Chinese 'IP lawyer' walks into Medrobotics, fires up three computers and is discovered by the CEO. Update May 23, 2018Reuters reports the U.S. Attorney has opted not to prosecute Dong Liu for his attempt to access the computer network of Medrobotics Corp. While no reason was provided, Liu’s attorney suggests the U.S. Attorney was unable to prove that Liu successfully accessed the company’s network and the trade secrets.——————————-On Aug. 28, 2017, Medrobotics in Raynham, Massachusetts, found an unexpected visitor within their corporate headquarters. Dong Liu had managed to get into the corporate spaces and was discovered by an employee of Medrobotics — the CEO.Liu’s LinkedIn profile, which he attempted to use as bona fides with the CEO, shows he is currently a senior partner at Boss & Young Patent and Trademark Law Office, located in Beijing, Shanghai and Macau. At Boss & Young, his responsibilities include “leading the firm’s Intellectual Property (IP) practice in medical device, bio-tech, clean-tech, and other emerging high-tech areas such as new media. Also responsible for the firm’s IP licensing and transaction services.” That’s quite the mouthful. And apparently “transaction services” includes purloining the IP of others the old-fashioned way, stealing the IP. Rarely does one encounter industrial/corporate espionage being conducted in such a brazen manner.According to the criminal complaint filed by the Department of Justice, Liu had been targeting Medrobotics for some time. You see, Medrobotics has evolved the next-generation, robot-assisted devices for surgeons, which permit minimally invasive surgery — their Flex® Robotic System. How Liu got into Medrobotics and stole the laptopsLiu, according to the complaint, used LinkedIn as his social network of choice to engage various (unidentified) Medrobotics employees. The degree to which he was successful at eliciting information to facilitate his escapades is unknown. What is known is that the engagement did not deter his alleged attempt to steal Medrobotics technology.On Aug. 27, Liu (a holder of both Chinese and Canadian passports) drove into the U.S. from Canada. The following day, he made his way to the Medrobotics headquarters. Employees noticed him in the lobby at 5 p.m. and again 6 p.m. taking videos of the electronic signage. At 7:30 p.m., the CEO saw him sitting in an adjoining conference room, which was behind the company’s security perimeter (hard line). When confronted, Liu dissembled quickly, saying he was there to meet an employee (who was out of country). Then he offered a name of another employee (who did not have an appointment scheduled). Then he finally landing on the name of the CEO, who was standing in front of him.The CEO called the police, and Liu was arrested. Liu was originally charged with trespassing, but when the Department of Justice became involved, the criminal complaint evolved to charges for attempted theft of trade secrets.When discovered, Liu had three laptop computers up and running. Access to the company “guest network” was available to him, as the password was posted on the wall. He said he had been in the room for 2.5 hours.When arrested and his car searched, Liu was found to have the following items:One white Apple iPhone with a gold Mophile caseOne black 16GB smartwatchOne PNY 128 GB thumbdriveTwo Cencux digital camcordersSeven SIM cards, one SD card, and one thumb driveOne Apple watch, serial # FMLQ9803GR7MOne white Hisense smartphoneTwo Seagate portable drives – 2TBOne Apple MacBook Pro Model A1502Three SIM cards and two Micro SD cards in a clear plastic caseOne Microsoft Surface 128GB computer, serial # 014881654353One Apple iPad, serial # DLXT702UGMW7Liu was prepared, technologically, for whatever he encountered at Medrobotics to affect his access to their network. The criminal complaint does not yet identify, what, if any, Medrobotics technology Liu acquired (the investigation continues). Why was Medrobotics targeted?Medrobotics’ advanced technology is reason enough, but when one exams the results of the interview with the company’s CEO by the FBI special agent (contained within the criminal complaint), we see that the CEO was cautious about doing business with any Chinese company. He describes how he has been approached by various Chinese entities about six times and took those meetings in Boston. While he does not intend to ever do business in China, he found value in listening to what the various entities had to say.And there is the rationale behind the brazen attempt to steal Medrobitics technologies. The company wasn’t willing to engage with a Chinese partner, thereby shutting off trusted insider access to the technology by a Chinese technology company. Which leaves us with Liu, apparently tasked with acquiring the technology, for an unidentified entity. Related content news analysis China’s MSS using LinkedIn against the U.S. The head of the U.S. National Counterintelligence and Security Center says China's MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources. By Christopher Burgess Aug 31, 2018 4 mins Social Engineering Cybercrime Security news analysis Tesla insider with expired NDA spills the tech beans A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms. By Christopher Burgess Aug 30, 2018 3 mins Risk Management Security news analysis Horizon Air tragedy highlights airline insider threat vulnerability The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability. By Christopher Burgess Aug 13, 2018 4 mins Security news analysis How did the TimeHop data breach happen? Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. By Christopher Burgess Aug 10, 2018 4 mins DLP Software Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe