Wednesday, December 4, 2019

If you're going to steal secrets, don't get caught redhanded

From this week's Chemical and Engineering News, the latest in the IP theft world (by Marc S. Reisch):
A federal grand jury in St. Louis has indicted former Monsanto researcher Haitao Xiang for stealing crop productivity algorithms with the intention of handing them over to a Chinese government research institute. After Xiang quit his job in June 2017, he downloaded the algorithms to a micro-SD card, according to the indictment. He then purchased a one-way ticket to China; federal officials stopped him at the airport and seized the card. If convicted, Xiang faces up to 15 years in prison and a $5 million fine on each of several espionage charges, and up to 10 years for each of several trade secret theft charges.
Important caveat: ham sandwich. I wonder how they caught him, and how they knew this was happening? It will be interesting to see what happens to Mr. Xiang. 

7 comments:

  1. I wonder if his laywer might be able to get the charges dropped by refusing a plea deal and insisting on a trial. Sometimes the government doesn't want to reveal how they gathered evidence in cases like this.

    ReplyDelete
    Replies
    1. They've had more than two years - they might have found alternative evidence sources to avoid revealing their initial sources (if they can). I wonder if they would have brought the charges if they couldn't hide their sources, particularly if they obtained the evidence either through counterespionage or communications security methods.

      Delete
    2. Simple - most people will take a deal for a few years when they're being threatened with decades of imprisonment. They can bluff and usually not get called out on it.

      Delete
  2. I would be interested to know how they detected it though - I assume that once he talked to the Chinese government agency, they would provide him with some sort of secure contact method. On the other hand, I don't need to know, and if it's effective, they probably won't tell (as above).

    ReplyDelete
  3. While we're speculating on how the feds caught him - it would not be difficult for DuPont IT staff to observe file transfers by a former employee to an external device. Chances are the company noticed it and contacted authorities...

    ReplyDelete
  4. There's entire companies built on providing surveillance solutions to employers and in the United States, there's no expectation of privacy for anything occurring on a work network. A company like Monsanto is guaranteed to have joint government employees watching their network to protect security and economic interests of the United States.

    ReplyDelete

looks like Blogger doesn't work with anonymous comments from Chrome browsers at the moment - works in Microsoft Edge, or from Chrome with a Blogger account - sorry! CJ 3/21/20