Whenever a business or a corporation hires a new employee (the exact classification does not matter, the individual could be a contractor, full time employee, freelancer, part timer, etc.) they always run the risk that that person could very well have a malicious intent.  This would be primarily trying to launch an Insider Attack, and from the material, assets and knowledge gained, try to use that for financial gain. 

In fact, Insider Attacks are not heard of too often in the news headlines these days, as the media is mostly obsessed with the digital forms of Cyberattacks, ranging from Ransomware to Cryptojacking to the newest variants of Phishing.  But Insider Attacks do happen, and worst of all, they are the hardest to track down and stop in their tracks.

For example, back to the new employee scenario.  Sure, the hiring manager can do all of the background checks and drug screens they want, but this will never give insight into the actual thinking and mental processes that are deep within the brain of that individual.  They may be the greatest worker during work hours, but after hours could be a whole different story.

Such is the case recently with a medical entity known as “Nationwide Children’s Hospital”.  Two employees that used to work there, Yu Zhou, and Li Chen whom resided in San Diego, CA, were recently arrested and charged with conspiring to and even stealing the intellectual property of this hospital.  This related specifically to the research and development surrounding the use of “Exosomes”.  They can be specifically defined as follows:

“They are extracellular vesicles that are released from cells upon fusion of an intermediate endocytic compartment, the multivesicular body (MVB), with the plasma membrane. This liberates intraluminal vesicles (ILVs) into the extracellular milieu and the vesicles thereby released are what we know as exosomes.”

(SOURCE:  https://bmcbiol.biomedcentral.com/articles/10.1186/s12915-016-0268-z)

OK, I am not a biological researcher, so this is way above my head.  But long story short, from what I could find, these are the agents in the human body that carry the molecules which distributes the plaque into the blood vessels of the brain, especially amongst the elderly whom are suffering from Alzheimer’s disease. 

The current thinking is that if they can carry this kind of stuff, the exosomes should also be able to carry the molecules to potentially stop the disease as well.

Other research areas for exosomes include that of Necrotizing Enterocolitis (a condition found in premature babies), liver fibrosis and liver cancer.  Both Zhou and Chen were actually arrested back in July, and together, they worked in the different departments of the hospital.  They both worked for about ten years there, approximately from 2007 – 2018. 

During their tenure there, the couple actually created and launched their own independent company in 2015, based in China, much to the oblivion of the hospital management and administrative staff.  They then used this company to leverage the intellectual property (IP) that covertly hijacked from Nationwide Children’s Hospital and pocketed the financial gain from that.  The IP in question dealt specifically with the isolation of the Exosomes.

Not only this, but Zhou and Chen also in part started a biotechnology company here in the United States as well.  With this, they also launched a company website that literally bragged about the products and services that were created for the sole purposes of Exosome isolation, including some kind of field preparation kit that was actually created at Nationwide Children’s Hospital (no specific details were given on this aspect).  The couple apparently also used the resources at the hospital in order to further leverage both of their startup us in the US and China. 

My Thoughts On This

In an ironic twist of fate, Zhou bragged in a Press Release that this US based company were going to be coming out with a brand-new product line that focused exclusively upon the “proprietary exosome isolation systems” the day before he was arrested.

Well, this goes back to the whole scenario depicted at the beginning of this blog:  Hiring that new employee.  Honestly, if a new employee, or for that matter, an employee that has been working for ten years, does have every right to do their own thing on the side of their regular job. 

There is no law against that, unless the employee has signed some kind of agreement with their employer that he or she will not engage in related activities for personal gain.

But even then, these kinds of agreements are hard to enforce in a court of law, unless millions of dollars’ worth of IP was actually stolen, as in the case with Zhou and Chen.  But the line has to be drawn if an employee is using their employer’s assets in order to launch their own venture. 

How can this can be tracked down?  Well, there are Cybersecurity tools out there that can be used in this regard, such as Keylogging software, and examining footage of employee movements after work hours within the confines of the place of business.

Also, log files produced from Firewalls, Routers and Network Intrusion Devices can reveal a lot about the tell-tale activities of an employee as they access network resources and other shared folders and files from the corporate servers.  But then this comes to the question of this is an invasion of privacy on the rights of the employee. 

The good news is that (if it can be considered as so) is that here in the United States, when it comes to privacy rights in the workplace, there are pretty much none.

The laws and the courts for the most part will side with the employer in these instances, especially if the employee is using company owned and issued property in order to conduct their every day job tasks.  But the employer has to also notify the employee before they actually start working that their movements are being tracked and could be closely examined.

Really, the only way that Zhou and Chen could have been tracked is if the IT Security staff at the hospital staff encouraged employees overall to report suspicious behavior both during work and after work hours.  Also, perhaps if a closer look were given to the log files of what was accessed, perhaps this could have also painted a picture of what was transpiring at the hospital.

Once again, Insider Attacks are extremely difficult to detect.  It could even be your most trusted employee that has worked with you forever that could be launching something.  But keep in mind – any form of Cyberattack, whether it is from the outside or the inside, clues are always left behind.  No Cyberattacker is perfect in erasing their tracks after the damage has been done.