Category Archives: China

Commentary on issues involving China ranging from National Security issues such as Espionage to trade secret / intellectual property protection

China - Shanghai

JPMorgan runs afoul of the FCPA: $264 million settlement

This past week we learned that the Foreign Corrupt Practices Act (FCPA) has teeth. JP Morgan Chase (JPMorgan) essentially, used the hiring of the children of Chinese leaders as a bribe in exchange for US$100,000,000 in deals in China a violation of the FCPA. In addition the bank violated the anti-bribery, books and records, and internal controls provisions of the Securities Exchange Act of 1934. JPMorgan has agreed to a  pay US$264 million settlement with the Security and Exchange Commission over charges they violated the FCPA and the Securities Exchange Act of 1934.

The Fine

The SEC notes in their announcement of 17 November 2016, the bank has agreed to pay

  • more than $130 million to settle SEC charges that it won business from clients and corruptly influenced government officials in the Asia-Pacific region by giving jobs and internships to their relatives and friends in violation of the Foreign Corrupt Practices Act (FCPA)
  • $72 million to the Justice Department
  • $61.9 million to the Federal Reserve Board of Governors
  •  $105,507,668 in disgorgement plus $25,083,737 in interest to settle the SEC’s case.

JP Morgan violates #FCPA w/bribes in #China - SEC collects US$264,000,000 penalty payment Click To Tweet

The FCPA Crime

The statement continues, “… investment bankers at JPMorgan’s subsidiary in Asia created a client referral hiring program that bypassed the firm’s normal hiring process and rewarded job candidates referred by client executives and influential government officials with well-paying, career-building JPMorgan employment. During a seven-year period, JPMorgan hired approximately 100 interns and full-time employees at the request of foreign government officials, enabling the firm to win or retain business resulting in more than $100 million in revenues to JPMorgan.”

The 17 November New York Times reports, “JPMorgan … formalized the hiring into what it called the Sons and Daughters program. The bank even went so far as to create spreadsheets that tracked its hires to specific clients — and the bank’s ability to convert these hires into business deals.”

Interestingly, a former JPMorgan executive who apparently spearheaded the Sons and Daughters program, banker Fang Fang, was arrested in 2014 in Hong Kong by the territory’s anti-corruption agency. The arrest may have been as a direct result of this multiyear SEC/DOJ investigation into JPMorgan’s violation of the FCPA. It is believed, one of Fang’s emails contained the necessary confirmation that a violation of the FCPA had occurred which directly related to the capture of business. The New York Times provides a Fang quote, “You all know I have always been a big believer of the Sons and Daughters program — it almost has a linear relationship.”

CNBC on Fang Fang’s 2014 arrest

Separately, the Department of Justice announced that the JPMorgan Hong Kong subsidiary has agreed to pay a fine of US$72 million. The DOJ announcement, stated, “PMorgan Securities (Asia Pacific) Limited (JPMorgan APAC), a Hong Kong-based subsidiary of multinational bank JPMorgan Chase & Co. (JPMC), agreed to pay a $72 million penalty for its role in a scheme to corruptly gain advantages in winning banking deals by awarding prestigious jobs to relatives and friends of Chinese government officials.”

In 2016, 23 companies violated the Foreign Corrupt Practices Act #FCPA all w/SEC fines Click To Tweet

The takeaway for US businesses

The business customs and practices in a given country may not be in accordance with the laws and regulations which encumber US businesses in the United States. The FCPA exists, to prevent US businesses from engaging in corrupt business practice when engaged in international commerce, and send a clear message, that bribery is an unacceptable practice, regardless of its acceptability in a given country or culture.

Prevendra -SEC List of FCPA 2016 settlements

Click to read: 23 FCPA 2016 Settlements

In 2016 the SEC has reached settlement in 23 separate cases of FCPA violation (including the JPMorgan violation) . The description of these securities-exchange-commission-list-of-fcpa-settlements-in-2016 includes Brazilian aircraft manufacturer Embraer agreed to pay $205 million to settle charges that it violated the FCPA to win business in the Dominican Republic, Saudi Arabia, Mozambique, and India; U.K. biopharmaceutical AstraZeneca agreed to pay more than $5 million to settle FCPA violations resulting from improper payments made by subsidiaries in China and Russia to foreign officials; and in a very similar case, US Qualcomm agreed to pay $7.5 million to settle charges that it violated the FCPA when it hired relatives of Chinese officials deciding whether to select company’s products.

What is clear. Having internal controls and discovering violations of the FCPA and self-reporting, is what is expected by the SEC, and as a review of the 2016 settlements demonstrate, the settlement addresses the ill gotten gains, and normally does not include a criminal aspect.

Bottom line

All businesses which are engaged or contemplating international business, should arrange for their executives and business development staff to be well schooled in the nuances of FCPA, before they embark on business abroad.


Updated 11/21/2016 12:50 for DOJ fine of JPMorgan Hong Kong subsidiary
Prevendra's Email Updates
Get the latest content first.
100% Privacy. We don't spam.
Prevendra - blu phone's phone home

Chinese Cyber Espionage: What’s leaving your smartphone?

This week we saw, possible evidence of, yet another form of the Chinese cyber espionage. Smartphones calling “home” to China with user data. This is every government’s worst counterintelligence and cyber security nightmare. We are warned, repeatedly about the threat of Chinese cyber espionage, especially those in the national security arena. For those in the private sector, having the data from a smartphone being surreptitiously sent to servers in China, should make every company’s information security team skin crawl, as they watch their intellectual property fly out the window.

What’s a backdoor?

A backdoor is a means by which user information is provided without the user’s knowledge via device, software or other technical capabilities to a third party.

Smartphones forwarding user information to China?

Users of Android smartphones from BLU Products may be surprised to learn that security firm Kryptowire uncovered a backdoor in the firmware installed on their phones by their “firmware over the air” service provider. A quick online check shows their phones available via Google, Best Buy, and other retailers.  A deeper review shows that the company which handled the firmware updating, Shanghai ADUPS Technology Co., Ltd, has both ZTE and Huawei smartphones in their client list. Furthermore, ADUPS claims their service counts over 700 million active users.

Chinese Cyber Espionage: Are the backdoors in smartphones sending your data to China? Click To Tweet

What was compromised?

In this instance, per Kryptowire, the firmware provided the following to identified servers located in Shanghai, China.

  • Actively transmitted user and device information
  • The full-body of text messages,
  • Contact lists,
  • Call history with full telephone numbers,
  • Unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).
  • The firmware could target specific users and text messages matching remotely defined keywords.
  • The firmware also collected and transmitted information about the use of applications installed on the monitored device
  • Firmware bypassed the Android permission model,
  • Executed remote commands with escalated (system) privileges, and
  • Remotely reprogram the devices

The real kicker is, because the backdoor is located within the firmware, the activity bypasses the anti-virus security protocols of the device as it is considered safe, white-listed. User’s didn’t stand a chance, their only defense, to upgrade the firmware to a “clean version” or junk the phone.

What does Adups Technologies have to say about their firmware?

Adups Technology has issued a statement, explaining, without explicitly using the words, “China cyber espionage,” that this version of firmware was designed for use in the local, China only market, and was mistakenly placed on smart devices in other markets. The statement continues that the data collected was deleted and the firmware updated on all devices to have this feature removed. In other words, a private company, providing services to their client company made a mistake.

Something to keep in mind should you be traveling to China or Hong Kong and wish to use a burner phone for your local telephone calls, this capability is likely to exist on any device you may purchase in China and therefore, your device may be easily compromised in a difficult to detect manner.

China Cyber Espionage: Thinking of using a phone purchased in China? Click To Tweet

What should you do?

You have two options.

Carry-on:  If you are using a BLU phone, and take Adups Tehcnology at their word, make sure your firmware has indeed been updated. The Adups Technology link above, provides an email address for contacting the company, who no doubt can identify which firmware version does not send your data to China.

Junk the device:  If you are using a BLU phone, and don’t believe Adups Technology, short of taking your devices to a lab for confirmation (not something many would have the ability to do) there is little you as an individual user can do to confirm the backdoor in their provided firmware isn’t still there.  Therefore, you may wish to junk the BLU phone or the phone from any other manufacturer which uses the Adups Technology services to update the smart devices.

Additional reading:

Chinese company installed secret backdoor on hundreds of thousands of phones (ARS Technica, 15 November 2016)

Firmware Secretly Sent Text, Call Data On Android Users To China (Dark Reading, 15 November 2016)

Prevendra - China Agro Espionage

Agro Espionage – China’s corn espionage lead, MO Hailong, sentenced to prison

[cs_content][cs_section parallax=”false” style=”margin: 0px;padding: 45px 0px;”][cs_row inner_container=”true” marginless_columns=”false” style=”margin: 0px auto;padding: 0px;”][cs_column fade=”false” fade_animation=”in” fade_animation_offset=”45px” fade_duration=”750″ type=”1/1″ style=”padding: 15px;”][x_columnize]One chapter of the saga of China’s agro espionage targeting US research and development of corn has come to a close with the sentencing Mo Hailong, a/k/a Robert Mo, 46, a Chinese national. According to the Department of Justice, Mo was sentenced to 36 months in prison for conspiracy to steal trade secrets. His prison time will be followed by three years of supervised release. A fine, restitution if you will, has not yet been determined. In addition to the prison term and the to-be-determined fine, Mo was forced to forfeit the two farms purchased by Mo, one in Iowa and another in Illinois. Mo emigrated to the US for educational purposes and then stayed, converting his status to that of a lawful permanent resident of the US.

Let there be no doubt, this was and is nation state agro espionage. Mo Hailong was employed as the Director of International Business of the Beijing Dabeinong Technology Group Company, commonly referred to as DBN. DBN is a Chinese conglomerate with a corn seed subsidiary company, Kings Nower Seed. During the multiple years Mo operated, he operated from his Boca Raton home and traveled throughout the heartland purloining contract and proprietary seed corn on behalf of China. His use of alias documentation, allowing him to pose as a Chinese executive so as to be included in agricultural meetings in Iowa during a Chinese presidential visit speaks to the presence of PRC national intelligence capabilities.

[x_alert type=”danger” close=”true”]”According to the plea agreement entered on January 27, Mo Hailong admitted to participating in a long-term conspiracy to steal trade secrets from DuPont Pioneer and Monsanto. Mo Hailong participated in the theft of inbred corn seeds from fields in the Southern District of Iowa and elsewhere for the purpose of transporting the seeds to DBN in China. The stolen inbred, or parent, seeds were the valuable trade secrets of DuPont Pioneer and Monsanto.”[/x_alert][/x_columnize][x_blockquote cite=”U.S. Attorney Kevin E. VanderSchel.” type=”center”]The theft of agricultural trade secrets, and other intellectual property, poses a grave threat to our national economic security,”
[/x_blockquote][x_columnize class=”man”][x_custom_headline type=”center” level=”h3″ looks_like=”h3″ accent=”true”]Agro Espionage Questions Remain[/x_custom_headline]
[x_gap size=”1.313em”]

  • What is the role of the US persons who assisted with the real estate and logistics.
  • Who are the insiders in Pioneer and Monsanto who are providing the identities of the test fields to Mo and the Kings Nower Seed crew.
  • What part, if any, did Pioneer and Monsanto’s foot print in China make them a target for espionage in the United States.
  • What role did Pioneer or Monsanto’s Chinese employees in China or the US play?
  • Who are the insiders within Pioneer or Monsanto who provided the geocoordinates of the unmarked contract grow fields
  • Was either/both Pioneer or Monsanto targeted by the Chinese offensive cyber capabilities?
  • Have Pioneer, Monsanto and every other research and development entity tightened up their cyber security?
  • How did this affect the seed dealers who violated their sales contract with Pioneer/Monsanto by selling proprietary seed to Mo?

[/x_columnize][cs_text][x_gap size=”2.313em”][x_feature_headline type=”center” level=”h3″ looks_like=”h3″ icon=”500px”]The co-conspirators, where are they?[/x_feature_headline]

Wang Hongwei –  A dual Chinese/Canadian citizen – On 28 September 2012, Wang HONGWEI entered the US via land-border between the US/Canada in Vermont. Drove to Burlington and then flew to Chicago, obtained a rental car and traveled to the farm in Monee, IL.  On 30 September 2013, gave FBI Surveillance in Burlington, Vermont the slip using aggressive counter-surveillance driving methods. At the US/Canada border crossing he was identified and subjected to a USCBP border inspection. He lied to officers and then recanted when evidence was shown that his story of visiting Burlington was compromised by his United Airline ticket in his possession. 44 bags of corn were found hidden in his luggage and in the vehicle. each of the bags was identical as those which were earlier confiscated at O’hare Airport. In addition, he had a notebook with GPS coordinates of farm plots and pictures of Monsanto and Pioneer fields and facilities. He claimed to have purchased the corn from Mo Hailong.[/cs_text][cs_text]WANG Lei – Vice Chairman of Kings Nower Seed – accompanied MO on his visit to the fields in Iowa, and was part of the VP of China delegation in Des Moines 15/16 February 2012
[/cs_text][cs_text][x_gap size=”1.313em”]

LIN Yong – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – in a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgeable as to the illegality of their efforts.

[/cs_text][cs_text][x_gap size=”1.313em”]
YE Jian – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – In a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgeable as to the illegality of their efforts.[/cs_text][cs_text]Prevendra - FBI - Jian YE

Prevendra - Lei Wang

Prevendra - FBI - Hongwei WANG

-FBI - Yong LIN

 

 

 

 

 

 

 

[x_gap size=”5.313em”][x_feature_headline type=”left” level=”h2″ looks_like=”h2″ icon=”500px”]The takeaway[/x_feature_headline]
The takeaway for all companies – have a security plan, educate your employees and contractors. Operate from a position of trust, have in place the capabilities to verify the trust if suspicion arises. Conduct strategic competitive analysis so you may be aware of what areas of research your competition is engaged?  Reward employees for reporting anomalies. When implementing protections, explain to your employees, contractors and vendors the why behind your intellectual property protection regimes, and never allow convenience to trump security.[/cs_text][/cs_column][/cs_row][/cs_section][/cs_content]

Prevendra - China Agro Espionage

Agro Espionage – Rice to China – Wengui Yan’s guilty plea

Prevendra - Wengui Yan guilty plea

Click to view Plea Agreement

On 24 October 2016, Wengui Yan, an Arkansas resident, an employee of the USDA Dale Bumpers National Rice Research Center since 1996, and a naturalized US citizen originally from the PRC, successfully negotiated a plea-bargain with the Kansas US Attorney in his agro espionage case. Yan and his co-defendant, Weiqiang Zhang, PRC citizen, facilitated the theft of genetic rice from the United States on behalf of the PRC. The plea-bargain saw all counts of espionage dropped against Yan, in exchange for his guilty plea of making false statement to the US Government, concerning the theft. Yan will serve a maximum of 20 months in prison and be fined $100.  Yan’s co-defendant, Zhang’s case continues to move forward (interestingly, Zhang dismissed his court-appointed attorney on 28 October).

Espionage in the Heartland: Rice to China

We discussed this case of agro espionage where the insider made possible the economic espionage against a US entity, the US Department of Agriculture and their private sector partners,Ventria Bioscience (Ventria) in our piece Espionage in the Heartland: Rice to China. We outlined how the fleecing of approximately $75 million worth of research and development by Ventria went out the door with the successful theft by the visiting Chinese scientists from the Crop Research Institute in China, part of the Chinese Academy of Agricultural Science, which also has State Key Laboratory affiliation.  The visiting Chinese scientists who were assisted by both Yan and Zhang. Whether or not the USDA or Ventria is happy to know that Yan plead guilty and has received a modest penalty for his criminal activity is unknown. From this seat, this modest sentence and fine levied upon Yan is light and will hardly serve as a deterrent to others.  It is therefore, safe to assume, the lenient sentence was designed to garner the cooperation of Yan, the US citizen, in securing the conviction of Zhang or to force his acceptance of a plea-deal. Perhaps Zhang read his tea-leaves and this is why Zhang is awaiting new counsel.

China’s Agro Espionage

What is known, is that the United States agricultural sector is sitting in the bullseye of the global agro espionage milieu. The PRC government has laser focus on increasing and sustaining their agricultural sector, as their cities and population continues to blossom. China always plays the long-game, eschewing quarterly forecasts and the like. Their entities, supported by PRC government resources will work assiduously to bypass and avoid the trials and tribulations involved in such complex research and simply steal their way to productivity and profitability. This places companies like Ventria, who may never had to think about putting together and insider threat program. The reality is they need to have an insider threat program in place or they will find themselves competing against their own creations in a marketplace where price and access is such an important differentiator.

With respect to China’s long term view on the agriculture sector, one needs only read what China is saying and how they back those words up with actions. As detailed in The IP Commission Report of May 2013, on the theft of intellectual property from the United States. The report details how the theft of US intellectual property is valued at “hundreds of billions of dollars per year. The annual losses are likely to be comparable to the current annual level of U.S. exports to Asia—over $300 billion.” 

In January 2016, the Chinese Ministry of Agriculture announced that for the 13th consecutive year, the “Agriculture, rural community and farmer related issues are once again the topic of China’s ‘No. 1 Central Document’.”  The goal, “marked progress” in agriculture by 2020 to ensure society becomes moderately prosperous. Thus we can read directly, for the past 13 years agricultural advancement has been and continues to be paramount. The case of Yan and Zhang are demonstrative of the manner in which China is willing to acquire their R&D to achieve their national goals.

 

What’s next?

The final acts germane to this case of agro espionage are:

  • The conviction of Zhang.
  • The US agricultural sector, invest in security infrastructure and awareness as the reality of their being firmly in the bullseye of the Chinese. The Chinese are both willing and able to use agro espionage is a tool to obtain expensive R&D in the most economic manner possible, steal it.
IP Theft - Counterfeit Goods - Prevendra

IP Theft: Crowdfunding sites harvested by Chinese counterfeiters

It should surprise no one to learn that the Chinese factories which are engaged the production of counterfeit goods produce goods which are identical or indistinguishable from the originals. The factories are engaged in intellectual property theft (IP theft) and are building their products by reverse engineering a product then creating the counterfeit version, or creating the counterfeit product by stealing the design plans. Now a seemingly new wrinkle in the acquisition of product specifications has evolved.

But is it really new? Chinese counterfeiters have been harvesting ideas from crowdfunding sites for quite some time, and warnings aplenty have been made to entrepreneurs and inventors to protect their intellectual property from IP theft.  For example, in January 2013, The Guardian reported on  how “Using crowdfunding sites could destroy your nascent business idea.”  So let’s back up a bit, before we go forward and share some cases of IP Theft from crowdfunding sites, that date back well over half of a decade.

What is crowdfunding?

To take a paragraph from The Guardian,

Crowdfunding sites such as KickStarter, have grown in popularity. The concept is simple – you have an idea, formulate the logistics of the plan, and then upload the idea to a crowdfunding website, where millions of potential investors can scrutinise it, and if they like it, pledge to invest in the project. If the project raises the target capital, the funds are automatically transferred, and the idea becomes a reality. If the target is not met, no money is transferred, so no investors lose out. Essentially it’s Dragon’s Den (UK TV’s equivalent to Shark Tank) for the internet generation, leveraging the almost perfect liquidity of the online marketplace.

Protect your Kickstarter idea from #IPTHEFT - I might lose my intellectual property? Click To Tweet

Do I really need to protect my idea from ID Theft

The Guardian goes on to provide some excellent advice to individuals or startups which are creating hardware, protect your intellectual property from IP Theft by using the tools available to you prior to taking your idea public. Patent it!  So remember, patents are granted to novel inventions. Trade secret protection are granted to those concepts which have not been publicly disclosed. Absent a patent in place, litigating against another’s similar or identical product may be an uphill battle (consult with your legal counsel on this topic) after having presented your idea on a publicly available crowdfunding site.

[x_alert heading=”Protect Your Idea ” type=”warning” close=”true”]Always take steps to protect your creative idea prior to sharing in a public manner. Use of Non-Disclosure Agreements prior to private sharing go a long way toward demonstrating that appropriate steps have been taken to protect your trade secret. IP Theft is real. Use the tools available to you to protect your intellectual property, to include filing for a patent prior to seeking crowdfunding. [/x_alert]

What if your idea is infringing on the intellectual property of another. There is a difference between infringement and IP theft.  The example from The Guardian, discusses Formlabs, a team of PhD students, managed to raise just under $3m (£2m) to commercialise an accessible 3D printer. But the virtual high fives soon turned sour as an established company, 3D Systems, sued them for patent infringementThe suit was ultimately thrown out, but not after a significant amount of legal entanglement. This is not to say don’t pursue the idea and dreams, but be aware of the need to defend your creativity in the courts.  (NOTE: This case is included in the Netflix documentary, Print the Legend.)

Then, that which is at the root of this posting. Stealing the idea and taking it to market. As discussed in the co-authored book Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century, counterfeit goods accounted from more than $250 billion per annum and has since seen an increase to more than $450 billion (using 2013 figures).  My co-author, and I specifically call out the motivation of these individuals who harvest ideas.

[x_alert heading=”The Greed Factor” type=”warning” close=”true”]In most instances, the motive to pirate or counterfeit is simple: “economic greed”—to manufacture and sell goods without the overhead and costs incurred by the rightful owner of the IP. Thus, they are able to bring a product to market that is manufactured, marketed, and sold at a fraction of the cost borne by the original manufacturer. Innumerable examples exist; we offer a selection, across many industrial sectors. Additionally, given the infrastructure necessary, it is not surprising the most robust enterprises have ties to organized criminal networks.[/x_alert]

The Guardian shares the 2010 story of Scott Wilson was congratulated for successfully raising $942,578 on KickStarter to launch the TikTok Lunatik watch kit, a sleek new aluminium watch strap, which converted an iPod Nano into a touchscreen watch. The design and trade mark had not been protected. It proved immensely popular. Copycat imitations began to spring up around the web. The market is now flooded with fake Lunatik watches.  And in 2016, Lunatik’s innovation continues to be targeted by counterfeiters who are knocking off their products, most recently the  Lunatik: Taktik Extreme Cell Phone Cases.

A dive into the archives of IP Theft, shows us that Lunatik was not to be the last entity who lost their idea off of Kickstarter.  Take the case of the Pressy Button. In August 2013 it raised seven times its goal with more than 28 thousand contributors. By October 2013, they were faced with competing against themselves, as the Pressy Button was being counterfeited and marketed by a Chinese entity. Read, the January 2014, Tech Node piece, Crowdfunding sites makes copied-in-China even easier: All is needed is a Photoshopped image which details in depth the means by which Pressy Button became a victim of IP Theft.

Then in 2015, a Canadian inventor had their tale of woe detailed in WifiHifi, Crowd Funding Cloning, where their new fangled Anton strainer bowl which they had place on Kickstarter was purloined by a Chinese counterfeiter and then it shows up on Alibaba‘s Taobao shopping site.

Protect your Kickstarter idea from #IPTHEFT - Is it on Alibaba's Taobao? Click To Tweet

Which brings us to the 2016 case of one Yekutiel Sherman, an Israeli entrepreneur who designed and created a smartphone case which unfolds into a selfie-stick.  Clever indeed. As detailed in multiple media outlets (see below for links), the Shenzhen, China counterfeit manufacturers lifted his idea directly out of Kickstarter (as they did in 2010 to Lunatik) and not only beat the Sherman to market, they undersold him by a factor of five.  The counterfeiters had no R&D costs to recoup, therefore their pricing was cost of production plus margin. Now it remains to be seen, if Sherman has the ability to dive into Shenzen’s electronics market, Hauqiangbe (HQB) market and have the Chinese intellectual property authorities pull the knock-off from the shelves of the HQB wholesalers..

Protect your Kickstarter idea from #IPTHEFT - What happens when you don't? Click To Tweet

Sadly until retailers outlets, like Alibaba work together with manufacturers to keep counterfeit goods out of the portals, we will see this continue. Indeed, the Chairman of Alibaba Group, Jack Ma was quoted in the Wall Street Journal, as having said, “Fakes ‘Better Quality and Better Price Than the Real Names.‘”  Ma clearly signalling that he isn’t going to upset his rice bowl to protect the intellectual property of manufacturers from IP theft.

As noted in Secrets Stolen, This vector is on a near vertical growth path, and until governments and industries unite in both reactive and proactive steps, the criminal elements will always have the upper hand and the loss of intellectual property will continue.  In sum, the case of Sherman is catching the attention of media, the sad reality, its been a reality for quite some time. Company’s large and small must protect their infrastructure, their sharing of information in public manner and protecting their competitive advantage and revenue preservation through the implementation of security programs.


 Additional Reading 

China’s factories in Shenzhen can copy products at breakneck speed—and it’s time for the rest of the world to get over it  (October 2016)

Chinese Companies Are Stealing Kickstarter Product Ideas and Launching Them Faster and Cheaper (October 2016)

Using crowdfunding sites could destroy your nascent business idea. (2013)

Jack Ma says: Fakes better quality and better price than the real names (June 2015)


Buy Secrets Stolen, Fortunes Lost 

Secrets Stolen, Fortunes Lost

Click to Buy

Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 –  by Christopher Burgess and Richard Power)

 

Prevendra - China

Rest easy: China says U.S. OPM data breach was criminal

Prevendra: China US Cybersecurity

Reuters

Reuters recently reported how the Chinese are claiming they have concluded their official investigation into the allegation that the Chinese government were responsible for the Office of Personnel Management data breach which compromised the identities of ~20 million individuals government clearance portfolios.

It is interesting to note, the Chinese government spokesperson did not indicate the US Government response to this revelation. Few, if any in the international security industry are taking China’s investigatory claims seriously. No doubt, this face-saving step, is a necessary political prerequisite to moving to deeper bilateral cyber security talks.

China’s official Xinhua news agency said on Wednesday an investigation into a massive U.S. computer breach last year that compromised data on more than 22 million federal workers found that the hacking attack was criminal, not state-sponsored.
Source: China’s Xinhua says U.S. OPM hack was not state-sponsored | Reuters

 

Update 04 December 2015 – 1200 hrs

 

The Chinese government says it has arrested several people allegedly connected to the massive Office of Personnel Management (OPM) data breach. The arrests reportedly occurred just prior to President Xi Jinping’s visit to the US in September.

Washington Post:  The arrests took place shortly before Chinese President Xi Jinping’s state visit in September.

SCMagazineChina has arrested the individuals it says are responsible for the OPM megabreach, according to The Washington Post.

The HillThe arrests took place prior to Chinese President Xi Jinping’s state visit in September.

#####

 

Prevendra - China

Espionage in the Heartland: Rice to China

Prevendra: Espionage in the Homeland: Rice to ChinaOn 12 December 2013, a criminal complaint was filed by the United States Attorney in the Kansas District, petitioning for the arrest of two individuals, with ties to China, for the theft of  trade secrets from Ventria Bioscience and other companies. Subsequently, these same two individuals were indicted for “conspiracy to steal trade secrets” by a federal grand jury on 18 December. The two individuals, Wieqiang Zhang and Wengui Yan, accused of stealing the intellectual property of Ventria Bioscience and other entities for the past 3+ years, October 2010 through December 2013, when they duo were arrested.  The pair, specifically targeted Ventria’s methods of “developing, propagating, growing, cultivating, harvesting, cleaning, and storing particular agriculture seeds for cost-effectively producing recombinant proteins from such seeds.”  The genetic work conducted by Ventria specifically, “develops and produces particular agricultural seeds, which have been designed to express proteins used in the medical and pharmaceutical fields.” According to the CEO of Ventria, as detailed in the criminal complaint, the current level of investment made by his company is approximately $75 million, and the research investment in the specific seeds stolen by the pair was between $3 and $18 million, with lost of profits in the event of commercialization by another entity to be substantially larger.

Unique rice seeds harvested

The criminal complaint details the unique nature of the seeds which were stolen by Zhang and Yan.  One of the seeds, “make a recombinant protein that is being developed for use as a therapeutic excipient.” The other seed, “makes a different recombinant protein that is being developed to treat or prevent gastrointestinal disease, antibiotic, associated diarrhea, hepatic disease, osteoporosis,and inflammatory bowel disease.”  While it may appear on the surface to be a case of two individuals stealing genetically modified seeds in a case of corporate espionage, similar to that which occurred over the past four years by a separate group conducting industrial espionage and operating in the upper-midwest (Espionage in the Heartland: Corn to China) of the United States, the activities of Zhang and Yan specifically targeted long term agricultural pharmaceutical research. In this instance, the Chinese nation state hand is less obtuse.

Nation State sponsorship

According to the data contained within the criminal complaint, a Chinese delegation’s checked and unchecked luggage was searched on 07 August 2013 as the delegation was preparing to depart to China (PRC). The search revealed seeds which were believed to be taken from Ventria Bioscience and/or the USDA Dale Bumpers National Rice Research Center, and varieties protected under “Plant Variety Protection Act” certificates owned by Louisiana State University or Ventria. The four PRC visitors had visited an unidentified US agricultural facilities in Chesterfield, MO and Creve Coeur, MO (Prevendra’s analysis identifies Monsanto as having facilities in both Chesterfield and Creve Coeur, MO).  The delegation in fact had visited the facilities on 18 July 2013 in the company of Zhang.  The delegation also traveled to the Dale Bumpers Center in Stuttgart, AR on 22 July 2013.  Yan had access to the seed varieties which were found during the 07 August 2013 search by US Customs and Border Patrol personnel.

Yan’s correspondence with the China Crops Research Institute (CCRI) indicates Yan used his position within the USDA to create invitation letters for the delegation to visit the US. The CCRI delegation organizer in China corresponded with Zhang and Yan jointly. Zhang and Yan used their work email as well as web-based emails (Yahoo!, Hotmail and Gmail). Indicative of one attempting to shield the content from one’s employer, be it private sector (Ventria) or government (USDA).

Zhang: One of the emails obtained from Zhang’s hotmail account detailed the modalities of housing allowances and stipends within the Hexi District of China. Zhang’s emails also showed a letter to the Crops Research Institute asking for a housing subsidy be provided to him and his intent to continue to obtain Ventria’s research so as to enable similar research and development in biology in Tainjin, China (see copy of the criminal complaint below for full test).

Yan: Similarly, in November 2012, Yan wrote “2012 YAN Wengui’s Activities in Serving the Nation” (Note: Yan became a US citizen in November 2000). The criminal complaint notes how Yan lists:

– Provide rice research breeds accelerating China’s science research;
– Recommend the US science technology to accelerate Chinese agriculture science research and faster development in modernizing production
– Returning to the country [China] to proceed science and technology exchange, research cooperation and assist Chinese professors advising research students;
– Train talents for the Chinese agricultural science and technology.[/custom_blockquote]

While Zhang, a PRC citizen engaged in corporate espionage / industrial espionage, one could explain his activities as one supporting the PRC given the benefactor was the Crop Research Institute of China, which is a part of the Chinese Academy of Agricultural Science (CAAS) and a PRC State Key Lab. It would be difficult, if impossible, for Zhang to have said no when the PRC state requested his assistance.

Yan on the other hand is not a PRC citizen. His actions warrant review of his activities starting when he arrived in the United States at the University of California (Davis) in 1987 through the date of his arrest in Stuttgart, AR, as his “report” of 2012 clearly demonstrates his serving his birth nation (China).

The two accused of intellectual property theft:

Prevendra - Espionage in the Homeland - Rice to China - Zhang

Wieqiang Zhang (張偉強), 47, is a citizen of the PRC and lawful permanent resident in the United states, residing in Manhattan, Kansas. He is an employee of Ventria Bioscience at their Junction City, KS facility.  Zhang was employed by Ventria since 2008 (five plus years). He received his Ph.D, in Rice Genetics, breeding and molecular biology from Louisiana State University (2001-2005), his masters degree in agriculture in China (1992). While in China he worked at a Crop Research Institute in the development and production of rice. His LinkedIn profile shows him to be a member of the “Plant Breeding Jobs” LinkedIn network. An internet search shows his residence to be a six bedroom single family house (>$350,000), located in Manhattan, KS. According to Riley County, KS records, the house was built in 2010, with Zhang being the original owner the house with a Qi Honglei.

 

Prevendra - Espionage in the Heartland - Rice to China - Yan

Wengui Yan (嚴文貴), 63, a naturalized US citizen (November 2000), having immigrated from the PRC in 1987, resides in Stuttgart, Arkansas. He received his masters and undergraduate degrees from Sichuan Agricultural University in China. In approximately 1992 he received his PHD in Plant Genetics and Breeding from the University of Arkansas. Since 1996, he has been an employee of the USDA Dale Bumpers National Rice Research Center, also located in Stuttgart, AR. An internet search shows he resides in a single-family residence located in Stuttgart, AR. According to the Arkansas County, AR records, the 2300+ sq ft home was purchased by Yan for $100,000 in 1997 and is currently valued at approximately $160,000. His Linkedin profile shows him to be a plant geneticist. Further research shows Yan holds patents associated with rice genomics. One patent identifies Yan as the owner, while the second has Yan as being a part of a team of researchers.

 

“USA vs ZHANG & YAN”– PDF of the 


“The World Press”

Two Agricultural Scientists from China Charged with Stealing Trade Secrets (FBI – 12 Dec)

US Charges Chinese Nationals in Trade Secrets Cases (Wall Street Journal – 13 Dec)

Judge in Kansas orders scientist from China detained (Businessweek – 18 Dec)

Grand Jury in Kansas indicts Chinese scientists (San Jose Mercury News – 20 Dec)

Jury in Kansas indicts Chinese scientists (Taipei Times – 22 Dec)


 

“Espionage in the Heartland: Corn to China” Prevendra: Espionage in the Heartland of the United States Espionage in the heartland of the United States?

For two-plus years, perhaps for as many as four, a different type of harvesting has been occurring throughout the heartland of the United States. According to the criminal complaint (see below), filed by the United States Attorney, Nicholas A. Klinefeldt, a Chinese company, Kings Nower Seed,and their personnel have been harvesting more than $30 million worth of intellectual property from multiple US conglomerates.  The criminal complaint requests an … <read complete analysis>

 


 

“Secrets Stolen, Fortunes Lost”:  As detailed in Secrets Stolen, Fortunes Lost, the intellectual property of companies in the United States, regardless of locale, are of interest to those who have no problem extracting the research and development investment to avoid making their own. The introduction to Secrets Stolen, Fortunes Lost admonishes:

Intellectual property is your enterprise’s lifeblood; is it safe or are you in danger of being put out of business because a predator has shed that lifeblood? We have found two profound but common misconceptions about intellectual property theft and economic espionage.

One of the great misconceptions is that the threat of economic espionage or trade secret theft is a limited concern—that it is an issue only if you are holding on to some- thing like the formula for Coca-Cola or the design of the next Intel microprocessor. The many real-world stories included in this book illustrate the fallacy of thinking that this threat is someone else’s problem.

The other great misconception, held by many business leaders who do acknowledge the danger to their trade secrets and other intellectual property, is that the nature of this threat is sufficiently understood and adequately addressed. Often, on closer inspection, the information-protection programs these business leaders rely on are mired in Industrial Age thinking; they have not been adapted to the dynamic and dangerous new environment forged by globalization

Secrets Stolen, Fortunes Lost

Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 – by Christopher Burgess and Richard Power)

Prevendra - China Intellectual Property

Espionage in the Heartland: Corn to China

Prevendra: Espionage in the Heartland of the United States Espionage in the heartland of the United States?

For two-plus years, perhaps for as many as four, a different type of harvesting has been occurring throughout the heartland of the United States. According to the criminal complaint (see below), filed by the United States Attorney, Nicholas A. Klinefeldt, a Chinese company, Kings Nower Seed, and their personnel have been harvesting more than $30 million worth of intellectual property from multiple US conglomerates.  The criminal complaint requests an arrest warrant for MO Hailong, aka Robert MO, who is alleged to have led the concerted effort to steal and ship to China the the next generation of “inbred” or “parent” corn seeds, market value at approximately $30-40 million and 5-8 years of research from Pioneer, Monsanto and LG Seeds (perhaps others as well).

Seed corn harvested

A review of the criminal compliant outlines a sophisticated apparatus pulled together and executed by MO. The group, apparently working with help of insiders within Pioneer and Monsanto, were able to travel to the exact geo-coordinates of the fields growing the sensitive test seeds.  Reading the complaint closely, it is clear that Mo was the linchpin of the effort.

Mo traveled, often to the midwest from his Boca Raton residence, which he shares with a LI Ping aka (Carolyn Li Ping), to Chicago and Kansas City in 2011-2012. The interviews of those from whom Mo purchased seeds in Iowa and Missouri noted he was a customer since 2009, buying multiple bags of seed and always paying cash.  Mo was observed shipping seeds which he purchased and stole from the fields to his Boca Raton residence via UPS. Our analysis of Mo and his status in the United States, noted Mo and Li Ping purchased the 2000 square foot house in Boca Raton in 2009 for $300,000. It would appear the purchase of the house coincided with his initiation of his heartland activities.

It would be one thing to steal or inappropriately obtain licensed technology, but Mo and company went one step further. They set up an operation in Monee, IL to grow the commercially acquired seeds in anticipation of being able to identify the one-half of one percent of the inbred seed which is in each bag and then harvest the inbred seed which is distinguishable from the hybrid seeds.  Kings Nower Seeds purchased the Monee, IL farm for more than half a million dollars, $600,000 to be exact in late-March 2012. Which coincides with the beginning of the spring land preparation; and put the property back on the market in September 2012 for $300,000.  Perhaps after having harvested the inbred-seed?

Nation State sponsored?  

We view the sophistication of the operation which commenced with the arrival of Mo in 2009, the frequency and expense of the travel to/from the midwest, the 750+ mile driving days, the use of an alias persona of a real person within the official delegation of the Vice President of China; the co-conspirator Wang Hongwei who not only operated from Canada, but had in his possession the geo-coordinates of locations in the US of interest; the level of clandestinity used; the multinational aspect of the caper (Hong Kong, Canada, China and the US); the deep pockets of those engaged; all to indicate PRC knowledge of, if not directly involved.

The case is more than just low level activity.  Interestingly, in this instance, the Pioneer Seed company has been in China since 1997 and their China business is valued in excess of one billion dollars. Apparently, not all in China were party to the joint venture and the desire to create a homegrown entity to compete with the multi-nationals is high.

It is not surprising that counterfeit seeds is a problem in China, which is exacerbated when the theft of genuine seeds is also occurring. In October 2011, Pioneer’s China lead, William Niebur, vice president and general manager of Pioneer China, told “China Real-Time Report that Pioneer regards counterfeit seeds as a serious issue in China, as the counterfeits undermine seed companies’ intellectual property and the market’s confidence in seed quality. Pioneer is working with Chinese authorities to enforce the law, he said. He estimated there were as many counterfeit seeds on the market as Pioneer’s sales volume, though demand for Pioneer products remains strong. As for China’s efforts to grow an agrotechnology giant, Niebur cited joint ventures Pioneer has with Chinese firms as examples of such efforts. “Pioneer considers itself a partner to the China seed industry,” that has assisted Chinese firms with manufacturing, planting technology, packaging and delivery systems, he said in e-mailed comments [to China Real-Time Report].”

Perhaps the VP identified in the complaint is Niebur, regardless, what is interesting is the comment attributed to the VP, “DBN best-selling corn seed products in China utilize a male parent (inbred) line of seed that Pioneer determined their company developed. The Pioneer VP confronted the DBN [unidentified] official on the success of the product since it utilized Pioneer-developed genetic trait, and the DBN official smiled and nodded, implicating acknowledging to the Pioneer VP the truth of the accusation.

Analysis:

The compromise of MO Hailong did not happen due to superior analytic work by the FBI or any law enforcement entity. The MO operation was in place and operating for some time, perhaps as early as 2009. It was two farmers in Iowa who saw something and reported it as suspicious to the Pioneer field rep, who mentioned it to the Pioneer security personnel. Kudos go to Pioneer for sensitizing their field reps to report that which does not fall into the realm of normal activity. Better had the Pioneer Security team picked up their phone and contacted their liaison with the FBI in Des Moines.

Many questions remain unanswered. Where else did MO travel from his Boca Raton base. What role does Carolyn Li Ping play in this activity, if any, as she is a Kansas State University graduate. The Canadian angle, how much Chinese activity is taking place in Canada by this same crew or others targeting Canadian agriculture? If Kings Nower Seeds were so easily able to step over the line of appropriate business conduct and engage in espionage, where else has LI Shaoming allowed this type of investment. What is the role of the US persons who assisted with the real estate and logistics. And to a core issue, who are the insiders in Pioneer and Monsanto who are providing the identities of the test fields to the Kings Nower Seed crew. What part, if any, did Pioneer and Monsanto’s foot print in China make them a target for espionage in the United States. What role did their Chinese employees in China or the US play?

The take away for all companies – have a security plan, educate your employees and contractors. Operate from a position of trust, have in place the capabilities to verify the trust if suspicion arises. Conduct strategic competitive analysis so you may be aware of what areas of research your competition is engaged?  Reward employees for reporting anomalies. When implementing protections, explain to your employees, contractors and vendors the why behind your intellectual property protection regimes, and never allow convenience to trump security.

The cast of characters

Mo Hailong “Robert” – a lawful permanent resident (H-1-B visa holder) in the United States – Director of International Business of Beijing Dabeinong Technology Group Company (DBN).
Hougang Wu – Chairman of Dalian Zhangzidao Fishery Group – an alias used by Mo Haiilong as part of the official Chinese delegation accompanying the Vice President of China during his visit to Des Moines, IA on 15/16 February 2012. [Note: WU Hougang is a legitimate person and he is the Chairman of the Zhangzidao Fishery Group. It is unknown if he signed up as a member of the delegation and provided his registration and identity documents for Mo’s use – a witting participant, or if he was unwitting of the use of his name and that of us company in the activities]
Wang Lei – Vice Chairman of Kings Nower Seed – accompanied MO on his visit to the fields in Iowa, and was part of the VP of China delegation in Des Moines 15/16 February 2012
LI Shaoming –  CEO of Kings Nower Seed – Phd Scientist – directing and participating in the collection of US intellectual property
Xaoming Bao – Chinese national, former Pioneer employee – met with  Wang and Mo during VP China visit at a bar in Urbandale, IA.  (Bao’s spouse is a current Pioneer employee).  [Note: Xaoming Bao – has 18 patents in the plant genetics field, many of which are assigned to Pioneer]
YE Jian – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – In a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgable as to the illegality of their efforts.
LIN Young – PRC National and employee of Kings Nower Seed (per visa application) – involved over the course of the summer of 2012 in the collection of seed from farms located in the Northern Indiana, Illinois, Iowa farmland – in a conversation which the FBI surveillance obtained (pages 13-15 of the complaint) it is clear YE and LIN are knowledgable as to the illegality of their efforts.
Eugene Yu – Chinese-American realtor in the Chicago area (research shows a realtor associated with Charles Rutenberg Real Estate of Naperville, IL, by the name of Eugene Yu. No other realtors in the Chicago metro with this name were found) – Yu served as middle-person on the lease of a storage facility in New Lenox, IL, provided transport to YE, and spent a good deal of time on the Kings Nower Seed farm in Monee, IL.  [NOTE: It is unknown if YU was witting of the espionage taking place, or if he was unwittingly duped into providing support to the activity, viewing Kings Nower Seed as a lucrative client given their purchase of the Monee, IL farm.]
Wang Hongwei  A dual Chinese/Canadian citizen – On 28 September 2012, Wang HONGWEI entered the US via land-border between the US/Canada in Vermont. Drove to Burlington and then flew to Chicago, obtained a rental car and traveled to the farm in Monee, IL.  On 30 September 2013, gave FBI Surveillance in Burlington, Vermont the slip using aggressive counter-surveillance driving methods. At the US/Canada border crossing he was identified and subjected to a USCBP border inspection. He lied to officers and then recanted when evidence was shown that his story of visiting Burlington was compromised by his United Airline ticket in his possession. 44 bags of corn were found hidden in his luggage and in the vehicle. each of the bags was identical as those which were earlier confiscated at O’hare Airport. In addition, he had a notebook with GPS coordinates of farm plots and pictures of Monsanto and Pioneer fields and facilities. He claimed to have purchased the corn from Mo Hailong.

The companies

Kings Nower Seeds – Formed in 2001
The Kings Nower Seeds website notes their research in inbred seeds in a January 2013 post:
“Precise Research and Development

Following the strategy of Precise Research and Development, we built up one transgenic research lab, five inbred line test stations, seven breeding centers and 123 experiment stations. Annual investment on R&D is kept more than 10% of annual sales. Based on our proprietary T+2 model, aided by inbred line test, variety design, DH, molecular, information technology and large-scale variety testing, a fast, effective and accurate breeding system is established. Such a system speeds up breeding and makes the breeding output predictable. In 2008, our technology center was recognized as “Beijing Enterprise Technology Center” and “Science and Technology Research and Development Institution of Beijing Municipal Science and Technology Commission”.  Now we hold leading breeding capabilities on hybrid maize and hybrid rice in China.”

Dabeinong Technology Group Company – Formed in 1994
Zhangzidao Fishery Group – founded 1958
“Mapping Mo Hailong’s Espionage” 

Prevendra - Mapping the espionage of Mo HailongMapping Mo Hailong and the co-conspirators.

Including the May 1, 2012 – 750 mile trip by Mo when he traveled from Des Moines, IA to  Pattonsburg, MO to Adel, IA, to Monee, IL – over 8.5 hours in his vehicle, buy and acquiring corn

Detailed Map

“Espionage in the Heartland: Rice to China” OPrevendra: Espionage in the Homeland: Rice to Chinan 12 December 2013, a criminal complaint was filed by the United States Attorney in the Kansas District, petitioning for the arrest of two individuals, with ties to China, for the theft of  trade secrets from Ventria Bioscience and other companies. Subsequently, these same two individuals were indicted … <read complete analysis>

 

 

 


 

“US v Mo Hailong”

PDF of the 

PDF of the 

 

PDF of the 

Wanted posters issued by the FBI:

LI - Shaoming Li YE - Jian Ye WANG - Lei Wang WANG - Hongwei Wang Prevendra - China Espionage in the Heartland

 

 

 

 

 


“The world press”

Designer seeds thought to be latest target by Chinese

Chinese National Arrested for Conspiring to Steal Trade Secrets

Corporate espionage strikes Iowa’s agricultural technology

Call the FBI! China is trying to steal America’s seeds!

Chinese man arrested for stealing seed technology

Chinese company worker accused of steeling seed

Secrets Stolen, Fortunes Lost: As detailed in Secrets Stolen, Fortunes Lost, the intellectual property of companies in the United States, regardless of locale, are of interest to those who have no problem extracting the research and development investment to avoid making their own. The introduction to Secrets Stolen, Fortunes Lost admonishes:

Intellectual property is your enterprise’s lifeblood; is it safe or are you in danger of being put out of business because a predator has shed that lifeblood? We have found two profound but common misconceptions about intellectual property theft and economic espionage.

One of the great misconceptions is that the threat of economic espionage or trade secret theft is a limited concern—that it is an issue only if you are holding on to some- thing like the formula for Coca-Cola or the design of the next Intel microprocessor. The many real-world stories included in this book illustrate the fallacy of thinking that this threat is someone else’s problem.

The other great misconception, held by many business leaders who do acknowledge the danger to their trade secrets and other intellectual property, is that the nature of this threat is sufficiently understood and adequately addressed. Often, on closer inspection, the information-protection programs these business leaders rely on are mired in Industrial Age thinking; they have not been adapted to the dynamic and dangerous new environment forged by globalization

Secrets Stolen, Fortunes Lost

Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 –  by Christopher Burgess and Richard Power)

Prevendra - Caijing Business Magazine

China business magazine Caijing interviews Prevendra’s CEO

CAIJING - China's leading financial magazine article on US-China relationsPrevendra’s CEO & President, Christopher Burgess was recently interviewed by the Chinese business magazine Caijing.  Caijing’s Finance reporters asked Burgess a number of questions surrounding China – US relations.  The interview is provided below. The reporter, while gracious in his manner, noted that not all of Burgess’ answers were what the editorial team was expecting, but nonetheless they did include one snippet.

中央情报局前人员、现任网络安全公司Prevendra总裁Christopher Burgess对《财 经》记者指出,中美若能在美国国土资源部的网络和传播整合中心与中国的国家互联网应 急中心之间建立合作,同时由奥巴马和习近平针对这两个单位的合作交流建立准则,对两 国的网络安全合作将大有帮助。

Former CIA officer,and current CEO of security company Prevendra, Christopher Burgess spoke to the “Financial” reporter. He pointed out that the United States NCCIC network integration center collaboration with China’s national Internet center (CNCERT) should be directed by Obama and Xi Jinping for these two units to establish cooperation and exchange standards, the network of bilateral security cooperation will be of great help.

Here is the entire article in original Chinese:  China Magazine Caijing Interview

Here are the questions, answers and links provided to Caijing (though apparently some links are inaccessible to those in China – the Great Firewall of China appears to be in operation):

      Caijing Question:  Are you expecting Washington and Beijing to reach some kind of agreement on cyber governance? What kind of cooperation would you consider as effective?

     Burgess Answer: I would be very disappointed if President Obama and President Xi did not come to some type of agreement with respect to cyber governance and a mutually beneficial engagement.  I would see the cooperation taking a multi-prong approach, with action elements falling within the respective governments – the Department of Homeland Security’s National Cybersecurity and Communications Integrations Center (NCCIC) lead by Larry Zelvin on the US side and on China’s side the National Computer Network Emergency Response Coordination Center (CNCERT) led by Huang Chengqing. Both of these entities already hold the remit for dealing with national cyber emergencies and have a degree of engagement through the national Cyber Emergency Response Teams already in place.  The current level of collaboration is at an embarrassing level (less than 100), when one would expect a fulsome liaison to number int he 1000’s per day.  I would hope Presidents Xi and Barack Obama would direct a broader protocol upon both organizations.  In my opinion, this would serve to further engender trust as both sides collaborate to thwart the non-state actors engaged in cyber crime for which citizens, companies and local and national entities are paying a substantial price in loss of business, capability and credibility.  

      Caijing Question:  China has denied the accusations of hacking Americans and insisted itself as the real victim. Do you think Washington is able to come up with substantial evidences to prove its accusations?

       Burgess Answer:  I think sufficient evidence has been produced outside of the government to indicate that there is a good degree of cyber mischief originating from China.  The Mandiant report from February 2013, is a recent example of thoughtful and detailed documentation by a private company, in this report they specifically point their finger at the Peoples Liberation Army.  Please permit me to quote from page 3 of the report under Key Findings where Mandiant states how there analysis indicates that cyberespionage efforts originate: “…believed to be the 2nd Bureau of the People’s Liberation army (PLA) General Staff Department’s (GSD) 3rd Department (总参三部二局), which is most commonly known by its Military Unit Cover Designator (MUCD) as unit 61398 (61398部队).” Couple this with the recent US Department of Defense report of May 2013, in which they detail how technology has been pilfered via both technological means and traditional human intelligence mechanisms and I believe their is sufficient smoke to confidently assert, China is engaged in espionage against the United States.  This is not and should not be a surprise to anyone.  As I detailed in my own study on global espionage and counterespionage activities which occurred during calendar year 2007 (Nation States’ Espionage and Counterespionage, an overview of the 2007 Global Economic Espionage Landscape), as well as my book Secrets Stolen, Fortunes Lost, country’s, or nation states as we have come to call them, have intelligence capabilities for the express purpose to conduct espionage and collect information in support of their national interests.  Is China itself a victim, absolutely, again I refer you to my 2008 study, which provides exemplars. I don’t view it as requiring substantive analytical capability to deduce, that if it was occurring in 2007, it may be still be occurring some six years hence.  And I would not be to fast at pointing fingers across the water when there are other players in the mix, some with mutual borders with China.

Caijing Question:  Traditionally, cyber security is a responsibility of private companies. But the issue is now taken care by the government. What would you say is supposed to be the boundary of government and private companies?

Burgess Answer:  I think cyber security is the responsibility of every individual, company and governmental entity – we all shoulder some of the responsibility. I don’t agree with your statement the “issue is now taken care of by the government.”  If that was the case, we wouldn’t have exponential growth we are seeing in cyber crime.  We need greater public-private cooperation not only in the United States, but across the globe as the cyber criminal has no border restrictions, and uses this to their advantage as victims try and identify the entity which just fleeced their bank account or stole their intellectual property.  I think the boundary is blurring between government and private entities.  The latter is severely resource constrained, especially the small or medium businesses with limited resources to put up adequate defenses int he event they become targeted by a sophisticated criminal entities operating from the US, China, Romania, Russia, Bulgaria, Ukraine, Pakistan, Taiwan, all of who make money by stealing data; or a a nation state interested in obtaining the technology being developed for national security reasons.  The government can and in my opinion should provide private enterprise with both knowledge of the type of threat which they could need to address, as well as, recommendations on both technological solutions and process/procedures.  And my commentary is not US-centric – I believe every government has the ability to provide this level of support to their private enterprises.  It is in their national interests to do so, as without businesses having the ability to be successful, jobs are lost or not created, taxes paid and governments able to provide goods and service. 

 Caijing Question:  What are the likely scenarios if China and the Us failed to reach any agreement on countering hacking together?

Burgess Answer:  If China and the US don’t reach a means by which they can address, jointly, the growth in criminal cyber activiteis emanating from both their countries, I believe we will see a continuation of the status quo – i.e., criminal elements using the infrastructure from within China and elsewhere to launch continued onslaughts of cyber crime, knowing that the odds of their being detected and apprehended are low as inter-governmental cooperation is required to thwart, apprehend and prosecute.  

  Caijing Question:  The DOD is building a cyber offensive team. What are the likely scenarios once the team starts to operate?

Burgess Answer:  The US’s stratagem concerning cyber operations was, embarrassingly, leaked and published by the UK’s Guardian in early June.  I think a review of the document provides sufficient detail on the US side.  On the China side, the 1999 work, Unrestricted Warfare, by Qiao Liang and Wang Xiansui) detailed early on the strategy of the PLA with respect to information warfare, coupled with the recent announcement of the the PLA intent to conduct “digital war games” according to Xinhua which said the war games would occur in late June at the Zhurihe training base in Inner Mongolia autonomous Region.  I would say we have confirmation of the existence of a cyberwar capability.  The scenarios are identical from both sides of the equation – protecting national infrastructure, the irony however is, the primary threat isn’t from US or Chinese governmental activities, but from the well organized criminal elements operating in a trans-national manner.  

 Burgess Closing:  I’ve enjoyed this chat with you and thank you for your questions. And I would urge all to keep in mind, that while China and the United States are visibly engaged with respect to public diplomacy around the topic of economic espionage, cyber espionage, and transnational cyber crime, they are not the only nations in the mix.  Other countries are also developing their cyber capabilities as evidenced by announcements from Finland, UK, Indonesia, Singapore, France, Russia, etc.  The internet has created a fourth environment, an environment we all have come to rely upon in a strategic manner.  It is incumbent upon the nations of the world to keep it safe and secure. 

Links to pieces germane to this conversation

Book:     Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Burgess/Power – Syngress 2008 – ISBN: 978-1597492553)

Study:    Nation States’ Espionage and Counterespionage – an overview of the economic espionage landscape of 2007(Burgess – CSO Online – April 2008)

Articles: China’s Military: Here We Are! (Burgess – Huffington Post – 10 May 2013)

Obama tells intelligence chief to draw up cyber target list(Guardian UK – 7 June 2013)

Military and Security Development Involving the People’s Republic of China 2013 (US Department of Defense Annual Report to Congress – May 2013)

Occupying the Information High Ground:  Chinese Capabilities for Network Operations and Cyber Espionage (US-Economic Security Review Commission – March 2013)

Chinese hackers who breached Google gained access to sensitive data, US Officials say (Washington Post – 20 May 2013)

APT1 – Exposing One of China’s Cyber Espionage Units (Mandiant Report – February 2013)

Unrestricted Warfare (Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 – English translation)

Open Letter to President Obama on the eve of his Summit with President Xi (Jeffery Carr, Digital Dao – 03 June 2013)

Chinese army to conduct digital war games for first time (Asian Defense (quoting Xinhua) 31 May 2013)

China – US to hold cyber talks (China Daily, 04 June 2013)

DHS NCCIC – Overview (unclassified) (DHS October 2012)

China has mountains of data about US cyber attacks (Reuters, 5 June 2013)

Prevendra - China Intellectual Property

China’s intellectual property advance

Prevendra - China's Military:  Here we are!

Steve Webel via Compfight

Prevendra’s Christopher Burgess posted a piece on China in the Huffington Post – China’s Military – Here we are!, which noted how the People’s Republic of China (PRC) has been eating the West’s intellectual property lunch for the past 25+ years in accordance with the PRC”s published doctrine.

Especially worthy of note for those following the national security and geopolitical dynamic is the speed at which the PRC operates when voicing their denial as to the China government’s participation in any cyber shenanigans. Plausible denial is a wonderful thing, but we really should accept the doctrine published in Unrestricted Warfare (1999) which calls out the explicit use of technologically astute citizens to do the heavy lifting within the cyber arena.  This begs the question: “If China is not engaged, officially, why aren’t they engaged in cleaning up the cyber-nuisance factor emanating from their shores?

For now, our advice for companies doing business in China – caveat emptor – you want to lock down your intellectual property exposure within the PRC.  Furthermore, ensure your technology does not fall under the rubric of the International Trafficking in Arms Regulations (ITAR) or Export Administration Regulations (EAR).  The US Department of Commerce and Department of State have very clear guidance published with respect to what is and isn’t considered advanced technologies. Compliance is non-negotiable for a US company. Review these regulations and assume if your product/technology falls within any of the identified areas, then it may also fall within the scope of the type of information for which there exists an interested party in the PRC.