Preventing cyber thefts poses hard challenge for companies - The Buffalo News
print logo

Preventing cyber thefts poses hard challenge for companies

In the eyes of the Navy and Air Force, there’s a pioneering technology emerging from a small, little known company in Amherst.

If things go well, Sprung-brett’s research could lead to motors that operate silently, or close to it, an advancement that could prove vital to the next generation of nuclear submarines and jet fighters.

The company, which has spent years and an estimated $10 million on developing the technology, now finds itself with a new obstacle in its path – allegations that a former employee stole trade secrets.

And to hear investigators talk, he did it by accessing files in a Sprung-brett laptop.

Yi Liu, a 40-year old mechanical engineer from South Carolina, is accused of cyber intellectual property theft in what is believed to be the first case of its kind in the region.

“It’s stealing, sophisticated stealing, but it’s still stealing,” said Assistant U.S. Attorney Anthony M. Bruce.

The government’s prosecution of Liu is part of larger national effort aimed at curbing cyber thefts and protecting the economy and national security.

More and more, companies are learning that with the rise in digital technologies comes an increase in potential threats, especially among employees.

And it’s not just insiders who do the stealing. In some cases, the thieves are anonymous overseas hackers.

“The borders for a company are very porous,” said Daniel Castro, senior analyst at the Information Technology and Innovation Foundation, a Washington, D.C., think tank. “And some companies are simply not doing enough to protect against these threats.”

That is starting to change, in part because of a series of high-profile cyber attacks against U.S. businesses.

The economic impact of those attacks, some by hackers operating half way around the world, has been hard to measure, but one recent report put the damage at $300 billion a year.

Jon Huntsman, former U.S. Ambassador to China and one of the authors of the report, said the “hemorrhage of intellectual property – our most important international competitive advantage – is a national crisis.”

And in his eyes, nearly every sector of the economy has felt the brunt of massive theft and counterfeiting.

“It all comes down to American prosperity, both our economic prosperity and our national security,” said Brian T. Boetig, special agent in charge of the FBI office in Buffalo.

Preventing intellectual property theft has been a priority of the FBI’s for years and, more and more, they find themselves tackling cases that involve computer-related thefts.

In some instances, it might involve sophisticated intrusions into a company’s server.

In other cases, it might be as a simple as walking away with a laptop full of trade secrets, which is the allegation against Liu.

“Companies have to protect their equipment,” said U.S. Attorney William J. Hochul Jr. “There is a continuum of threats facing businesses that store information or intellectual property on a computer.”

When most people think of cyber thefts, they think of Bradley Manning or Edward Snowden.

The allegations against Liu don’t come close to the magnitude of those cases, either in terms of content or consequences, but experts say they do share a common thread: the threat posed by insiders.

“The insider attack is something that can’t be ignored by businesses or government,” said David Murray, an associate professor in the University at Buffalo School of Management’s Department of Management Science and Systems.

Murray says businesses, by their very nature, are required to trust employees with proprietary information.

And if they’re not careful, he said, they open themselves up to theft.

Underestimating security

He pointed to a recent survey of 500 private and public sector executives and security experts that found companies underestimating the severity of the cyber threats they face.

In Murray’s eyes, the answer is not just enhanced security programs and processes, it’s employee hiring, training and awareness.

And even then, it’s difficult to ensure your trade secrets are 100 percent protected.

“Some of these things are very difficult to stop,” Murray said.

Castro agrees and says the Liu case is significant because of what it says about the fact and fiction of cyber thefts.

Despite widespread media attention given to hackers from China, Romania and Russia, the risk they pose to businesses takes a backseat to the threat posed by a company’s own workers.

“Insider threats are the number one threat most companies face,” Castro said.

Michael K. Brewster, director of research at Sprung-brett, said he could not comment on the Liu case, but he was quick to suggest that no amount of security infrastructure can prevent insider thefts.

To make his point, he cites the National Security Agency and its inability to stop Snowden from stealing classified information.

“When the NSA captures Snowden, come talk to me because I do a better job,” Brewster said.

In short, if the NSA can’t protect itself, who can?

Liu in custody

Unlike Snowden, Liu is in custody. He was arrested by FBI agents in South Carolina last month and was subsequently indicted by a grand jury in Buffalo.

His defense attorney, during Liu’s arraignment last week, wondered aloud why the government is pursuing criminal charges in what should be a civil matter between Sprung-brett and his client.

“I wonder why this one company was able to get the FBI to become a stalking horse for them,” said Mark J. Mahoney, one of Liu’s defense lawyers.

Mahoney said its not uncommon for certain employees to leave a company and take information they worked on with them.

He also noted what he called a lack of proof that Liu tried to profit from the trade secrets.

“There’s no evidence of him trying to sell anything,” Mahoney said.

In court papers outlining the seven felony charges against him, the government claims Liu tried to give the information he stole to other companies and that his motivation was a “much higher paying position.”

Prosecutors say Liu left Sprung-brett in early 2011 and took its laptop with him.

For seven months, he resisted the company’s efforts to get the laptop back before finally relenting in late September, they said.

But that didn’t stop Liu, who a few months later, according to court papers, divulged the company’s trade secrets to an individual planning to meet with a Canadian software company.

Bruce, the prosecutor handling the case, says it’s clear now that Liu downloaded the trade secrets onto another computer.

He said a forensic examination of the original laptop also revealed that Liu had accessed files and folders with proprietary information after he left the company.

Those same files and folders were later found on his computer, the prosecutor said.

For Bruce, the Liu case is a reminder of the risks companies face when they entrust their employees with trade secrets.

“Businesses will sometimes pour millions into a project,” he said, “and if they’re not careful, that project can walk out the door.”


There are no comments - be the first to comment