Chinese spies covet Cincinnati's corporate secrets — was October arrest an isolated incident?

US Attorney: 'China is a big threat'
Posted at 5:00 AM, Feb 25, 2019

CINCINNATI — To anyone who was startled when an alleged Chinese spy who targeted GE Aviation was arrested in October, here’s an even more alarming fact: It wasn’t an isolated incident.

Cincinnati companies are regular targets of Chinese spies, hackers, counterfeiters and business partners, the I-Team learned from court documents, government records and interviews with business and federal law enforcement officials.

“Economic espionage is a very significant threat,” said Benjamin Glassman, U.S. Attorney for the Southern District of Ohio. “It could cost people their jobs. It could destroy companies. With the destruction of companies comes the destruction of communities and really a radically different place for the United States in the world.”

Cincinnati’s FBI office is actively investigating multiple cyber attacks involving local companies. Special Agent in Charge Todd Wickerham said the threat to local companies is growing, although he wouldn’t provide numbers.

“China and other threat countries, as we call them, are a very large threat to the economic well-being of this region,” Wickerham said. “Any company that has intellectual property that they’ve put many years and millions if not billions of dollars in developing should be very concerned that there’s a national effort on behalf of China and other countries to take what they have done.”

The Justice Department is getting increasingly aggressive in its pursuit of trade-secret thefts originating in China, with a high-profile indictment unsealed in January against telecom giant Huawei and a series of cybertheft indictments against state-sponsored hackers and Chinese intelligence officers.

But it was a case that originated in Cincinnati that led to what might be the most significant arrest to date. Yanjun Xu, who was captured in Belgium last April and is now housed in a federal prison in Michigan, is believed to be the first Chinese intelligence officer to be extradited to the U.S. for prosecution.

“This is showing that this is something not just the United States is concerned about but really there’s much more interest globally and the United States has been working with its allies to try to combat this threat,” said Scott Stewart, a former State Department special agent who now works as vice president of technical analysis at Stratfor. “I think the case is significant.”

How often was GE targeted?
Glassman said the case is “a model for how companies and the federal government can work together to thwart attempted economic espionage.” He said the FBI opened its investigation sometime after June 2, 2017, when an engineer from GE Aviation made a presentation about the structural design of engines at the Nanjing University of Aeronautics and Astronomics.

An FBI affidavit that WCPO obtained said the engineer traveled to China with proprietary documents about the use of composite materials in jet engines. Composite technology is a huge competitive advantage for GE because it results in lighter, more fuel-efficient engines that dominate the industry.

The FBI affidavit said the engineer, who has not been charged, did not tell his GE bosses about his university presentation or the records he brought to China. But after returning to the U.S., he cooperated with federal investigators to arrange a meeting with Xu in Europe. Belgian authorities arrested Xu on April Fool’s Day, 2018.

“There’s no doubt that Xu would not have gone to Belgium but for his communication with that engineer,” Glassman said.

The Xu case would make “a great movie or book someday,” Wickerham added. “Cincinnati agents did this entire investigation from the beginning with lots of help from other divisions … it’s a great story (about) great cooperation but it’s not done yet so we can’t really talk about it.”

Wickerham also declined to comment on apparent connections between the Xu case and two other corporate espionage cases that federal prosecutors disclosed last fall.

In September, a 27-year-old Chinese National was arrested in Illinois for allegedly gathering biographical information for a Chinese intelligence officer. Ji Chaoqun allegedly compiled non-classified information on eight people from Taiwan or China who were working as engineers or scientists in the U.S. and were identified as “possible recruits” by the Jiangsu Province Ministry of State Security. Xu is the deputy division director of that MSS office, according to his Cincinnati indictment.

In October, federal prosecutors in San Diego announced indictments against two Chinese intelligence officers, six of their paid hackers and two agents who were allegedly embedded in a French aerospace company with an office in Suzhou, China. The indictment doesn’t name the companies but alleges the group sought trade secrets on a turbofan engine that the French company developed with a U.S. aerospace company based in Massachusetts. Boston-based GE produces turbofan engines in a joint venture with Safran, a French aerospace firm with a Suzhou office. Neither company would comment on the case.

How broad is the threat?
Increasing awareness about Chinese corporate espionage coincides with rising trade tensions between the U.S. and China. The I-Team found details about local and national cases in government records, court documents, published reports and interviews with company executives.

In 2018, the cyber security firm FireEye Inc. documented a decline in Chinese state-sponsored operations aimed at stealing intellectual property directly from U.S. companies. But it also saw an increase in the number of attacks that “resulted in the theft of business information such as bid prices, contracts and information related to mergers and acquisitions.”

FireEye said Chinese hackers targeted cloud-computing and telecom providers to “allow Beijing to collect intelligence on a broad group of targets in a manner that is less likely to be detected.”

A report that the cybersecurity firm McAfee and the Washington, D.C.-based Center for Strategic and International Studies released in February 2018 said cyber attacks cost the global economy up to $600 billion a year.

“CSIS believes that three countries—Russia, North Korea, and Iran—are the most active in hacking financial institutions," according to the report. "China remains the most active in espionage. Iran’s goals are coercive effect, as evidenced by the Iranian distributed denial-of-service (DDoS) attack on leading US banks.”

Cincinnati’s Fifth Third Bank wouldn’t give details on the parts the globe where it faces the biggest threats. But it maintains a staff of about 150 employees and contractors to guard against those perils.

“The internet connects us as much as it connects the rest of the world,” said Brian Minick, chief information security officer for Fifth Third Bank. “Cincinnati is no way in less of a risky situation or position than a company in Silicon Valley.”

Symmes Township-based Worldpay Inc. employs more than 300 specialists in IT security. The world’s largest payment processor “puts a lot of investment into encryption” technology that would render credit and debit card data useless if it’s stolen, said James Black, chief information officer for Worldpay.

“Our duty is to protect the client data,” Black said. “We put a lot of investment into networking perimeter technologies to make sure we can survive denial of service type attacks.”

At Procter & Gamble Co., the biggest threat from China might be counterfeiting. Associate General Counsel Shelley Duggan told a Senate Judiciary Committee hearing in 2016 that counterfeit merchandise "encroaches upon P&G's market share, suppresses profitability, hinders business growth and hurts the equity of our brands." Duggan further stated: "Most P&G counterfeits are produced in China and then exported to other markets."

The Counterfeit Report, a consumer watchdog that tracks fake merchandise globally, said in January that P&G has helped to identify nearly 50 factories that produced counterfeit Tide-branded laundry detergent.

“Consumers should know that Tide is NOT sold in 5-gallon buckets,” said the Jan. 19 product alert. “Dishonest sellers buy the fake Tide 5-gallon bucket for around $5, and resell it to unsuspecting consumers for $25 to $40 from internet ads or on the street. Risk is low and profit is high.”

The Counterfeit report has also issued fake-product alerts for Oral-B replacement toothbrush heads and Gillette’s Fusion, Mach 3 and Sensor Excel razors.

China’s version of has been instrumental in the growth of the global counterfeit trade. Although Alibaba claims to have spent millions to prevent counterfeiting, the Office of the U.S. Trade Representative concluded in 2017 that "relatively high numbers of counterfeiters" selling merchandise on Alibaba sites "continue to be a challenge for many U.S. brands."

Another threat involves the business relationships that are often required for U.S. companies to do business in China, including distribution agreements and manufacturing partnerships that sometimes expose trade secrets.

Mason-based Atricure Inc. sued its former Chinese partner in January, accusing Beijing ZenoMed Scientific Co. of “developing counterfeit competitive devices” to its “Isolator System” for treating the irregular heartbeat condition atrial fibrillation.

Atricure makes medical devices to treat atrial fibrillation

The Jan. 22 complaint, filed in U.S. District Court in Cincinnati, alleges “the primary wrongdoers” were ZenoMed’s president, Dr. Jian “Larry” Meng, and its former director of research and development, Dr. Guanglu Bai. AtriCure alleges the men formed a separate company to produce “knock off” versions of Atricure’s surgical device that are “inferior and dangerous” when used in surgery.

“Not only has defendants’ conduct brazenly violated AtriCure’s legal rights, but it also poses a significant public health risk,” the complaint states.

"The complaint is not accurate," said Dan Donnellon, a Dayton attorney who represents Dr. Meng. "They intend to defend it vigorously and expect to be fully vindicated."

The FBI wouldn’t say whether it is investigating Atricure’s allegations, but its top local agent said it’s “definitely be something we would investigate” if presented with the right evidence.

“To have a knock-off medical device that’s supposed to make you better, keep you well, if that’s not manufactured to rigorous standards … we’d be very concerned,” Wickerham said. “And we would initiate an investigation if we found those in our markets.”

What can companies do?
Beyond those companies in which specific threats have been publicly disclosed, Cincinnati has troves of corporate secrets that align with China’s stated goal of acquiring cutting edge technology in 10 key industries. The Made in China 2025 initiative includes specific targets for aerospace and aviation, computer-assisted manufacturing, biomedical innovations and next-generation information technology, all of which can be found in Cincinnati.

Todd Wickerham, special agent in charge of Cincinnati's FBI office

“The way the Chinese do this is really the long game,” Wickerham said. “It is a concerted national effort to increase their economic viability in order to raise themselves up. And they do it in many different ways.”

China is one reason the Cincinnati chapter of InfraGard has over 400 members. InfraGard is an alliance started by the Cleveland FBI office about 20 years ago. Companies receive and deliver intelligence briefings on a quarterly basis to stay up to date on cyber threats, fraud, IP theft and other troubling topics.

“Just like any type of crime, it’s constantly evolving,” Wickerham said. “A big role of InfraGard is to build trusted relationships in advance of an attack and either prevent them from happening or if the attack comes to be able to quickly stop the attack from occurring and work to figure out how to stop it from ever happening again.”

Find WCPO 9 everywhere you stream!

Let the I-Team investigate
Send us your story tips today to
Or call 513-852-4999