Shawn E. Tuma

Posts Tagged ‘corporate espionage’

Shawn Tuma Discusses Government Scanning of Yahoo Emails on WHDT World News

In Cyber Generally, Cybersecurity Law, Media, Privacy on October 25, 2016 at 5:30 am


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

What You Need to Know About Protecting Trade Secrets Under State and Federal Law

In Trade Secrets on June 21, 2016 at 11:13 am

A few years ago Texas joined most other states and enacted its version of the Uniform Trade Secrets Act (UTSA, or Texas’ TUTSA). Recently, the federal Defend Trade Secrets Act (DTSA) became law. While there are quite a few similarities between these laws, there are also some substantial differences that you need to know to protect your businesses’ trade secrets.  Read the rest of this entry »

Tuma Discusses Hack of DNC Trump Research (Radio Interviews)

In Computer Fraud, Cyber Espionage, Cyber Generally on June 18, 2016 at 11:14 am

On Wednesday, June 15, 2016 and Thursday, June 16, 2016, Shawn Tuma was a guest on several radio stations to discuss the hacking attack on the Democratic National Committee in which the hackers obtained the DNC’s opposition research on Donald Trump. Here is the audio from some of the interviews:

Read the rest of this entry »

FBI Director Talks Cyber Espionage: Chinese Like “Drunk Burglar”

In Computer Fraud, Cyber Espionage, Cybersecurity Law, Digital Information Law on October 7, 2014 at 6:55 am


“[T]here are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese” -FBI Director

The pervasive threat that cyber espionage poses to American business is not a new topic on this blog — we have been talking about it for a few years. But you do not have to take my word for it; there is a “higher authority” on the subject. No, not that high! But the Director of the FBI is pretty high.

Here is the transcript of what FBI Director James Comey had to say about the Chinese cyber espionage efforts. If you follow the link at the bottom, you can watch the video of his interview:

“What countries are attacking the United States as we sit here in cyberspace?”

“Well, I don’t want to give you a complete list. But the top of the list is the Chinese. As we have demonstrated with the charges we brought earlier this year against five members of the People’s Liberation Army. They are extremely aggressive and widespread in their efforts to break into American systems to steal information that would benefit their industry,” said FBI director Comey.

“What are they trying to get?”

“Information that’s useful to them so they don’t have to invent. They can copy or steal to learn about how a company might approach negotiations with a Chinese company, all manner of things,” said Comey.

“How many hits from China do we take in a day?”

“Many, many, many. I mean, there are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese,” said Comey.

“The Chinese are that good?”

“Actually,” the FBI director replied, “not that good. I liken them a bit to a drunk burglar. They’re kicking in the front door, knocking over the vase, while they’re walking out with your television set. They’re just prolific. Their strategy seems to be: We’ll just be everywhere all the time. And there’s no way they can stop us.”

via FBI Director: Chinese Like ‘Drunk Burglar’ | The Weekly Standard.


What is Corporate Espionage, Industrial Espionage, Cyber Espionage, and Economic Espionage? The DOJ Explains …

In Cyber Espionage, Digital Information Law on May 20, 2014 at 9:48 am
Cyber Espionage - fact or fiction?

Cyber Espionage – fact or fiction?

What is Cyber Espionage?

Corporate espionage, industrial espionage, and cyber espionage all generally mean the same thing: (1) intentionally targeting or acquiring trade secrets of companies to benefit any foreign government, foreign instrumentality, or foreign agent, (FBI) which means, in simpler terms, (2) espionage conducted to gain a commercial advantage (Wikipedia).

What is this not? This is not espionage to gain a national security advantage — it is to gain economic advantage. Of course, it could be argued that this is a distinction without a difference as an economic advantage could certainly help on national security matters as well, but that is going down too deep into the weeds. You need to understand the distinction.

I have been writing about cyber espionage for a while,

And, I have spoken about it at seminars where many people probably thought I was making that stuff up — you know, about the big bad conspiracy by foreign governments to steal valuable intellectual property from US businesses to give their countries’ businesses a competitive advantage.

But I have to admit, it is really nice to have validation from a reputable source — the United States Department of Justice.

An Example of Cyber Espionage

This week the news is abuzz about a lawsuit brought by the United States Department of Justice in the United States District Court for the Western District of Pennsylvania against five officers of the Chinese People’s Liberation Army: Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui.

The Indictment charges the Chinese officers with six offenses:

  1. Conspiring to commit computer fraud and abuse (Computer Fraud and Abuse Act, 18 U.S.C. § 1030(b));
  2. Wrongful access of a protected computer for financial gain (Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2);
  3. Wrongful transmission to damage a protected computer (Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(5)(A), 1030(c)(4)(B), and 2);
  4. Aggravated identity theft (Identity Theft Act, 18 U.S.C. §§ 1028A(a)(1), (b), (c)(4), and 2);
  5. Economic espionage (Economic Espionage Act, 18 U.S.C. §§ 1831(a)(2), (a)(4), and 2); and
  6. Trade secret theft (Trade Secrets Act, 18 U.S.C. §§ 1832(a)(2), (a)(4), and 2).

The Indictment, based off of an FBI investigation, alleges that from 2006 to 2014 the officers actions targeted six US companies (Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.) with hacking into the computer systems of the companies and engaging in the following conduct (see DOJ Summary):


In 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with a Chinese SOE (SOE-1), including technology transfers, Sun stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within the AP1000 plant buildings.

Additionally, in 2010 and 2011, while Westinghouse was exploring other business ventures with SOE-1, Sun stole sensitive, non-public, and deliberative e-mails belonging to senior decision-makers responsible for Westinghouse’s business relationship with SOE-1.


In 2012, at about the same time the Commerce Department found that Chinese solar product manufacturers had “dumped” products into U.S. markets at prices below fair value, Wen and at least one other, unidentified co-conspirator stole thousands of files including information about SolarWorld’s cash flow, manufacturing metrics, production line information, costs, and privileged attorney-client communications relating to ongoing trade litigation, among other things.  Such information would have enabled a Chinese competitor to target SolarWorld’s business operations aggressively from a variety of angles.

U.S. Steel

In 2010, U.S. Steel was participating in trade cases with Chinese steel companies, including one particular state-owned enterprise (SOE-2). Shortly before the scheduled release of a preliminary determination in one such litigation, Sun sent spearphishing e-mails to U.S. Steel employees, some of whom were in a division associated with the litigation. Some of these e-mails resulted in the installation of malware on U.S. Steel computers. Three days later, Wang stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks). Wang thereafter took steps to identify and exploit vulnerable servers on that list.


In 2012, ATI was engaged in a joint venture with SOE-2, competed with SOE-2, and was involved in a trade dispute with SOE-2. In April of that year, Wen gained access to ATI’s network and stole network credentials for virtually every ATI employee.


In 2012, USW was involved in public disputes over Chinese trade practices in at least two industries. At or about the time USW issued public statements regarding those trade disputes and related legislative proposals, Wen stole e-mails from senior USW employees containing sensitive, non-public, and deliberative information about USW strategies, including strategies related to pending trade disputes. USW’s computers continued to beacon to the conspiracy’s infrastructure until at least early 2013.


About three weeks after Alcoa announced a partnership with a Chinese state-owned enterprise (SOE-3) in February 2008, Sun sent a spearphishing e-mail to Alcoa. Thereafter, in or about June 2008, unidentified individuals stole thousands of e-mail messages and attachments from Alcoa’s computers, including internal discussions concerning that transaction.

Does Your Business Have Trade Secrets?

If your business has trade secrets (and it does), you must protect them. To do this you need to take affirmative steps to identify those trade secrets and implement policies and procedures to protect them from disclosure, whether intentionally or unintentionally, by insiders and outsiders alike. I have made it easy for you to get started.

All you need to do is use this free guide that I prepared to walk you through the process and, of course, feel free to let me know if you have any questions along the way: Texas Business Guide: Identifying and Protecting Trade Secrets Under the (New) Texas Uniform Trade Secrets Act

About the author

Shawn Tuma is a lawyer who is experienced in advising clients on digital business risk which includes complex digital information law and intellectual property issues. This includes things such as trade secrets litigation and misappropriation of trade secrets (under common law and the Texas Uniform Trade Secrets Act), unfair competition, and cyber crimes such as the Computer Fraud and Abuse Act; helping companies with data security issues from assessing their data security strengths and vulnerabilities, helping them implement policies and procedures for better securing their data, preparing data breach incident response plans, leading them through responses to a data breach, and litigating disputes that have arisen from data breaches. Shawn is a partner at BrittonTuma, a boutique business law firm with offices near the border of Frisco and Plano, Texas which is located minutes from the District Courts of Collin County, Texas and the Plano Court of the United States District Court, Eastern District of Texas. He represents clients in lawsuits across the Dallas / Fort Worth Metroplex including state and federal courts in Collin County, Denton County, Dallas County, and Tarrant County, which are all courts in which he regularly handles cases (as well as throughout the nation pro hac vice). Tuma regularly serves as a consultant to other lawyers on issues within his area of expertise and also serves as local counsel for attorneys with cases in the District Courts of Collin County, Texas, the United States District Court, Eastern District of Texas, and the United States District Court, Northern District of Texas.

%d bloggers like this: