|Cybercrime, Transnational Crime, and Intellectual Property Theft (1) |
Cybercrime, Transnational Crime, and Intellectual Property Theft (1)
Statement for the record: Neil J. Gallagher, Deputy Assistant Director, Criminal Division, Federal Bureau of Investigation, Before the Congressional Joint Economic Committee, Washington, D.C., March 24, 1998.
Good morning Chairman Saxton, Vice Chairman Mack, and Members of the Committee. I welcome this opportunity to provide insight into the Federal Bureau of Investigation's effort in the fight of economic crimes to include transnational crime.
Economic crimes affect a wide variety of industries, businesses and citizens. The theft of trade secrets has caused billions of dollars in losses and created a vulnerability within all types of industry. The significant and most positive advances in technology have also allowed businesses and financial institutions to become prey of a new age of criminals. The World Wide Web has allowed for an endless barrage of frauds, scams, intrusions, and piracy. Cyberbanking has added a new dimension of potential financial institution fraud. In this computer age where network communication has become borderless, what the FBI has traditionally worked as an economic crime has the potential of becoming a transnational crime within a matter of seconds.
The FBI's task in fighting economic crime has dramatically changed with advancements in technology. New methods of economic crimes are being addressed with the assistance of new laws passed by Congress such as the Economic Espionage Act of 1996 (EEA) and the No Electronic Theft Act. At the same time, there is an increased emphasis on the training of FBI agents and providing them with the tools necessary to investigate these often complicated cases.
According to a study reported in 1996 by the American Society for Industrial Security regarding intellectual property loss, potential known losses to all American industry could amount to as much as $63 billion, with current losses occurring at a rate of $2 billion a month. The high-tech industry has an average loss per incident reported of $19 million. The specific portion of this attributable to domestic companies stealing trade secrets from one another cannot be determined with certainty. However, as we move further and further into the information age, the value and accessibility of various forms of intellectual property continues to increase. As this information becomes easier to access and/or steal, and its value continues to increase, the frequency of its theft is certain to increase as well.
In the increasingly competitive area of high technology, theft by rival companies of one another's new products/trade secrets is inevitable and burgeoning. In much the same way we used to have to deal with employees embezzling funds from their employer; we are now dealing more and more with employees stealing trade secrets from their employers and attempting to sell them to the competition.
The Economic Espionage Act of 1996, signed into law by President Clinton on October 11, 1996, provided law enforcement with a tool to deal more effectively with trade secret theft. The Economic Espionage Act has helped to protect valuable U.S. trade secrets. The statute was the result of a Congressional mandate to provide law enforcement with a tool to deal effectively with trade secret theft. The law penalizes commercial theft of trade secrets in cases not involving foreign powers under the newly created statute Title 18, U.S.C. Section 1832. Prior to this law being enacted, the FBI had to rely on general statutes such as "Interstate Theft of Stolen Property" and "Fraud by Wire" to prosecute thefts of high-tech secrets. These statutes were often difficult to apply due to the lack of an interstate nexus. These difficulties become more complex when applied to transnational crimes.
The Federal Bureau of Investigation took advantage of this law as soon as it was passed, receiving an arrest and conviction within two months of the enactment of the law. On December 7, 1996, the first arrest under the new law occurred in Pittsburgh, Pennsylvania. Patrick Worthing and his brother, Daniel, were arrested by FBI agents after agreeing to sell Pittsburgh Plate Glass information for $1,000 to a Pittsburgh agent posing as a representative of Owens-Corning, Toledo, Ohio. Both subjects were charged under Title 18, U.S.C. Section 1832. Patrick Worthing was sentenced to 15 months in jail and three years probation for the Theft of Trade Secrets.
Following the passage of the EEA, the FBI made an effort to educate agents in all 56 field offices regarding the elements of this new law. Six regional conferences sponsored by FBI Headquarters were held in the summer of 1997, with participation from all the field offices. Several of the conferences also allowed participation of industries in the area.
Management and security personnel from these companies were given information regarding the new law and how best to protect their trade secrets. This coming together of FBI and private industry is critical to our success in battling economic crime. It allows for increased communications and cooperation with private industry. At the same time, it provides for a unique opportunity for the FBI investigators to better understand the complexities and sensitivities of the industry from experts within that industry. These regional sessions have increased the number of agent personnel having the special training required to address the often sensitive needs of the high-tech industry.
The number of theft of trade secret investigations has continued to increase. In October of 1997 there were fifteen pending investigations. Currently there are 37 pending theft of trade secret investigations. These include investigations in Silicon Valley in California dealing with high tech industries to cases in locations such as Missouri and Tennessee. This increase in pending investigations is due in part by the positive relationships that the FBI has developed with industry and the resulting increased awareness of this growing crime problem.
The FBI is working to identify cities that are centers for high-tech industries. These cities will be afforded the training necessary to identify and investigate theft of trade secret and Intellectual Property Rights infringement matters. High-tech task forces will be encouraged to better utilize resources to address this crime problem. Examples of recent cases charged under Title 18, U.S.C. Section 1832:
- Memphis: On October 3, 1997, the Memphis Division of the FBI arrested Steven Louis Davis, who was indicted in the Middle District of Tennessee on five counts of fraud by wire and theft of trade secrets. Wright Industries, the victim company and a sub-contractor of Gillette, had fully cooperated with the FBI's investigation.
- Although the FBI knows that Davis reached out to one foreign owned company (BIC), it is unclear if he was successful in disseminating trade secrets overseas. The FBI, however, has learned that a competitor in Sweden had seen the drawings of the new Gillette razor. Davis pled guilty on 1/23/98. Potential loss prevented was in the hundreds of millions of dollars.
- Cleveland: On September 5, 1997, Pin Yen Yang, and his daughter Hwei Chen Yang (aka Sally Yang) were arrested on several charges, including Title 18, U.S.C. Section 1832. Also charged is the Four Pillars Company, which has offices in Taiwan, and a registered agent in El Campo, Texas. It is alleged that the Four Pillars Company, Pin Yen Yang, Sally Yang, and Dr. Ten Hong Lee were involved in a conspiracy to illegally transfer sensitive, valuable trade secrets and other proprietary information from the Avery Dennison Corporation, Pasadena, California, to Four Pillars in Taiwan. Dr. Lee has been an Avery Dennison employee since 1986, at the company's Concord, Ohio facility. Dr. Lee allegedly received between $150,000 and $160,000 from Four Pillars/Pin Yen Yang for his involvement in the illegal transfer of Avery Dennison's proprietary manufacturing information and research data over a period of approximately eight years. Direct development costs of technology transferred during this time is estimated to be in the tens of millions of dollars. On October 1, 1997, a Federal Grand Jury returned a 21 count indictment, charging Four Pillars, Pin Yen, and Sally Yang with attempted theft of trade secrets, mail fraud, wire fraud, money laundering, and receipt of stolen property. On the same date, Dr. Ten Hong Lee pled guilty to one count of wire fraud.
At the same time, we must recognize that technological advances are making corporate spying and theft easier and cheaper. Industrial espionage is most often carried out to gain access to corporate strategic plans, research and development information, and manufacturing process data. The power of computer technology has increased means for the theft and transfer of trade secret information. Computer age communications connectivity, commercial enterprise activities, and the posting and accessibility of corporate data on office workstations and home personal computers have made it extremely easy to copy and steal valuable trade secret information. This information can potentially be transferred transnationally as easily as it can be transferred across town.
Public and private sector organizations that rely on information technologies are diverse. Within the government, information technologies provide leverage for performing traditional missions more efficiently, e.g., law enforcement, intelligence gathering and exploitation, and national defense. In the private sector information systems allow rapid, efficient transfers of information and capital, enable a new wave of electronic commerce, and enable far-flung, technically complex operations to exist over vast geographic distances.
However, as commercial information technologies create advantages, their increasingly indispensable nature transforms them into high-value targets. Moreover, in practice these developments have resulted in diminished systems redundancy and the consolidation of core assets, heightening the risk of catastrophic single-point failures. Disgruntled employees, disaffected individuals or groups, organized crime, domestic and international terrorists, and adversary nations are all potential sources of attack.
Terrorists, transnational criminals, and intelligence services are quickly becoming aware of and exploiting the power of information tools and weapons. This has been true in the past as new means of communication, transportation, and secrecy have been introduced to the public. For example, narcotic traffickers began using communications advances such as pagers and cellular phones soon after their introduction to the public.
In yet another area, cyber banking is redefining consumer banking and creating new opportunities for high-tech financial institution crime. A recent Internet survey indicated that electronic banking is anticipated to increase 600% in the next two years. In the latter part of 1997, the Federal Deposit Insurance Corporation (FDIC) estimated that over 1,100 banks and thrifts are maintaining a presence on the World Wide Web. Although many sites are primarily established for advertising, a growing number are beginning to offer transactional capabilities, including funds transfers.
The use of electronic access products to infiltrate banking systems have occurred, and with the use of the Internet, can occur from halfway around the world. One computer intrusion investigation involving the compromise of a major U.S. financial institution's cash management system resulted in the convictions of all seven foreign nationals involved. Potential losses of $10.4 million involving attempted fraudulent wire transfers were limited to $400,000 as a result of the FBI's lead in an international effort to identify the source of the intrusion and the individuals responsible. As global interconnectivity, access to the Internet, and electronic commerce increases, the threat of electronic exploitation will expand exponentially.
In response to this threat, the FBI, in cooperation with Department of Justice, Department of Treasury and representatives of financial regulatory agencies, has launched a cyberbanking initiative to examine the risks and potential losses associated with electronic banking technology. A working group has been established to focus on current and potential criminal activity in the emerging field of cyberbanking. The primary function of this working group is to insure that all government agencies involved with the operation or regulation of cyberbanking are aware of the potential for fraud in any electronic banking scheme developed for use by the public. A secondary function is to insure that, in the development of cyberbanking systems, adequate fraud prevention measures are implemented so that frauds against the system can be detected, investigated, and prosecuted.
Comprehensive crime statistics involving electronic money and computer fraud and abuse are difficult to obtain. The FBI is working closely with federal banking regulators and the financial institution industry to evaluate methods by which computer related activity can be statistically tracked and monitored in order to assure that fraudulent activity of this nature is reported. The Suspicious Activity Reporting System (SAR), currently used by financial institutions to report fraudulent activity could be used, with some minor modification, to provide a simple and straightforward means for victims to report this increasing crime problem. The FBI and federal bank regulators have already worked together to produce guidance to the financial industry for reporting of computer crimes on SARs.
Case examples of cyberbanking fraud:
- In 1994, subjects in Russia gained unauthorized access to Citibank's Cash Management System. As a result, more than $10 million was wire transferred to preestablished accounts throughout the world. It was unclear where the attack was originating when the FBI began to monitor the cash movements through Citibank's central wire transfer department. Monitoring began in July and continued into October, during which there were 40 transactions. Cash was moved from accounts as far away as Argentina and Indonesia to bank accounts in San Francisco, Finland, Russia, Switzerland, Germany and Israel. In the end, all but $400,000 taken before monitoring began was recovered. The investigation resulted in six foreign nationals being charged in the United States. Citibank says it has found no evidence of insider cooperation with the hacker. Vladimir Levin was arrested in February 1995 by Scotland Yard based upon a provisional warrant and was extradited from England in September of 1997. He pled guilty on January 23, 1998 to conspiracy.
- In April of 1997, telephone calls were made to banks in Portland, Oregon and Boston, Massachusetts claiming that the institutions, and 49 other financial institutions, had been targeted by an environmental group. The caller explained that the group had penetrated the bank's computer systems and if the banks did not make $2,000,000 "donations" to the group, the computer systems would be brought "to a screeching" halt. The caller further explained that timing devices had been utilized and if the $2 million dollar donations were not received by the group, the computer systems would crash within the next week. He also warned that if the banks involved law enforcement in the matter, the systems would be destroyed immediately. The caller advised his group had previously penetrated computer systems within the Central Intelligence Agency and other unnamed federal agencies. A subsequent telephone call was traced to a public pay phone and the subject was arrested. The subject pled guilty to one count of Title 18, U.S. C. Section 875 (Interstate Extortion) and was sentenced to six months in jail followed by three years supervised release.
The Financial Times reported in an article in August 1996 that the market for Internet banking is poised to grow sharply in the next three years, affecting the competitive advantage enjoyed by traditional banks as demand for Internet banking services takes off. It noted a survey of Internet banking by an international management consultant, which found that 154 European banks already have sites on the World Wide Web, with sites increasing at a rate of nearly 90 percent a year.
The article went on to state that the cost of Internet banking run at on 15-20 percent of income, compared with an average cost-income ratio for the banking industry of about 60 percent. Starting an Internet bank from scratch costs about $1 million - one can buy all the software off the shelf. But a well established bank has to integrate it with their existing systems dramatically adding to the cost of setting up an Internet bank. Internet banking has the potential of changing the type of financial industry law enforcement will have to work with in combating financial crimes. The banks from other countries that are on the Internet can potentially provide other avenues for subjects for money laundering, wire transfers, and hiding of assets.
There have been reported incidents of bogus investment banks appearing on the Internet. These banks solicit money for investment and account creation. In reality, these banks do not exist and disappear as quickly as they appear. One such Internet bank was the subject of an Office of the Comptroller of the Currency (OCC) special alert. The Freedom Star National Bank of Arizona began soliciting deposits on the Internet and offering high interest rates. The entity had not been granted a national bank charter by the OCC nor were its deposits insured by the Federal Deposit Insurance Corporation. This activity was stopped by the OCC special alert. Banking regulators are in the process of analyzing these type of fraudulent banks for criminal referral to the FBI.
The use of the Internet to market fraudulent investment schemes is becoming epidemic. An example of this type of scheme involves a multilevel operation doing business under the name Netware International, believed to had approximately 2,500 members throughout the United States. Netware provides false, fraudulent and misleading representations in order to solicit funds from new and existing members. Promotional information distributed over the Internet indicated that Netware was forming a private bank with full services and deposits insured by the National Union Fire Insurance Company of Pittsburgh, Pennsylvania. The information also indicated that the bank was expected to earn a profit of 25 percent per year, and that the members who sell two or more memberships would share in the profits of the bank. National Union Fire Insurance Company denied any affiliation with Netware. Nearly $1 million has been seized to date in this investigation. The investigation into Netware continues.
Internet banking is but one of many Internet frauds that the FBI is addressing. The types of frauds are numerous and have been found to often have international connections. The National Consumers League has stated that they receive more than 100 scam complaints each month. They range in size from $10 to $10,000. The ten most frequent fraud reports involve undelivered Internet and online services; damaged , defective, misrepresented or undelivered merchandise; auction sales; pyramid schemes and multilevel marketing; misrepresented cyberspace business opportunities and franchises; work-at-home schemes; prizes and sweepstakes; credit card offers; books and other self-help guides; and magazine subscriptions.
Banking and investment industries have not been the only industries dramatically affected by Internet fraud. The copyright industry has lost millions of dollars due to piracy of software, music and interactive digital software on the Internet. Hundreds of digital jukeboxes are surfacing on the Internet. The digital jukeboxes release music over the Internet in the form of MPEG3 digitally compressed files, called MP3s, which can be downloaded free of charge on to home computers. Most pirate jukeboxes are run for free by young music buffs, often students using university servers. Downloading music free of charge from the Internet is becoming increasingly popular among the 15 to 30 year olds who tend to be frequent record buyers and are often computer enthusiasts. The music industry now stands to lose substantial sums of money because of the unauthorized distribution of its copyrights.
Bulletin Board Services (BBSs) have long been a potential source of computer software and interactive digital software piracy. There exist BBSs whose only function is engaging in criminal activity. These BBSs provide a listing of software programs available for downloading through the Internet. The actual cost of the software involved is negated through a bartering system. The use of this bartering type system has been very effective in circumventing the law until recently. The No Electronic Theft Act, passed by Congress and signed by the President on December 17, 1997, makes it a crime to possess or distribute multiple copies of on-line copyrighted material, for profit or not. This has eliminated the ability to circumvent the law by not exchanging money.
On 1/28/97, the FBI in San Francisco executed eight search warrants simultaneously in six states in connection with an undercover investigation, code name Cyber Strike. Cyber Strike has focused on increasingly organized efforts by individuals and groups to conduct the piracy of computer software produced by some of the nation's largest software firms. Seizure of more than seven Gigabytes of illegal transactions (equivalent to 20 million pages of information) was made. Following the search, eight BBS systems were dismantled and their equipment seized. The searches were conducted in Atlanta, Georgia; Columbus, Ohio; Miami, Florida; Oklahoma City, Oklahoma; Des Moines, Iowa; Pittsburgh, Pennsylvania; San Leandro and Cedar Ridge, California.
Traditional crimes have taken on a new appearance over the Internet. An example of this is Internet sports gambling. Earlier this month the New York FBI field office filed complaints against fourteen managers and owners of six Internet sports betting companies that operated offshore and allowed bettors in the United States to gamble on football, basketball, and other sports. Attorney General Janet Reno said in a statement: "The Internet is not an electronic sanctuary for illegal betting. If a state outlaws soliciting or accepting bets, you can't evade those requirements by going on line." This is an example of how the FBI is constantly working to keep abreast of new crime schemes and is focusing our investigative resources to address these emerging crime problems.
Software piracy, as well as all other types of piracy, continues to be an international concern. According to the International Intellectual Property Alliance, copyright piracy cost an estimated loss of $10.8 billion to U.S. copyright industries. In addition, the International Anti-Counterfeiting Coalition has estimated that the cost due to trademark infringement in the world to be $250-350 billion. U.S. industries represent the leading edge of the world's high technology, entertainment and apparel industries. Piracy of copyrighted and trademarked items cost the U.S. economy tax revenue and jobs because of the manufacture, distribution and sale of counterfeit goods.
The FBI has supported training in intellectual property rights issues in a number of foreign countries to include Russia, China, Egypt, Peru, and Latvia. Piracy is more than a domestic crime problem. It is an international crime problem that involves organized groups that conduct their counterfeiting enterprises multi-nationally. Through the FBI's efforts in international training and established contacts with foreign law enforcement officials throughout the world, the groundwork has been laid for an international effort in addressing this international crime problem.
To conclude, a major concern now facing law enforcement is how rapidly the threats from criminals, both domestic and international, are changing, particularly in terms of technology. The challenge to law enforcement is our ability to keep pace with these criminals who pose a threat against United States, our citizens, and our industry. The FBI is working closely with law enforcement officials in other countries to combat computer crimes and enhance coordination, and improve our combined capabilities. Cooperative efforts with industry have also been intensified to facilitate the prevention and detection of emerging cyber crimes. The types of economic crimes described today can and do have a lasting effect on our nation's economy. The FBI is aggressively investigating these types of economic crimes. Chairman Saxton, I wish to thank you and the members of the Joint Economic Committee for your support. I applaud your commitment and confidence in this important area of the FBI's responsibility.