By Jeff Ferry, CPA Research Director
Industrial espionage has been going on for centuries, but experts agree China’s espionage campaign is on a different scale from anything we’ve seen in history.
It has been going on at least since the 1990s and there is no sign it is letting up. Targets include an incredibly broad range of US companies, embracing civilian as well as military technology, with a special focus on the telecom and Internet sector. In 2009, National Security Agency Director General Keith Alexander called Chinese IP theft “the greatest transfer of wealth in history.” He put the value of cyber-theft of US trade secrets and intellectual property (IP) at a stunning $250 billion a year and called it “our future disappearing in front of us.”
Rather than describe general trends (such as Chinese military officers whose job consists of hacking American companies from 9 to 5 daily, 5 days a week), we thought it would be more evocative to describe ten of the most flagrant cases of IP theft. They range across many industries. What they have in common is that these cases involve gains for Chinese companies—even when the industrial spies are caught and imprisoned. For the US victim companies, they involve loss of markets, loss of jobs, and even loss of life.
1. The Wind Turbine Case
A decade ago, American Superconductor Corporation (AMSC) was a high-tech, high-growth software success story. Spun out of MIT and headquartered in Ayer, Massachusetts, AMSC developed world-class technology for software to control the wind turbines.
In 2005, the Chinese government made wind power and large-scale wind farms a key strategic objective for China. AMSC partnered with a Chinese maker of the wind turbine hardware, Sinovel, to sell into the Chinese market. AMSC sales rose rapidly into the hundreds of millions of dollars. In 2011, AMSC discovered that Sinovel had an illegal copy of the entire AMSC software code on one of their windmills. AMSC launched an investigation and found that a Serbian engineer working at their Austrian development facility, Dejan Karabasevic, had stolen the full software code and turned it over to Sinovel. An investigation by the Austrian police found that Karabasevic had agreed to provide the software in exchange for $1.7 million in cash, an apartment, and the services of call girls. Karabasevic was convicted and served a year in an Austrian prison.
In 2011, AMSC filed the largest-ever IP theft case in a Chinese court, seeking $1.2 billion compensation for their losses. Sinovel cancelled all its business with AMSC and refused to pay the $800 million it owed AMSC. As a result, AMSC had to lay off 600 employees at its Massachusetts headquarters (over 60% of its workforce), its stock market capitalization fell by half, and the company went into survival mode. The China case has gone nowhere. However, the US government filed a criminal case in 2013 charging Sinovel, two Chinese Sinovel executives, and Karabasevic with charges including conspiracy to commit trade secret theft. In 2018, the company and three individuals were convicted. But all are out of the reach of US justice.
Today, Sinovel still uses stolen AMSC software to power its wind turbines. It is the world’s number two, and China’s number one, provider of wind turbines. AMSC estimates that 20% of the wind turbines deployed in China today use illegal AMSC software.
2. The Oreo White Case
In 2014, federal prosecutors launched an industrial espionage case by showing the jury an Oreo, the famous Nabisco cookie. The white Oreo cream filling uses the chemical titanium dioxide (TiO2) to achieve that brilliant white color. Automotive paint and hundreds of other industrial products use TiO2, making it a highly valuable chemical. American manufacturer Dupont has long had a world-leading proprietary multi-stage process for producing titanium dioxide. In 2012, chemical engineer Walter Liew was charged with secretly conspiring to steal Dupont technology over the course of 14 years for the benefit of Chinese chemical manufacturers.
According to a detailed reportin Bloomberg Business Week, in 1991, Liew met senior Chinese Communist Party official Luo Gan, who thanked him for being a “patriotic overseas Chinese” and began to send him “directives” describing China’s industrial aims. Liew was born in Malaysia of Chinese parentage, moved to the US to study at University of Oklahoma in the early 1980s, and became a US citizen in the 1990s. According to federal prosecutors, “with Mr. Luo’s directives to Mr. Liew, so began a 20-year course of conduct of lying, cheating, and stealing.”
In 1997, Liew found two retired disgruntled American Dupont engineers, Tim Spitler and Robert Maegerle. He won their confidence through charm and gifts. They provided him with information, sketches, and blueprints of Dupont’s titanium dioxide facilities and processes. In 2004, Liew used this information to win a series of contracts totaling $28 million from China’s Pangang Group to build a TiO2 production facility.
In 2012, Dupont found out about Liew’s activities and called the FBI. The conspirators were arrested. In his interrogation, Tim Spitler admitted to receiving a $15,000 payment from Liew. Shortly after, he committed suicide. In 2014, Liew was convicted and sentenced to 15 years for economic espionage, possession of trade secrets, and tax fraud. Maegerle got two and a half years for conspiring to sell trade secrets. Liew’s wife Christina got probation for evidence tampering.
3. The Motorola Case
On February 28, 2007, a Motorola engineer named Hanjuan Jin was stopped by customs agents at O’Hare Airport. They searched her and found she had $30,000 in cash, a carry-on bag full of Motorola documents marked “confidential and proprietary,” and a one-way ticket for Beijing. She was arrested.
Jin was a successful engineer working on Motorola’s cellular technology at a time when Motorola was one of the world’s top wireless companies (and a substantial supplier to the Pentagon). Investigations revealed that after eight years with Motorola, Jin had in 2006 taken medical leave, gone to China, and in violation of the terms of her Motorola employment, pursued a job with Sun Kaisens, a Chinese telecom company that does work for the Chinese military. In 2007, she returned to Chicago and resumed work briefly for Motorola, during which time she was seen leaving the office with shopping bags full of documents in the evenings. Born in China, Jin had gone to the US where she received a master’s degree in physics from Notre Dame, and obtained US citizenship.
In 2012, she was sentenced to four years in prison and a fine of $20,000. At the trial, the judge said: “The most important thing this country can do is protect its trade secrets.”
4. The Iowa Seed Corn Case
In 2014, six Chinese nationals were arrested for attempting to steal genetically modified corn seeds from Dupont and Monsanto experimental farms in Iowa. The conspirators were employed by Chinese conglomerate DBN and its corn seed subsidiary, Kings Nower Seed. The Chinese government puts a high priority on agricultural development to feed its large and growing population.
One of the six conspirators, Mo Yun, was the wife of the founder of DBN, and a second, Mo Hailong aka Robert Mo, was her brother. The US prosecutors charged the conspirators with stealing samples of the “parent” seeds that produced the genetically modified seeds and attempting to smuggle them to China, including one attempt that involved hiding the seeds in a bag of microwave popcorn. Monsanto said it has spent billions of dollars developing advanced corn seed.
In 2016, Mo Hailong was sentenced to 36 months in federal prison. The government also confiscated two farms, one in Iowa and the other in Illinois, purchased by the conspirators. It’s unclear what happened to the other five conspirators.
5. The Tappy the Robot Case
When a telecom company allows engineers from its suppliers into its carefully guarded testing labs, those engineers are expected to obey all the rules laid down by their customer. Two engineers from Chinese supplier Huawei used a 2014 visit to T-Mobile’s labs in Seattle to steal information and even a piece of confidential T-Mobile equipment, Tappy the Robot. T-Mobile used Tappy’s fast-moving fingers to test the performance of the smartphones it sold. Not only did they take photos of Tappy, the Huawei engineers stole one of his fingertips.
Huawei apologized and said it fired the two engineers. However T-Mobile pursued its case and in 2017 a Seattle jurydecidedthat Huawei misappropriated T-Mobile trade secrets and awarded the wireless operator damages of $4.8 million.
Huawei has a long track record in intellectual property theft. In 2004 Cisco Systems, the market leader in routers, took Huawei to court for stealing its core router software code and using it in Huawei routers. The case was settled confidentially. More recently, when Huawei public statements claimed that the 2004 case did not involve stolen Cisco code, Cisco in 2012 replied by describing the essence of their original complaint this way: “this litigation involved allegations by Cisco of direct, verbatim copying of our source code, to say nothing of our command line interface, our help screens, our copyrighted manuals and other elements of our products.” Routers are the core hardware technology at the heart of the Internet. Huawei routers, widely used in China and Europe, have played a key role in Huawei’s growth into a $95 billion global telecom equipment giant.
6. The CLIFBAW case
In 2015, the federal government charged six Chinese citizens with stealing wireless communications technology from two Silicon Valley microchip makers, Avago and Skyworks, and launching their own company to sell that technology in China. (Avago is now known as Broadcom.)
According to the indictment, after leaving their employers and taking the stolen technology, one of the six co-conspirators was so cocky that he suggested in an email to his partners that they should name their new company CLIFBAW for “China Lifts Bulk Acoustic Wave.” One of the other co-conspirators wrote in an email: “My work is to make every possible effort to find out about the process’s every possible detail and copy directly to China.”
The six alleged IP thieves were former employees of the two American chipmakers. Three of them had met studying electrical engineering at USC in Los Angeles. The technology they stole, thin-film bulk acoustic wave resonator technology, is used to clean up wireless signals, allowing cellular phone service to work better at greater distances from cell towers. It’s a critical piece of successful wireless systems.
One of the accused, Zhang Hao, was arrested at LA Airport in 2015 and spent eight weeks in Santa Clara jail. As of a 2016 report, he was fighting the case in a federal court in San Jose.
According to the federal government, Avago spent 20 years and $50 million developing this technology. Avago only learned about the theft in 2011, at least four years after the six thieves started seeking backing from Chinese universities for their new business.
7. The Allen Ho TVA/Nuclear Power case
In August 2017, Taiwanese-American engineer Allen Ho was sentenced to two years in prison for providing nuclear energy technology information to China’s state-owned China General Nuclear Power Company (CGNPC). According to the indictment, Ho, a naturalized American citizen, used his company Energy Technology International, which was based at his home in Wilmington, Delaware, to gather information on the production of nuclear material from American nuclear power developers including the Tennessee Valley Authority and pass that information to the CGNPC. Ho engaged in these activities between 1997 and 2016, through his own efforts and that of unnamed consultants he hired.
8. The File Storage and China National Health case
According to a May 2017 Department of Justice press release, Chinese spy Xu Jiaqiang stole data storage technology from a US storage technology company for the benefit of China’s health system, the National Health and Family Planning Commission. He then communicated with two undercover FBI agents and offered to sell them the so-called clustered file storage technology from the unnamed victim company. He explained to the undercover cops how to set up a network of servers and uploaded the proprietary storage software onto the servers. He offered to show them how to edit the software to eliminate any trace of the name of the victim company from the screen prompts. At a meeting in a hotel room on Dec. 7, 2015, Xu showed the undercover cops the proprietary software on his laptop and boasted of multiple other “customers” to whom he had provided the stolen software. He was arrested.
In 2017, Xu pleaded guilty to three counts of economic espionage. In January 2018, Xu was sentenced to five years in prison. “Xu, a Chinese national, is being held accountable for engaging in economic espionage against an American company,” said Acting Assistant Attorney General Dana Boente. “Xu not only stole high tech trade secrets from his U.S. employer – a federal crime – he did so both for his own profit and intending to benefit the Chinese government.”
9. The Unit 61398 Case
In May 2014, federal prosecutors charged five members of the People’s Liberation Army (PLA) of China with cyberhacking their way into the confidential computer files of four US companies and one labor union. The five military men were allegedly members of Unit 61398, a unit of the PLA dedicated to cyberhacking. The companies that were hacked included aluminum producer Alcoa, nuclear power plant producer Westinghouse, solar cell manufacturer SolarWorld, Allegheny Technologies Inc., and labor union United Steel Workers. SolarWorld said that a key proprietary technology for making solar cells more efficient was stolen in this hack and turned over to a Chinese competitor.
Attorney General Eric Holder said the case was “the first ever charges against a state actor for this type of hacking…The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response.”
Since none of the PLA hackers were in the US, the indictment was not followed by trial. One cyber-sleuth has said that after the exposure of Unit 61398, China moved its dedicated cyber-hacking unit out of the PLA and into a division of Chinese intelligence.
10. The Great Firewall Case
The Great Wall of China was built to keep out invaders. The so-called Great Firewall is a network of software tools China uses to control what Internet information and websites Chinese citizens have access to. You would think that if a totalitarian Communist nation wanted to control what its citizens could see and read, it would carefully construct its own software.
But even here, China enjoys stealing American IP. In 2009, Solid Oak Software of California announced that parts of China’s Green Dam-Youth Escort software, which China required be loaded onto every PC sold in China to control access to pornography and other sites deemed unsuitable by the government was actually stolen directly from Solid Oak source code.
According to Solid Oak CEO Brian Milgrim, days after he announced his intent to sue Green Dam for stealing source code, unknown hackers began attacking the Solid Oak computer network with denial-of-service attacks, forcing the Solid Oak team to abandon their own network and use Dropbox to exchange files. “It felt like they had a plan…if they could just put the company out of business, the lawsuit goes away. They didn’t need guys with guns or someone to break my kneecaps,” Milgrim told Bloomberg News. After three years of litigation, the case was settled out of court and the cyberattacks stopped as mysteriously as they had begun.