In addition to conventional warfare, it was recently confirmed by an arm of the Ukraine Ministry of Defense that it hacked trade secrets from a Russian state nuclear utility, and then leaked the trade secrets to a public website to harm the utility’s commercial prospects. Such “hack and leak” operations have been done before by nation-affiliated hackers to attempt to influence political activities of other nations, but this may be the first operation of this type concerning technical trade secrets during warfare. Although the economic impact from this particular operation may be difficult to gauge at this time, this hack and leak of nation state-affiliated company trade secrets may be a sign of things to come in future armed conflicts.
Continue Reading A New Battlefront: Ukraine Resistance Includes Leaks of Russian Trade Secrets

Recent United States Department of Justice (“DOJ”) indictments of Chinese hackers provide a reminder that trade secrets and other intellectual property stored on databases are attractive targets to bad actors. The DOJ announced that seven international defendants were charged in connection with computer intrusion campaigns impacting more than 100 victims in the United States and abroad.

The victims of the cyberattacks included software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments. The hacking facilitated the theft of source code, software code signing certificates, customer account data, and other valuable business information. These cyberattacks also enabled the defendants’ other criminal schemes, including ransomware attacks and “crypto-jacking” schemes, which involve the unauthorized use of victim computers to “mine” cryptocurrency.Continue Reading DOJ Indictment of Chinese Hackers for Break-Ins at 100 Companies Reinforces The Importance of Protecting Trade Secrets and Implementing Security Protections

This week, the U.S. government continued its enforcement activity against Chinese government-sponsored trade secret theft, indicting two Chinese hackers for allegedly stealing data from 25 domestic and international companies, including targeting those now researching COVID-19 testing, vaccines, and treatment. The two defendants had allegedly acquired hundreds of millions of dollars worth of trade secrets and other valuable business information across a span of nearly eleven years. This announcement follows in the wake of the indictment of Dr. Charles Lieber, a former Harvard professor, who allegedly lied about his participation in China’s “Thousand Talents Plan,” a program that has been accused of facilitating the stealing of American trade secrets. Our coverage of that indictment is here.

On Tuesday, July 21, 2020, the U.S. Department of Justice (“DOJ”) announced charges against Li Xiaoyu and Dong Jiazhi in the Eastern District of Washington, alleging that they hacked the computer networks of 13 United States and 12 international companies in industries ranging from high tech manufacturing and medical device engineering to solar energy and pharmaceuticals, all between September 2009 and July 2020.
Continue Reading DOJ Targets Chinese Hackers for Stealing United States Trade Secrets

On May 22, the Eleventh Circuit clarified trade secrets misappropriation analysis under the Florida Uniform Trade Secrets Act (“FUTSA”), strengthening the trade secret protection offered by the statute. The decision vacated a magistrate judge’s finding that the defendants had not misappropriated trade secretes following a bench trial in the Compulife Software Inc. v. Newman et al. matter (No. 18-12004). The court found error in the magistrate’s failure to “consider the several alternative varieties of misappropriation” contemplated by FUTSA and the magistrate’s reasoning that the public availability of life insurance quotes on the plaintiff’s website “automatically precluded a finding that scraping those quotes constituted misappropriation.”

“At its essence, it’s a case about high-tech corporate espionage,” Circuit Judge Kevin C. Newsom’s opinion begins. The plaintiff, Compulife Software Inc. (“Compulife”), sells access to its online database of insurance premium information, which synthesizes publicly available insurers’ rate tables using Compulife’s proprietary method and formula. Compulife also provides life insurance quotes sourced from its online database. The database itself is valuable because it consistently updates with current information about life insurers’ rate tables and allows for direct comparison across dozens of providers. Compulife licenses access to the database to its customers—primarily insurance agents who in turn seek to provide reliable insurance rate estimates to policyholders. In direct competition with Compulife, the defendants likewise generate life insurance quotes through their various websites.Continue Reading Eleventh Circuit Solidifies Protection of Trade Secrets Threatened By “High-Tech Corporate Espionage” Under Florida’s Trade Secret Law

The COVID-19 crisis has presented an array of novel issues for companies, including new and unexpected cybersecurity threats. In addition to the now well-known security limitations of video platforms such as Zoom, we are seeing cyber-attacks in the form of COVID-19 related phishing attempts and ransomware attacks. In at least some of these attempted hacks, cybercriminals are hoping to steal trade secrets.

  • Cybercriminals are taking advantage of the novel at-home working environment and the increased fear and uncertainty surrounding the pandemic to launch malware and phishing attacks related to COVID-19.
  • Employees may be more likely to click a link or open an attachment, even though they would never consider doing so in a normal situation at work.
  • Therefore, malware may pose more of a danger than it did when employees primarily accessed their email over their employers’ traditionally more protected systems.
  • Companies should consider putting employees on notice about the COVID-19 related phishing attempts and provide examples of common scams.

Continue Reading COVID-19 and the Unique Opportunity for Phishing

Companies and other organizations increasingly must face serious and complex threats to their business and infrastructure.  Whether the threat is trade secret theft, rogue insiders, cybercrime adversaries, aggressive competitors, or misconduct by business and supply chain partners, companies should remain constantly vigilant and defense ready. Adversaries, including especially cybercriminals operating exclusively in the digital domain, are often highly motivated, sophisticated, resourced, and innovative. The opaque, pervasive, and global nature of modern digital networked environments presents opportunities for criminals. The sophistication and relentless creativity of these bad actors pose significant challenges to companies and law enforcement agencies in being able to detect, assess, mitigate, attribute, and deter these threats. Because available tools and real-world practices to address these threats often outpace the law, companies are called upon to develop their own comprehensive approaches to investigate and remediate these forms of risk. In doing so, companies must be willing to assume a certain level of risk to effectively investigate and obtain sufficient insight to counter the problems.
Continue Reading Complex Threat Investigations: Tips for Investigating Trade Secret Misappropriation and Other Digital Crimes

On April 23rd, 2019, China’s Standing Committee on the National People’s Congress adopted amendments to the Anti-Unfair Competition Law, significantly strengthening China’s protection of trade secrets. The bolstering of intellectual property safeguards in China comes in advance of important trade negotiations between China and the international community, including the United States. The changes to the

Following the high-profile trade secrets litigation and settlement between Waymo and Uber in February 2018, covered previously in this blog, a defamation claim was filed by four Uber employees against Uber’s former global intelligence manager, Richard Jacobs. The case alleges that Jacobs defamed the four plaintiffs by accusing them — initially in an intra-office

Fig cookiesThe Criminal Court of Mechelen (Belgium) ruled in favor of Bofin Biscuits against a former production assistant accused of having stolen the assistant director of the cookie baker’s laptop. The laptop allegedly contained the secret recipes of all the cookies produced by Bofin Biscuits. This case is interesting because of the nature of the secrets and also when compared to that of the “fig spread”-case discussed here two weeks ago. It also confirms that trade secret misappropriation cases do not necessary only involve complex matters on state of the art technology owned by large multinationals.

The facts of the case are rather straight-forward. On November 12, 2013 the assistant-director of Bofin Biscuits noticed that his laptop had gone missing during his absence from November 6 to November 11. Images from the surveillance video system of Bofin Biscuits showed that the actual taking of the laptop had not been filmed. The camera hanging outside the assistant-director’s office did show a production assistant walking down the hallway where the office was located, entering it and leaving with something clearly hidden under his coat. During the trial the production-assistant did not contradict that he was the person that had been filmed, but he denied that he had taken the laptop. When asked what he then was hiding under his coat, he claimed not to recall anything.

For the public prosecutor this was a clear cut case and he requested the court to sentence the former production assistant to a six month effective prison sentence and a 4.800 EUR fine. Bofin Biscuits, who had joined the proceedings by suing its now ex-employee for civil injury, requested 1.500 EUR for the still missing laptop, 2.500 EUR for the time spent on recovering the information stored on the laptop, 500 EUR moral damages and a provisional damages amount of 25.000 EUR for having stolen the secret cookie recipes.Continue Reading Employee Who Stole the Cookie Recipe From the Cookie Jar Fined €1 (Yes, that’s one single Euro)

On Friday, September 9, the U.S. Chamber of Commerce urged the Obama Administration to take more action against the theft of trade secrets and other intellectual property.  The Chamber did so in response to a Request for Information issued by the National Institute of Standards and Technology (NIST), seeking industry input regarding various cybersecurity