When Your Dream Employee Turns Out To Be a Foreign Spy

When Your Dream Employee
Turns Out To Be a Foreign Spy

When we talk about cybercrime, it’s easy to imagine a darkly-lit room filled with hooded hackers typing away, working towards unveiling top-secret information. This Hollywoodian scene plays out easily enough in our heads, but it feels very far away from reality.

The truth is this: Cybercrime happens on much smaller levels all the time in the US.

Andy Anderson, CEO of DataStream Insurance, recently sat down with James Turgal, VP of Optiv Inc., a leader in cyber advisory and solutions. Before entering into his current role, James spent 22 years with the FBI. Back in the 1990s, when cybercrime was just beginning, James was responsible for creating a cyber task force.

James was then named Executive Assistant Director for Global Information and Technology and became the FBI’s Chief Information Officer, or CIO. To put it simply, he gets cybercrime.

If you think your company is safe from a data leak or other cybercrime, think again. The upcoming story about one small midwestern manufacturing company will hopefully change your mind. They unknowingly became the victim of one of the biggest cybercrime organizations in the world.

The New Hire

It starts like this: A small midwestern manufacturing company with a particular type of intellectual property that they had built themselves decided to hire a new network engineer specialist. Their marketing and HR teams took to social media to find the perfect candidate. They shared information about the company across social networks like Facebook, Instagram, and Twitter. They also began scouting out recruits at local universities in the area.

They found several candidates and eventually settled on one applicant in particular. This guy was a rockstar. He breezed through the interview process and had a bunch of bright ideas that impressed the company, so they hired him. And they gave him access to everything—including their databases and all of their networks.

Fast forward to 18 months later and they find out that the rockstar employee had given all of their precious intellectual property to the Chinese government.

How The Leak Happened

It turns out that their new hire was a Chinese intelligence officer who was planted at one of the local universities in order to gain access to this particular intellectual property.

Remember: This is a small to medium-sized manufacturing company in middle America. It’s not related to national security and it has no connection to the defense industrial base. Companies like this one never believe that they’ll be a victim of cybercrime. They don’t think their stuff is important enough to be of interest.

So, why were they a target?

China has been implementing what they call “five-year refresh plans” for decades. Mao Zedong, chairman of the Communist Party in China and the founder of the People’s Republic of China, issued the first five-year plan in 1953, which set the stage for the Great Leap Forward in 1958.

The tenet of this plan was to make a major jump from an agrarian to an industrial-based economy. This five-year plan in particular resulted in the loss of over 15 million lives and the deadliest famine in human history.

In 2021, China’s National People’s Congress (NPC) issued the country’s 14th five-year plan. This refresh plan is focused on technology. What’s the easiest way to make such massive changes in such a short amount of time? Steal the information you need. No company is off the table—even a small midwestern manufacturing business.

How did they discover the leak?

After a year and a half of being an all-star employee, the new hire just doesn’t show up one day. The company then decided to do an internal audit and they saw that a whole bunch of data had been copied and downloaded.

There is something important to be noted here. The company had the tools in place to monitor what was going on within their networks, but they just weren’t really looking at them. They weren’t paying attention. The alarms were going off but no one was there to hear them.

Time to Call the FBI

When the company realized the data leak, the obvious next step was to try to talk to the employee to see what happened. Surprise, surprise, he was nowhere to be found. He was unreachable and likely had already left the country. So they decided to contact the FBI. If you find yourself in the same position, it’s important to get the FBI involved instead of the local police. Local law enforcement usually doesn’t have the tools or the ability to help.

James explains that the FBI has organizations that partner with the private sector for the protection of critical infrastructure in the US. One is called InfraGard, which connects owners and operators within this infrastructure to the FBI’s local cyber squad supervisor. Another is Optiv Inc., James’ company.

These partnerships between the FBI and Chief Security Officers (CSOs) and CIOs in key industries help companies protect themselves from cyber threats. These local divisions of the FBI are then able to monitor how much data is coming in and out of certain companies, and they can alert the CSO or CSI when they suspect there’s a problem.

The FBI tries to give local cyber divisions enough freedom to tackle their own local cases. That said, all of these local squads connect back to the FBI Cyber Division in Washington, and a wealth of information can be gleaned from these seemingly small cases.

What You Can Do to Protect Your Company

This story of a small midwestern company that was hacked by China is proof that no business is safe.

You can prepare yourself for an incident like this one by making sure that you always know what’s going on in your networks. You need to know what’s normal so that if you see something that’s off, you can connect directly with the FBI. It’s always better to make the call if you have your suspicions. You never know whether or not you’re part of a larger string of cybercrimes that affects several other companies.

You can also bring in a third party to do a cyber readiness or ransomware readiness assessment. Additionally, you should also always have a plan in place in case of an attack. And that plan should always start with a call to your local FBI division.


If one lesson can be learned from all of this, it’s that companies need to take a step back, recognize that cybercrimes can affect any type of company, and come up with a plan to prevent it.

If the worst happens, you’re going to want the best financial, legal, and technical support to get you back up and running again. With cyber insurance from Datastream, we find the most comprehensive insurance coverage on the market alongside critical post-incident customer support.

Click here to learn more about how we can help secure your business data!