UPDATE: April 23, 2019
An indictment unsealed today, charges Xiaoqing Zheng, of Niskayuna, New York, and Zhaoxi Zhang, of Liaoning Province, China, with economic espionage and conspiring to steal General Electric’s (GE’s) trade secrets surrounding turbine technologies. It is alleged that their efforts were intended to benefit the People’s Republic of China, the Malaysian Armed Forces Fund Board, and other foreign entities. Mr. Zheng was arraigned in Albany, NY earlier this morning.
An Albany based engineer has been arrested by the FBI and charged with theft of trade secrets. Prosecutors say the engineer, Xiaoqing Zheng, used elaborate and sophisticated methods to steal countless digital files containing trade secrets from General Electric regarding their wind turbine technology. Zheng was able to smuggle the information out by using steganography to hide the stolen files in a digital picture of a sunset. He then emailed the picture containing the files, to his private personal email address with subject line "Nice view to keep."
Following his arrest, FBI agents searched Zheng's home in Niskayuna, NY and discovered a handbook describing the resources provided by China to individuals who can provide certain technologies to the government. FBI agents in Albany described the methods employed by Zheng as "uncommon even among trained computer experts."
Zheng, who holds dual-citizenship in the United States and China, began working for GE in 2008 after attaining engineering degrees from M.I.T. and Northwestern Polytechnic University. He fell under suspicion from GE in 2014 when corporate security officials discovered Zheng had copied 19,000 files onto a thumb drive. They launched an investigation but were unable to uncover what the files contained.
The next year, with grant money from the Chinese government, Zheng opened his own company - Tianyi Aviation Technology Co - in Nanjing, China supplying parts for civil aviation engines.
Despite rampant red flags, GE didn't begin monitoring Zheng until last year when they discovered 400 files on his company laptop that had been encrypted by a software not in use by GE.
This theft is just the latest example of an on-going issue faced by manufacturers in the United States. Our adversaries have a demonstrated history of deriving economic benefit by stealing our country's trade secrets and intellectual property. Internal threats, like Mr Zheng, are one of the biggest risk factors for an IT breach.
You may be asking yourself, how can I identify and combat internal threats?
4 Tips to Identify and Combat Insider Threats:
Conduct thorough background checks before hiring.
- This is just a preliminary step to stifle competitors and criminals from penetrating your organization
Follow the rule of least privilege
- You need to establish checks and balances. There should not be just a single individual with sole administrative access to a system, this person would essentially have free reign over the data and could do anything they want with it.
Utilize User and Entity Behavior Analytics (UEBA) to detect user anomalies
- UEBA systems monitor human behavior and leverage powerful statistical models and algorithms to detect activity that differs from "normal" behavior. Significant anomalies may indicate an insider threat.
Take advantage of awareness training
- Awareness training is one of the most effective ways to combat internal threats. Proper education empowers your employees to speak up and report suspicious activity when they see it.
Internal threats are always a challenge to tackle, especially when employees have valid access. Security protocols must be added on in layers to help mitigate the risks.