Menu
Coca-Cola trade secret theft underscores importance of insider threat early detection

Coca-Cola trade secret theft underscores importance of insider threat early detection

A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.

Credit: Dreamstime

The trial of Xiaorong You has now started, on April 6, in Greenville, TN. She is accused of trade secret theft and economic espionage after allegedly stealing bisphenol-A-free (BPA-free) technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company.

The value placed on the development of the stolen technologies is $119.6 million. Other affected companies include Azko-Nobel, Dow Chemical, PPG, TSI, Sherwin Williams and ToyoChem.

The details of the case suggest that the damages You is allegedly responsible for could have been minimised if better real-time insider threat detection methods had been in place. They also outline possible motives for the theft of the intellectual property: ego and money.

Timeline for the alleged trade secret theft

You (a.k.a. Shannon You) is a naturalised US citizen with a PhD in Polymer Science and Engineering from Lehigh University. She has worked in US industry since May 1992.

You originally faced a nine-count grand jury indictment in February 2019 within the US District Court in the Eastern District of Tennessee for her actions involved in the theft of trade secrets. In August 2020, a superseding indictment was filed that added charges related to economic espionage.

You worked for Coca-Cola from December 2012 through August 2017 as a principal engineer for global research and then from September 2017 through June 2018 for Eastman Chemical Company as a packaging application development manager. In both roles she was one of a handful of employees with access to trade secrets and inter-company trade secret exchanges.

When she departed Coca-Cola, You signed a statement that attested she did not retain trade secret information owned by Coca-Cola and in exchange received a check for $39,912—which appears to have been her last pay cheque from the company.

In the summer of 2017, You applied for China’s Thousand Talent program. As the application proceeded, her co-conspirator Xiangchen Liu, a Chinese national, informed her that she had to submit false information to the PRC government to increase the chances of You being given the award.

The Chinese government has used this program to bring advanced technologies into China from abroad. The Department of Justice has successfully prosecuted cases with this program at the nexus of the prosecution.

How You allegedly stole BPA-free trade secrets

You is alleged to have stolen trade secrets from her two employers and availed these to a Chinese company that her co-conspirator managed. The theft was carried out in a straightforward manner: She uploaded information to Google Drive; for the more sensitive documents she used her smartphone’s camera to take screenshots of the documents, avoiding detection from the infosec team.

At Eastman Chemical Company on June 11, 2018, You photographed secure and restricted laboratories. Then ten days later, knowing she was about to be discharged, she uploaded company documents and those of the other companies doing BPA-free research directly to her an external drive. When confronted during a company investigative interview, she claimed that she was not retaining any of the company’s intellectual property.

The formulation of a company in China in which You had part ownership was the avenue by which the trade secrets would be monetised and exploited. The court documents show You and Liu intended to form a joint venture with an established Italian BPA-free manufacturer to integrate the stolen technologies, ostensibly belonging to the “new Chinese company.”

Insider threat takeaway: Early detection is critical

The time between You’s departure from Coca-Cola (August 2017) and her indictment (February 2019) indicates that the upload of the trove of documents from the Coca-Cola infrastructure to You’s Google Drive account was not detected by the information security team in real time and was discovered after the fact.

The actions taken at Eastman Chemical are indicative of a real-time detection of an anomaly that resulted in an immediate investigation resulting in You’s firing. She copied internal information to an external drive.

Two actions could have stopped the theft or lessened its impact:

  • Real-time alerts and processes designed to prevent sensitive and protected data from exiting the corporate environment
  • Prohibiting personal and non-authorised electronic devices, including smartphones, from proximity to trade secrets or sensitive installations. Using the smartphone’s camera to copy documents and workspace is a throwback technique of espionage days of old, when miniature and subminiature cameras would be used to copy documents from within restricted spaces

You’s apparent motivation to break trust can be found in both greed and ego. Her ego was satiated by recognition in the form of the Thousand Talent award and other Chinese financial awards. Her financial greed was addressed with part ownership in a “new company” in China that would attempt to exploit and monetise the technologies she had stolen.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Coca-Colacyber security

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments