Economic Espionage: Zheng and Zhang Fleece General Electric

The week of April 15 saw the unsealing of the indictment of Xiaoquing Zheng and his co-conspirator Zhaoxi Zhang on multiple counts of economic espionage associated with the theft of the intellectual property of General Electric.

Zheng previously had been arrested in August 2018, and the attendant criminal complaint highlighted the sum and substance of the theft of GE’s technology and know-how for the purpose of creating a competing entity. What made Zheng’s instance somewhat unique was:

  • He had been educated in the U.S.
  • His expertise in his field of study was noteworthy.
  • His tradecraft in the theft of the intellectual property was excellent (using encryption and steganography) to hide his tracks.
  • The information stolen went to Chinese-backed entities.

GE’s Intellectual Property Theft

The theft was substantial and took place over many years. To remind, Zheng was subjected to an internal GE review in 2014 when it was discovered he copied more than 19,000 files to a USB drive. While we are not privy to the details of the investigation, we know from the court documents that GE was satisfied with his responses and his attestation that he had destroyed the files.

We also have known that from November to December 2017, Zhang encrypted 400 unidentified files on his GE desktop computer. This action caused GE to begin monitoring all of Zheng’s company-provided devices via monitoring software GE had installed. GE was now in evidence-collection mode.

GE was not disappointed: The company monitored Zheng encrypting and exfiltrating 400 sensitive files.

Zhang, Zheng’s Co-conspirator

To whom was Zheng sending files? That would be his co-conspirator, Zhaoxi Zhang, his business partner with whom Zheng was forming a new company they had cooked up in 2016, which became known as Liaong Tianyi Aviation Technology or LTAT. Zhang and Zheng divided ownership of the company 55 percent for Zhang and 45 percent for Zheng. Contemporaneously with the formation of LTAT, Zheng formed a separate company with unidentified partners, which he called Nanjing Tianya Avi Tech (NTAT).

The two companies fit together in the effort to capitalize on GE’s stolen turbine technology, with LTAT focused on manufacturing and NTAT focused on research and development. As noted in the criminal complaint of 2018, Zheng was hiding his skullduggery in plain sight. Indeed, he had gone so far as to confirm with GE that a separate company, unrelated to LTAT/NTAT which Zheng had formed with his brothers some eight years prior, was not in violation with GE’s “conflict of interest” policy.

GE confirmed to Zheng he was good to go and admonished him to “be extremely careful to avoid using GE intellectual property, proprietary information or proprietary processes.”

Zheng would, as we learned via his indictment, ignore this admonishment and purloined large quantities of GE trade secrets surrounding turbine technology.

Economic Espionage

The economic espionage angle was solidified when it was discovered post-arrest that the information Zheng took was benefiting China and Chinese entities including LTAT, NTAT, Shenyang Aeroengine Research Institute and Huaihai Institute of Technology.

Web-based email accounts using Chinese service providers QQ and 163 were used to communicate between Zheng, Zhang and other entities. In doing so, the “server copy” of all communications were located on mail servers geographically located in China and out of reach of U.S. law enforcement and lawful intercept by the U.S. entities.

The frosting on the economic espionage cake, however, was an encrypted message Zheng sent to Zhang that contained prepared remarks Zheng was planning to provide to various Chinese government dignitaries on behalf of Tianyi Aeronautics, even though he was a GE employee. In these remarks, Zheng noted a visit had been made to the 606 Institute (Shenyang Aeroengine Research Institute) and funding and support from the government entities present had been requested. Zheng tied his request to the Communist Party’s 13th Five-Year Plan, which placed “aerospace development as a priority among strategic key technologies.” They had solidified the People’s Republic of China (PRC) government’s interest and investment in their company.

The duo moved beyond unscrupulous entrepreneurs to operating on behalf and to the benefit of the PRC, while also feathering their own nest. The technology transfers of the millions of dollars of GE research was landing in China to be used in advancing research and design, as efforts were made to reproduce the GE trade secrets.

Zheng and Zhang now face 14 separate counts, including multiple counts of economic espionage as detailed in the indictment unsealed April 18. “The indictment alleges a textbook example of the Chinese government’s strategy to rob American companies of their intellectual property and to replicate their products in Chinese factories, enabling Chinese companies to replace the American company first in the Chinese market and later worldwide,” noted Assistant U.S. Attorney General Demers.

The two co-conspirators face multiple years in prison and the possibility of millions of dollars in fines should they be found guilty. A trial date has not yet been set.

Featured eBook
7 Reasons Why CISOs Should Care About DevSecOps

7 Reasons Why CISOs Should Care About DevSecOps

DevOps is no longer an experimental phenomenon or bleeding edge way of delivering software. It’s now accepted as a gold standard for delivering software. It’s time for CISOs to stop fearing DevOps and start recognizing that by embedding security into the process they’re setting themselves up for huge potential upsides. Download this eBook to learn ... Read More
Security Boulevard

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 89 posts and counting.See all posts by burgesschristopher