The FBI has warned that employees of Big Tech firms in Silicon Valley are being coerced by countries like China and Russia into stealing information about their employers or sharing their login credentials.
The threat of intellectual property theft and economic espionage is a real one that experts like FBI Special Agent Nick Shenkin have become all too aware of in recent years. In one of Shenkin’s cases, agents of the Chinese government actually threatened to deny dialysis to the mother of an employee of a large hardware and software company at her home in China if he did not steal proprietary information from his employer.
Speaking to Protocol, Shenkin explained how he has been warning startups, tech industry groups, academics and venture firms that could be of interest to foreign actors about the subtle ways that these countries are getting their hands on intellectual property. The FBI has even developed framework known as the Delta Protocol to distribute to startups with advice on protecting themselves.
With these hackings now hitting the headlines regularly, more and more companies are becoming aware that the threat is real and are showing an interest in taking steps to avoid this problem. According to the U.S. government, the losses from Chinese intellectual property theft are hundreds of billions of dollars per year, and FBI Director Christopher Wray said that China’s economic espionage and counterintelligence were “the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality” in a speech last year.
Shenkin says that it is not the right approach to have HR departments try to screen spies out during their hiring processes. Instead, he wants tech companies to know how they can identify vulnerabilities in their employees and protect those who are vulnerable and the company itself from allowing these weaknesses to be taken advantage of by places like China and Russia.
Family vulnerabilities often exploited
They have identified four main vulnerabilities in the FBI briefings. These are being a citizen of an autocracy, having assets in an autocracy, having family members or employees who live or work in the autocracy, and doing business with an autocracy.
According to Shenkin, the family vulnerability is the one that tends to be exploited the most. Many people do not have any desire to steal intellectual property, he says, but they are being threatened and are fearful of what could happen to their loved ones if they do not comply. And while this has led many to think that Chinese Americans may be the most vulnerable given China’s propensity for spying and the family connections that many Chinese American employees might have there, that is a narrow view that overlooks other potential vulnerabilities, such as employees who have gambling problems and may be desperate to sell inside information for money.
Some Big Tech companies already have staff who are tasked with assessing insider threats and countering them, but startups are considered to be especially vulnerable because of their size as well as the work they do on cutting-edge technologies. The FBI’s Delta Protocol recommends practices such as logging who has access to sensitive IPs and installing physical security such as self-locking doors and alarms.
It also explains how companies can identify characteristics of insider threats, covering everything from employees who could be coerced via high-risk activities they engage in to employees who simply lack loyalty and would be likely to sell information, perhaps due to unhappiness in the workplace.
This type of espionage is a quotidian problem that needs to be taken very seriously, according to Shenkin, who added: “This is a massive fundamental activity that bolsters and is one of the mainstays of many autocratic countries and their governments.”
Sources for this article include: