of genetic rice from the United States on behalf of the PRC. The plea-bargain saw all counts of espionage dropped against Yan, in exchange for his guilty plea of making false statement to the US Government, concerning the theft. Yan will serve a maximum of 20 months in prison and be fined $100.  Yan’s co-defendant, Zhang’s case continues to move forward (interestingly, Zhang dismissed his court-appointed attorney on 28 October).

Espionage in the Heartland: Rice to China

We discussed this case of agro espionage where the insider made possible the economic espionage against a US entity, the US Department of Agriculture and their private sector partners,Ventria Bioscience (Ventria) in our piece Espionage in the Heartland: Rice to China. We outlined how the fleecing of approximately $75 million worth of research and development by Ventria went out the door with the successful theft by the visiting Chinese scientists from the Crop Research Institute in China, part of the Chinese Academy of Agricultural Science, which also has State Key Laboratory affiliation.  The visiting Chinese scientists who were assisted by both Yan and Zhang. Whether or not the USDA or Ventria is happy to know that Yan plead guilty and has received a modest penalty for his criminal activity is unknown. From this seat, this modest sentence and fine levied upon Yan is light and will hardly serve as a deterrent to others.  It is therefore, safe to assume, the lenient sentence was designed to garner the cooperation of Yan, the US citizen, in securing the conviction of Zhang or to force his acceptance of a plea-deal. Perhaps Zhang read his tea-leaves and this is why Zhang is awaiting new counsel.

China’s Agro Espionage

What is known, is that the United States agricultural sector is sitting in the bullseye of the global agro espionage milieu. The PRC government has laser focus on increasing and sustaining their agricultural sector, as their cities and population continues to blossom. China always plays the long-game, eschewing quarterly forecasts and the like. Their entities, supported by PRC government resources will work assiduously to bypass and avoid the trials and tribulations involved in such complex research and simply steal their way to productivity and profitability. This places companies like Ventria, who may never had to think about putting together and insider threat program. The reality is they need to have an insider threat program in place or they will find themselves competing against their own creations in a marketplace where price and access is such an important differentiator.

With respect to China’s long term view on the agriculture sector, one needs only read what China is saying and how they back those words up with actions. As detailed in The IP Commission Report of May 2013, on the theft of intellectual property from the United States. The report details how the theft of US intellectual property is valued at “hundreds of billions of dollars per year. The annual losses are likely to be comparable to the current annual level of U.S. exports to Asia—over $300 billion.” 

In January 2016, the Chinese Ministry of Agriculture announced that for the 13th consecutive year, the “Agriculture, rural community and farmer related issues are once again the topic of China’s ‘No. 1 Central Document’.”  The goal, “marked progress” in agriculture by 2020 to ensure society becomes moderately prosperous. Thus we can read directly, for the past 13 years agricultural advancement has been and continues to be paramount. The case of Yan and Zhang are demonstrative of the manner in which China is willing to acquire their R&D to achieve their national goals.

 

What’s next?

The final acts germane to this case of agro espionage are:

  • The conviction of Zhang.
  • The US agricultural sector, invest in security infrastructure and awareness as the reality of their being firmly in the bullseye of the Chinese. The Chinese are both willing and able to use agro espionage is a tool to obtain expensive R&D in the most economic manner possible, steal it.
Prevendra - Insider Theft

Insider Threat Becomes Insider Theft: What’s your plan.

In a prime example of insider threat, becomes insider theft, we saw the FBI arrest and the Department of Justice file a criminal complaint against Ralph Mandil, an employee of an unidentified distributor of “As Seen on TV” products (we believe to be Corvex Cookware). Mandil faces two federal charges: Theft of Trade Secrets and Wire Fraud.

Prevendra - Ralph Mandil - LinkedIn photo

Ralph Mandil – LinkedIn photo

A Ralph Mandil’s, LinkedIn Profile identifies him as the President of Corvex Cookware since May 2011.  Corvex’s “As Seen on TV” cookware fits the description found in the criminal complaint. Mandil’s LinkedIn bio can be viewed (here).

The crime

Mandil contacted an individual in early August 2016(soon after to become the confidential source (CS) of the FBI) and offered to sell the confidential trade secrets of his employer.  At the direction (and under the supervision) of law enforcement, the CS corresponded with Mandil. Mandil offered to the CS the log-in credentials of his employer’s DropBox account in which the CS would find the confidential market information on future products. This materials included:  sales sheets, product sheets, videos, inventory lists, account lists, etc. Mandil requested that in exchange for providing the CS with covert access to the employer’s DropBox  account he wished to be paid $197,500.

For complete details on how CS introduced Mandil to the FBI undercover special agent and the mechanics of the exchange of money and stolen information, please refer to the criminal complaint, which can be downloaded below).

#insiderthreat becomes insider theft - what's your plan? Click To Tweet

NOTE: The criminal complaint explains that Mandil’s employer’s Dropbox account was accessible by a limited number of employees, who use userid and password authentication to access the DropBox account. It is unclear if the employer enabled two-factor authentication which is offered by DropBox, though it is possible that such was the case, and Mandril was prepared to offer the CS ten offline backup codes which he had purloined and preserved.

According to Mandil’s employer, the proprietary information Mandil was offering to sell to CS had a value of between $30-125 million in revenue to the employer and his competitors (the market opportunity)


Insider Threat

Insider threat programs are a necessary evil for every company. The large the entity, the more robust the need. At a minimum, we recommend all companies take a moment and ensure that they know the state of their data. What’s that?  If you can’t answer yes to all of the following questions, you don’t know the state of your data, and should put it on your to-do list. You will be in a far better position to address unauthorized access and you will also be able to explain, with precision to your customers how their data is protected within your infrastructure.

  1. Can you trace the flow of your data from its arrival to storage?
  2. Do you know when your data is encrypted and when it is not?
  3. If your data is encrypted, how is the key protected?
  4. Do you know, precisely, who has access to your data?
  5. Are you logging each access to your data, with IP addresses, device, OS, etc.
  6. What are the various means to access your data?
  7. What credentials are required to access your data?  Are the credentials shared?
  8. When employees depart, can you confirm their access to your data has been curtailed?
  9. Do you have a process to train your employees on protecting trade secrets and intellectual property?

Additional Reading

Prevendra - US v. Ralph Mandil - Insider Threat becomes Insider Theft

US v. Ralph Mandil (Click to download)

Department of Justice’s Press Release: New Jersey Man Charged With Stealing Employer’s ‘As Seen On TV’ Trade Secrets And Attempting To Sell Them To Competition | USAO-NJ | Department of Justice

Department of Justice’s Criminal Complaint  US v. Ralph Mandil (October 12, 2016)

 

 

 

NOTE:  This post updates on 19 October to include information identifying Ralph Mandil, his LinkedIn profile, photo and employer.

Prevendra - Gregory Allen Justice - arrest

Selling secrets to Russia? It’s a bad idea

The headline read:  Selling Secrets to the Russians? Jason Bourne Fan arrested in spy drama of his own.  Thus implying the motivation for Gregory Allen Justice was his sick wife, a job at which he felt unappreciated and a fascination with cinematic secret operatives such as Jason Bourne and James Bond. There’s more to the story.

When he was arrested for what the Federal Bureau of Investigation called in their filed criminal complaint: probable cause of Economic Espionage, violation of the Arms Export Control Act, and violation of the International Trafficking in Arms Regulations (ITAR),  Justice found out just how adroit the FBI, working with the Air Force Office of Special Investigations (AFOSI), can be when working an espionage case.

BREAKING TRUST

Justice allegedly broke trust with his employer, a cleared defense contractor (who, according to his father is Boeing Satellite Systems). He is alleged to have reached out to the Russian Embassy in Washington, DC to volunteer his services in late 2015.

His first attempt at contact involved sending a letter, followed by a brief phone call to the Russian Naval Attaché within the Russian Embassy (Military attaches in embassies, are on occasion associated with military intelligence). This letter, according to the criminal complaint filed in the United States District Court, Central District of California, contained a “technical schematic.”

On February 10, 2016, Justice again called the Russian Naval Attache’s office at the Russian Embassy and asked if there was interest in maintaining contact and obtaining similar things. At that point, the FBI does what the FBI does … then stepped in and provided Justice with all the rope he needed to hang himself.

FBI COVERTLY ENGAGES  GREGORY ALLEN JUSTICE

Justice was contacted two days later by an undercover FBI special agent (S/A) who posed as a member of the Russian external intelligence service, the SVR. The S/A picked up the conversation and arranged to meet with Justice.  Over the course of the next few months (February – May 2016), Justice would meet the S/A face-to-face on five occasions. On each of the last four occasions, Justice brought information which was either proprietary or in violation of US export regulations, signed a receipt for cash received from the S/A and volunteer to expand his collection efforts in support of what he believed to the Russian SVR.  (NB: It is not revealed if the Russian intelligence apparatus acted upon Justice’s attempt to volunteer, or if they took a pass.)

Justice explained how all of the information he was providing was “ITAR.” And went on to compare his collaboration with the S/A as just like the “spy movies” of Jason Bourne, James Bond and “The Americans.”  Furthermore, Justice claimed to need money to fund his wife’s medical bills. Readers of the entire criminal complaint will see, while his motivation was financial, it was to fund his relationship with a woman other than his wife, and narcotics distribution. Furthermore, he provided information to the S/A on 16-gigabyte USB thumb drives.

INSIDER THREAT PROGRAM

The cleared defense contractor had in place a robust insider threat program. The program detected in November 2015, Justice coping a number of files to an external device, and then provided confirmatory information to the FBI/AFOSI on the information which Justice would purloin prior to each meeting with the S/A.

WHAT WAS AT RISK

While Justice did not have access to classified programs, he did have access to the following satellite system programs:

  • Wideband Global Satellite Communication (WGS)
  • Global Positioning System (GPS)
  • Geostationary Operational Environmental Satellites (GOES)
  • Tracking and Data Relay Satellite (TDRS)
  • Milstar Communications Satellite (MILSTAR)
  • Tangential access to additional programs
    • INMARSAT
    • MEXSAT
    • GPS IIF

INFOSEC TRAINING

Furthermore, as a cleared defense contractor, one would expect there to be a comprehensive cyber and counterintelligence briefing and training program, and there was.  Justice’s training folio showed he had taken a variety of courses.

  • Information Security 2015 (July 10, 2015)
  • Intellectual Property for Engineers and Technologists (July 10, 2015)
  • Threat Management Training for Employees (July 9, 2015)
  • Trade Secrets and Proprietary Information (July 9, 2015)
  • Enterprise US Export Awareness Overview (July 9, 2015)
  • Information Security 2014 (June 25, 2014)
  • 2014 Ethics Recommitment Training (May 6, 2014)
  • Enterprise US Export Awareness Overview (November 27, 2013)

CONTROLS TO PREVENT A LEAK

The cleared defense contractor had in place a data loss prevention (DLP) monitoring program and as noted above, found Justice downloading data to a USB device. In addition, the resident DLP monitoring program captures screenshots of Justice’s computer, at a cadence of approximately every six seconds. In addition, when an external medium, such as an USB drive is inserted into a laptop/desktop, the system prompts to encrypt the data.

Physical access procedures were also in place at the cleared defense contractor’s facility.  To enter the building, Justice is required to display a badge to a guard or enter through a badge-controlled gate. In addition, access controls exist at Justice’s specific work area, via a badge swipe.  In order to access his work station, Justice was required to insert his badge and enter a pin (description fits that of a Common Access Card functionality). Access controls on specific data sets required a re-authentication by Justice in order to garner access. Furthermore, within the contractor’s IT system, when entering the collaborative data sets environment, all data is clearly marked and delineated as proprietary and/or requiring compliance with export controls.

SUMMATION – TRUST BUT VERIFY

Justice broke trust. The contractor’s DLP system identified his accessing and copying files to external devices. It is unclear from the criminal complaint if this actionable information was of sufficient caliber to warrant action or if the action occurred only after the FBI/AFOSI arrived on the scene post-Justice’s volunteering his services to the Russian intelligence apparatus.

Entities with insider threat programs are challenged with both the potential for a mountain of false-positives, as well as determination of what level of activity warrants action.  Each program will be different, but having access to the data, for archival review should be mandatory. The rationale, today’s actions may appear mundane and low-risk, but when added to additional pieces of data, which may also appear to be innocuous and of low-risk, creates a more complete picture of the mosaic of the risk being presented by the employee breaking trust.

 

 


A version of the above, written by Christopher Burgess, was original posted in Clearance Jobs in July 2016: Profile in Espionage – Curtailing a Satellite Spy with an Insider Threat Program

Prevendra - China

Espionage in the Heartland: Rice to China

Prevendra: Espionage in the Homeland: Rice to ChinaOn 12 December 2013, a criminal complaint was filed by the United States Attorney in the Kansas District, petitioning for the arrest of two individuals, with ties to China, for the theft of  trade secrets from Ventria Bioscience and other companies. Subsequently, these same two individuals were indicted for “conspiracy to steal trade secrets” by a federal grand jury on 18 December. The two individuals, Wieqiang Zhang and Wengui Yan, accused of stealing the intellectual property of Ventria Bioscience and other entities for the past 3+ years, October 2010 through December 2013, when they duo were arrested.  The pair, specifically targeted Ventria’s methods of “developing, propagating, growing, cultivating, harvesting, cleaning, and storing particular agriculture seeds for cost-effectively producing recombinant proteins from such seeds.”  The genetic work conducted by Ventria specifically, “develops and produces particular agricultural seeds, which have been designed to express proteins used in the medical and pharmaceutical fields.” According to the CEO of Ventria, as detailed in the criminal complaint, the current level of investment made by his company is approximately $75 million, and the research investment in the specific seeds stolen by the pair was between $3 and $18 million, with lost of profits in the event of commercialization by another entity to be substantially larger.

Unique rice seeds harvested

The criminal complaint details the unique nature of the seeds which were stolen by Zhang and Yan.  One of the seeds, “make a recombinant protein that is being developed for use as a therapeutic excipient.” The other seed, “makes a different recombinant protein that is being developed to treat or prevent gastrointestinal disease, antibiotic, associated diarrhea, hepatic disease, osteoporosis,and inflammatory bowel disease.”  While it may appear on the surface to be a case of two individuals stealing genetically modified seeds in a case of corporate espionage, similar to that which occurred over the past four years by a separate group conducting industrial espionage and operating in the upper-midwest (Espionage in the Heartland: Corn to China) of the United States, the activities of Zhang and Yan specifically targeted long term agricultural pharmaceutical research. In this instance, the Chinese nation state hand is less obtuse.

Nation State sponsorship

According to the data contained within the criminal complaint, a Chinese delegation’s checked and unchecked luggage was searched on 07 August 2013 as the delegation was preparing to depart to China (PRC). The search revealed seeds which were believed to be taken from Ventria Bioscience and/or the USDA Dale Bumpers National Rice Research Center, and varieties protected under “Plant Variety Protection Act” certificates owned by Louisiana State University or Ventria. The four PRC visitors had visited an unidentified US agricultural facilities in Chesterfield, MO and Creve Coeur, MO (Prevendra’s analysis identifies Monsanto as having facilities in both Chesterfield and Creve Coeur, MO).  The delegation in fact had visited the facilities on 18 July 2013 in the company of Zhang.  The delegation also traveled to the Dale Bumpers Center in Stuttgart, AR on 22 July 2013.  Yan had access to the seed varieties which were found during the 07 August 2013 search by US Customs and Border Patrol personnel.

Yan’s correspondence with the China Crops Research Institute (CCRI) indicates Yan used his position within the USDA to create invitation letters for the delegation to visit the US. The CCRI delegation organizer in China corresponded with Zhang and Yan jointly. Zhang and Yan used their work email as well as web-based emails (Yahoo!, Hotmail and Gmail). Indicative of one attempting to shield the content from one’s employer, be it private sector (Ventria) or government (USDA).

Zhang: One of the emails obtained from Zhang’s hotmail account detailed the modalities of housing allowances and stipends within the Hexi District of China. Zhang’s emails also showed a letter to the Crops Research Institute asking for a housing subsidy be provided to him and his intent to continue to obtain Ventria’s research so as to enable similar research and development in biology in Tainjin, China (see copy of the criminal complaint below for full test).

Yan: Similarly, in November 2012, Yan wrote “2012 YAN Wengui’s Activities in Serving the Nation” (Note: Yan became a US citizen in November 2000). The criminal complaint notes how Yan lists:

– Provide rice research breeds accelerating China’s science research;
– Recommend the US science technology to accelerate Chinese agriculture science research and faster development in modernizing production
– Returning to the country [China] to proceed science and technology exchange, research cooperation and assist Chinese professors advising research students;
– Train talents for the Chinese agricultural science and technology.[/custom_blockquote]

While Zhang, a PRC citizen engaged in corporate espionage / industrial espionage, one could explain his activities as one supporting the PRC given the benefactor was the Crop Research Institute of China, which is a part of the Chinese Academy of Agricultural Science (CAAS) and a PRC State Key Lab. It would be difficult, if impossible, for Zhang to have said no when the PRC state requested his assistance.

Yan on the other hand is not a PRC citizen. His actions warrant review of his activities starting when he arrived in the United States at the University of California (Davis) in 1987 through the date of his arrest in Stuttgart, AR, as his “report” of 2012 clearly demonstrates his serving his birth nation (China).

The two accused of intellectual property theft:

Prevendra - Espionage in the Homeland - Rice to China - Zhang

Wieqiang Zhang (張偉強), 47, is a citizen of the PRC and lawful permanent resident in the United states, residing in Manhattan, Kansas. He is an employee of Ventria Bioscience at their Junction City, KS facility.  Zhang was employed by Ventria since 2008 (five plus years). He received his Ph.D, in Rice Genetics, breeding and molecular biology from Louisiana State University (2001-2005), his masters degree in agriculture in China (1992). While in China he worked at a Crop Research Institute in the development and production of rice. His LinkedIn profile shows him to be a member of the “Plant Breeding Jobs” LinkedIn network. An internet search shows his residence to be a six bedroom single family house (>$350,000), located in Manhattan, KS. According to Riley County, KS records, the house was built in 2010, with Zhang being the original owner the house with a Qi Honglei.

 

Prevendra - Espionage in the Heartland - Rice to China - Yan

Wengui Yan (嚴文貴), 63, a naturalized US citizen (November 2000), having immigrated from the PRC in 1987, resides in Stuttgart, Arkansas. He received his masters and undergraduate degrees from Sichuan Agricultural University in China. In approximately 1992 he received his PHD in Plant Genetics and Breeding from the University of Arkansas. Since 1996, he has been an employee of the USDA Dale Bumpers National Rice Research Center, also located in Stuttgart, AR. An internet search shows he resides in a single-family residence located in Stuttgart, AR. According to the Arkansas County, AR records, the 2300+ sq ft home was purchased by Yan for $100,000 in 1997 and is currently valued at approximately $160,000. His Linkedin profile shows him to be a plant geneticist. Further research shows Yan holds patents associated with rice genomics. One patent identifies Yan as the owner, while the second has Yan as being a part of a team of researchers.

 

“USA vs ZHANG & YAN”– PDF of the 


“The World Press”

Two Agricultural Scientists from China Charged with Stealing Trade Secrets (FBI – 12 Dec)

US Charges Chinese Nationals in Trade Secrets Cases (Wall Street Journal – 13 Dec)

Judge in Kansas orders scientist from China detained (Businessweek – 18 Dec)

Grand Jury in Kansas indicts Chinese scientists (San Jose Mercury News – 20 Dec)

Jury in Kansas indicts Chinese scientists (Taipei Times – 22 Dec)


 

“Espionage in the Heartland: Corn to China” Prevendra: Espionage in the Heartland of the United States Espionage in the heartland of the United States?

For two-plus years, perhaps for as many as four, a different type of harvesting has been occurring throughout the heartland of the United States. According to the criminal complaint (see below), filed by the United States Attorney, Nicholas A. Klinefeldt, a Chinese company, Kings Nower Seed,and their personnel have been harvesting more than $30 million worth of intellectual property from multiple US conglomerates.  The criminal complaint requests an … <read complete analysis>

 


 

“Secrets Stolen, Fortunes Lost”:  As detailed in Secrets Stolen, Fortunes Lost, the intellectual property of companies in the United States, regardless of locale, are of interest to those who have no problem extracting the research and development investment to avoid making their own. The introduction to Secrets Stolen, Fortunes Lost admonishes:

Intellectual property is your enterprise’s lifeblood; is it safe or are you in danger of being put out of business because a predator has shed that lifeblood? We have found two profound but common misconceptions about intellectual property theft and economic espionage.

One of the great misconceptions is that the threat of economic espionage or trade secret theft is a limited concern—that it is an issue only if you are holding on to some- thing like the formula for Coca-Cola or the design of the next Intel microprocessor. The many real-world stories included in this book illustrate the fallacy of thinking that this threat is someone else’s problem.

The other great misconception, held by many business leaders who do acknowledge the danger to their trade secrets and other intellectual property, is that the nature of this threat is sufficiently understood and adequately addressed. Often, on closer inspection, the information-protection programs these business leaders rely on are mired in Industrial Age thinking; they have not been adapted to the dynamic and dangerous new environment forged by globalization

Secrets Stolen, Fortunes Lost

Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 – by Christopher Burgess and Richard Power)

Prevendra - China Intellectual Property

Espionage in the Heartland: Corn to China

Prevendra: Espionage in the Heartland of the United States Espionage in the heartland of the United States?

For two-plus years, perhaps for as many as four, a different type of harvesting has been occurring throughout the heartland of the United States. According to the criminal complaint (see below), filed by the United States Attorney, Nicholas A. Klinefeldt, a Chinese company, Kings Nower Seed, and their personnel have been harvesting more than $30 million worth of intellectual property from multiple US conglomerates.  The criminal complaint requests an arrest warrant for MO Hailong, aka Robert MO, who is alleged to have led the concerted effort to steal and ship to China the the next generation of “inbred” or “parent” corn seeds, market value at approximately $30-40 million and 5-8 years of research from Pioneer, Monsanto and LG Seeds (perhaps others as well).

Seed corn harvested

A review of the criminal compliant outlines a sophisticated apparatus pulled together and executed by MO. The group, apparently working with help of insiders within Pioneer and Monsanto, were able to travel to the exact geo-coordinates of the fields growing the sensitive test seeds.  Reading the complaint closely, it is clear that Mo was the linchpin of the effort.

Mo traveled, often to the midwest from his Boca Raton residence, which he shares with a LI Ping aka (Carolyn Li Ping), to Chicago and Kansas City in 2011-2012. The interviews of those from whom Mo purchased seeds in Iowa and Missouri noted he was a customer since 2009, buying multiple bags of seed and always paying cash.  Mo was observed shipping seeds which he purchased and stole from the fields to his Boca Raton residence via UPS. Our analysis of Mo and his status in the United States, noted Mo and Li Ping purchased the 2000 square foot house in Boca Raton in 2009 for $300,000. It would appear the purchase of the house coincided with his initiation of his heartland activities.

It would be one thing to steal or inappropriately obtain licensed technology, but Mo and company went one step further. They set up an operation in Monee, IL to grow the commercially acquired seeds in anticipation of being able to identify the one-half of one percent of the inbred seed which is in each bag and then harvest the inbred seed which is distinguishable from the hybrid seeds.  Kings Nower Seeds purchased the Monee, IL farm for more than half a million dollars, $600,000 to be exact in late-March 2012. Which coincides with the beginning of the spring land preparation; and put the property back on the market in September 2012 for $300,000.  Perhaps after having harvested the inbred-seed?

Nation State sponsored?  

We view the sophistication of the operation which commenced with the arrival of Mo in 2009, the frequency and expense of the travel to/from the midwest, the 750+ mile driving days, the use of an alias persona of a real person within the official delegation of the Vice President of China; the co-conspirator Wang Hongwei who not only operated from Canada, but had in his possession the geo-coordinates of locations in the US of interest; the level of clandestinity used; the multinational aspect of the caper (Hong Kong, Canada, China and the US); the deep pockets of those engaged; all to indicate PRC knowledge of, if not directly involved.

The case is more than just low level activity.  Interestingly, in this instance, the Pioneer Seed company has been in China since 1997 and their China business is valued in excess of one billion dollars. Apparently, not all in China were party to the joint venture and the desire to create a homegrown entity to compete with the multi-nationals is high.

It is not surprising that counterfeit seeds is a problem in China, which is exacerbated when the theft of genuine seeds is also occurring. In October 2011, Pioneer’s China lead, William Niebur, vice president and general manager of Pioneer China, told “China Real-Time Report that Pioneer regards counterfeit seeds as a serious issue in China, as the counterfeits undermine seed companies’ intellectual property and the market’s confidence in seed quality. Pioneer is working with Chinese authorities to enforce the law, he said. He estimated there were as many counterfeit seeds on the market as Pioneer’s sales volume, though demand for Pioneer products remains strong. As for China’s efforts to grow an agrotechnology giant, Niebur cited joint ventures Pioneer has with Chinese firms as examples of such efforts. “Pioneer considers itself a partner to the China seed industry,” that has assisted Chinese firms with manufacturing, planting technology, packaging and delivery systems, he said in e-mailed comments [to China Real-Time Report].”

Perhaps the VP identified in the complaint is Niebur, regardless, what is interesting is the comment attributed to the VP, “DBN best-selling corn seed products in China utilize a male parent (inbred) line of seed that Pioneer determined their company developed. The Pioneer VP confronted the DBN [unidentified] official on the success of the product since it utilized Pioneer-developed genetic trait, and the DBN official smiled and nodded, implicating acknowledging to the Pioneer VP the truth of the accusation.

Analysis:

The compromise of MO Hailong did not happen due to superior analytic work by the FBI or any law enforcement entity. The MO operation was in place and operating for some time, perhaps as early as 2009. It was two farmers in Iowa who saw something and reported it as suspicious to the Pioneer field rep, who mentioned it to the Pioneer security personnel. Kudos go to Pioneer for sensitizing their field reps to report that which does not fall into the realm of normal activity. Better had the Pioneer Security team picked up their phone and contacted their liaison with the FBI in Des Moines.

Many questions remain unanswered. Where else did MO travel from his Boca Raton base. What role does Carolyn Li Ping play in this activity, if any, as she is a Kansas State University graduate. The Canadian angle, how much Chinese activity is taking place in Canada by this same crew or others targeting Canadian agriculture? If Kings Nower Seeds were so easily able to step over the line of appropriate business conduct and engage in espionage, where else has LI Shaoming allowed this type of investment. What is the role of the US persons who assisted with the real estate and logistics. And to a core issue, who are the insiders in Pioneer and Monsanto who are providing the identities of the test fields to the Kings Nower Seed crew. What part, if any, did Pioneer and Monsanto’s foot print in China make them a target for espionage in the United States. What role did their Chinese employees in China or the US play?

The take away for all companies – have a security plan, educate your employees and contractors. Operate from a position of trust, have in place the capabilities to verify the trust if suspicion arises. Conduct strategic competitive analysis so you may be aware of what areas of research your competition is engaged?  Reward employees for reporting anomalies. When implementing protections, explain to your employees, contractors and vendors the why behind your intellectual property protection regimes, and never allow convenience to trump security.

The cast of characters

Mo Hailong “Robert” – a lawful permanent resident (H-1-B visa holder) in the United States – Director of International Business of Beijing Dabeinong Technology Group Company (DBN).
Hougang Wu – Chairman of Dalian Zhangzidao Fishery Group – an alias used by Mo Haiilong as part of the official Chinese delegation accompanying the Vice President of China during his visit to Des Moines, IA on 15/16 February 2012. [Note: WU Hougang is a legitimate person and he is the Chairman of the Zhangzidao Fishery Group. It is unknown if he signed up as a member of the delegation and provided his registration and identity documents for Mo’s use – a witting participant, or if he was unwitting of the use of his name and that of us company in the activities]
Wang Lei – Vice Chairman of Kings Nower Seed – accompanied MO on his visit to the fields in Iowa, and was part of the VP of China delegation in Des Moines 15/16 February 2012
LI Shaoming –  CEO of Kings Nower Seed – Phd Scientist – directing and participating in the collection of US intellectual property
Xaoming Bao – Chinese national, former Pioneer employee – met with  Wang and Mo during VP China visit at a bar in Urbandale, IA.  (Bao’s spouse is a current Pioneer employee).  [Note: Xaoming Bao – has 18 patents in the plant genetics field, many of which are assigned to Pioneer]
YE Jian – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – In a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgable as to the illegality of their efforts.
LIN Young – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – in a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgable as to the illegality of their efforts.
Eugene Yu – Chinese-American realtor in the Chicago area (research shows a realtor associated with Charles Rutenberg Real Estate of Naperville, IL, by the name of Eugene Yu. No other realtors in the Chicago metro with this name were found) – Yu served as middle-person on the lease of a storage facility in New Lenox, IL, provided transport to YE, and spent a good deal of time on the Kings Nower Seed farm in Monee, IL.  [NOTE: It is unknown if YU was witting of the espionage taking place, or if he was unwittingly duped into providing support to the activity, viewing Kings Nower Seed as a lucrative client given their purchase of the Monee, IL farm.]
Wang Hongwei  A dual Chinese/Canadian citizen – On 28 September 2012, Wang HONGWEI entered the US via land-border between the US/Canada in Vermont. Drove to Burlington and then flew to Chicago, obtained a rental car and traveled to the farm in Monee, IL.  On 30 September 2013, gave FBI Surveillance in Burlington, Vermont the slip using aggressive counter-surveillance driving methods. At the US/Canada border crossing he was identified and subjected to a USCBP border inspection. He lied to officers and then recanted when evidence was shown that his story of visiting Burlington was compromised by his United Airline ticket in his possession. 44 bags of corn were found hidden in his luggage and in the vehicle. each of the bags was identical as those which were earlier confiscated at O’hare Airport. In addition, he had a notebook with GPS coordinates of farm plots and pictures of Monsanto and Pioneer fields and facilities. He claimed to have purchased the corn from Mo Hailong.

The companies

Kings Nower Seeds – Formed in 2001
The Kings Nower Seeds website notes their research in inbred seeds in a January 2013 post:
“Precise Research and Development

Following the strategy of Precise Research and Development, we built up one transgenic research lab, five inbred line test stations, seven breeding centers and 123 experiment stations. Annual investment on R&D is kept more than 10% of annual sales. Based on our proprietary T+2 model, aided by inbred line test, variety design, DH, molecular, information technology and large-scale variety testing, a fast, effective and accurate breeding system is established. Such a system speeds up breeding and makes the breeding output predictable. In 2008, our technology center was recognized as “Beijing Enterprise Technology Center” and “Science and Technology Research and Development Institution of Beijing Municipal Science and Technology Commission”.  Now we hold leading breeding capabilities on hybrid maize and hybrid rice in China.”

Dabeinong Technology Group Company – Formed in 1994
Zhangzidao Fishery Group – founded 1958
“Mapping Mo Hailong’s Espionage” 

Prevendra - Mapping the espionage of Mo HailongMapping Mo Hailong and the co-conspirators.

Including the May 1, 2012 – 750 mile trip by Mo when he traveled from Des Moines, IA to  Pattonsburg, MO to Adel, IA, to Monee, IL – over 8.5 hours in his vehicle, buy and acquiring corn

Detailed Map

“Espionage in the Heartland: Rice to China” OPrevendra: Espionage in the Homeland: Rice to Chinan 12 December 2013, a criminal complaint was filed by the United States Attorney in the Kansas District, petitioning for the arrest of two individuals, with ties to China, for the theft of  trade secrets from Ventria Bioscience and other companies. Subsequently, these same two individuals were indicted … <read complete analysis>

 

 

 


 

“US v Mo Hailong”

PDF of the 

PDF of the 

 

PDF of the 

Wanted posters issued by the FBI:

LI - Shaoming Li YE - Jian Ye WANG - Lei Wang WANG - Hongwei Wang Prevendra - China Espionage in the Heartland

 

 

 

 

 


“The world press”

Designer seeds thought to be latest target by Chinese

Chinese National Arrested for Conspiring to Steal Trade Secrets

Corporate espionage strikes Iowa’s agricultural technology

Call the FBI! China is trying to steal America’s seeds!

Chinese man arrested for stealing seed technology

Chinese company worker accused of steeling seed

Secrets Stolen, Fortunes Lost: As detailed in Secrets Stolen, Fortunes Lost, the intellectual property of companies in the United States, regardless of locale, are of interest to those who have no problem extracting the research and development investment to avoid making their own. The introduction to Secrets Stolen, Fortunes Lost admonishes:

Intellectual property is your enterprise’s lifeblood; is it safe or are you in danger of being put out of business because a predator has shed that lifeblood? We have found two profound but common misconceptions about intellectual property theft and economic espionage.

One of the great misconceptions is that the threat of economic espionage or trade secret theft is a limited concern—that it is an issue only if you are holding on to some- thing like the formula for Coca-Cola or the design of the next Intel microprocessor. The many real-world stories included in this book illustrate the fallacy of thinking that this threat is someone else’s problem.

The other great misconception, held by many business leaders who do acknowledge the danger to their trade secrets and other intellectual property, is that the nature of this threat is sufficiently understood and adequately addressed. Often, on closer inspection, the information-protection programs these business leaders rely on are mired in Industrial Age thinking; they have not been adapted to the dynamic and dangerous new environment forged by globalization

Secrets Stolen, Fortunes Lost

Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 –  by Christopher Burgess and Richard Power)