The Justice Department unsealed an indictment last week of five Chinese military officers accused of hacking into the computer networks of American companies in order to steal trade secrets. The indictment was strongly worded but also “almost certainly symbolic,” as the New York Timesput it; the Chinese government isn’t likely to turn over the accused hackers, especially since China’s state-owned companies are the beneficiaries of the stolen information.
Chinese officials have denied everything, calling the accusations “fabricated,” and diplomats have called the U.S. “hypocritical” because of what we all now know of the scope of American spying overseas. It is easy to read this indictment as an attempt by the Obama administration to change the subject, and to make a distinction between spying for national security and spying for mere profit (though the U.S. does that, too). But the White House hasn’t been subtle in recent years in their condemnation of cyber crime and their promises to crack down on it.
In 2009, President Obama said that cyber criminals had stolen an estimated $1 trillion worth of intellectual property from businesses worldwide in the previous year alone. An FBI official said last year that his department’s economic espionage arrests had doubled since 2008.
“It is cheaper to bribe an employee of an organization to steal intelligence than to invest years of research and billions of dollars in manufacture.”
If the sprawling and provocative Chinese spying case announced last week is one extreme, then the other is a second announcement that the Justice Department made around the same time. The guilty plea of Ariel Manuel Freidler, 36, of Arlington, Virginia, for violations of the Computer Fraud and Abuse Act got less attention, not surprisingly.
Friedler was the president and CEO of a software company called Symplicity that caters mainly to college career services departments. He and the CTO both resigned from the company and entered guilty pleas when a federal investigation revealed that they had hacked into two competitor’s networks over several years in order to gain “an unfair business advantage.” They apparently decrypted former customers’ passwords, and then used them to log into the customer section of competitor company websites to see what they could learn. They stole customer contact information while cloaking their own IP address by using Tor.
This case and the companies involved in it might seem like small potatoes, but the feds seem to see no reason to take the crime lightly. “We are committed to working with our law enforcement partners to protect American businesses from intellectual property theft, whether the threat comes from an international or domestic source,” said U.S. Attorney Dana Boente. “This case should send a clear message: We will aggressively prosecute criminals who attempt to steal confidential business information while hiding behind a cloak of anonymity.”
Thanks to advances in technology, stealing trade secrets by hacking into networks (or hiring someone to do it for you) may be easier and more common than it was previously—but the old-fashioned documents-stuffed-into-a-briefcase option remains a threat as well. In 2007, U.S. Customs randomly stopped and searched a woman who was about to board a flight from Chicago to Beijing. The woman was Hanjuan Jin, a software engineer who had been recruited by a Chinese company to leave her job at Motorola. Inside her carry-on bags were $30,000 in cash and a stack of documents with technical information in them, marked “confidential.”
Phone-tapping and dumpster diving are also tried and true methods of stealing competitors’ secrets. In 2001, Procter & Gamble admitted that it had sent people to pull Unilever’s shredded documents containing shampoo industry research out of a dumpster and piece them back together again. Oracle’s Larry Ellison hired a private detective to dig up secrets about Microsoft. The detective’s tactics apparently involved bribing the cleaning staff of a Microsoft-backed trade organization to steal whatever secret documents about its rival that they could find in the trash there.
Social scientists have looked into the various motivations for corporate espionage, but the motivations aren’t hard to imagine. A Business Information Review article published last year made the obvious but important point that “it is cheaper to bribe an employee of an organization to steal intelligence than to invest years of research and billions of dollars in manufacture.” The article cited psychological studies that showed that employees will be most vulnerable to being bribed into spying or stealing for sneaky competitors when they are offered large sums of money, and when their personal and professional egos are flattered, when they feel that their work is being undervalued by their current employers. (Or when they’re being blackmailed, of course.)
But you don’t need grant-funded research projects to tell you that people sometimes steal because they’re greedy, or for the power trip, or that people can sometimes be coerced into doing things they aren’t proud of when placed in difficult circumstances. The reasons are simple—which Symplicity’s former CEO Ariel Friedler will confirm. “Put simply, I let my competitiveness get the best of me and I crossed a line,” Freidler wrote in a letter to customers last Monday after he resigned. “I wanted to see what my competitors’ products looked like but I did it in a way that was just plain wrong.”