The FBI’s warning to Silicon Valley: China and Russia are trying to turn your employees into spies

A top special agent in San Francisco has a stark message: "Raise your shields."

A suspicious login screen

The FBI is warning tech companies of an insider threat that's not like anything they've seen in a James Bond movie.

Image: Christopher T. Fong / Protocol

When FBI special agent Nick Shenkin starts talking about spies in Silicon Valley, he's not describing a James Bond movie or even what people have seen on "The Americans." Instead, what he's there to warn the tech sector about is less dramatic but perhaps more insidious: the insider threat of economic espionage and intellectual property theft.

It's not the Hollywood image of espionage. But the risk to tech companies is real, the FBI says: Employees are being persuaded, or more typically, coerced by foreign autocracies into stealing information or handing over login credentials. In one case Shenkin worked on, Chinese government agents threatened to deny an employee's mother dialysis back in China if he didn't steal proprietary information from a large hardware/software company.

"This is a quotidian activity," Shenkin told Protocol in an interview. "This is a massive fundamental activity that bolsters and is one of the mainstays of many autocratic countries and their governments."

For the last few years, San Francisco-based Shenkin has been quietly briefing venture firms, startups, academics and tech industry groups that might be of interest to foreign actors. It's not the glamorous spy stings that form movie plots, but a subtle way of fighting espionage through education. After Protocol heard about the briefings from multiple sources, the FBI agreed to an interview about the content of the briefings and shared its framework, called the "Delta Protocol" (no relation to COVID-19 or this publication), which the agency developed to distribute to startups so they can learn to protect themselves.

"The reason why we're being so much more assertive about these briefings and trying to be more open with U.S. industry is because we've just come to the realization that if there is no cost, then they will continue to do what they're doing," Shenkin said. "So the briefings are like, 'Please American companies, raise your shields, protect yourselves, make it more expensive for the thieves to rob you, and the country is stronger, and you're stronger.'"

It's not your HR department's job to catch a spy

Five years ago when Shenkin started approaching companies, he was trying to convince them the threat wasn't just hypothetical. But hackings by foreign actors now routinely make headlines, and there's been a spate of indictments of individuals, from ex-Apple engineers to researchers, who were accused of smuggling information.

In 2018, the Department of Justice formally launched the China Initiative, and FBI Director Christopher Wray called China's economic espionage and counterintelligence "the greatest long-term threat to our nation's information and intellectual property, and to our economic vitality" in a 2020 speech. (Government estimates of losses from Chinese intellectual property theft run in the hundreds of billions of dollars a year, though some critics say those numbers are inflated.)

"Now you go to these companies and nobody needs to be convinced. Everybody knows that this is a threat, and the big issue becomes how do we defend against it," Shenkin said.

No one expects HR departments to screen out spies when hiring employees — nor is that even the way companies should be thinking about it, Shenkin said. Instead, he's trying to coach tech companies on how to identify vulnerabilities that a person could have and then find ways to protect the individual and the company from those vulnerabilities being taken advantage of by an autocratic government — namely, China and Russia.

There are four main vulnerabilities covered in the briefings: someone being a citizen of an autocracy, doing business with one, having assets in the country or having family members or employees living or working in the autocracy. But it's the family vulnerability in particular that Shenkin says he sees "exploited over and over and over again".

"A lot of what the briefings cover is the idea that this is not about the ethnicity of the individual. This is about: What is any individual's or entity's vulnerability to the jurisdiction of an autocracy? Because what we see overwhelmingly is people who end up stealing intellectual property, very often, they have no desire to be stealing intellectual property," Shenkin said.

While the government used to obsess about state-owned enterprises (or ones that are closely associated, like Huawei), Shenkin said it's shifted focus to what it calls the hybrid threat: autocracies essentially sinking their hooks into people and "forcing them to act as if they are an arm of that government, whether they want to or not."

The general ignorance of the threat — and the lack of incentives for companies to report suspicions — has meant Silicon Valley, in particular, has emerged as a "den of spies," according to POLITICO.

There have been a handful of high-profile cases to reach the level of indictments. The government charged two different Apple engineers in 2018 and early 2019 for allegedly stealing trade secret information about its self-driving car. The most famous case the FBI and experts draw from is the case of Walter Liew, who was found guilty of stealing information about the color white from DuPont. The Center for Strategic & International Studies maintains a list of more than 100 allegedly China-linked IP theft acts since 2000.

The challenge is that these cases are the prosecutable tip of what Shenkin believes is a much larger iceberg when it comes to theft of sensitive information.

To help identify some of the areas that it should be focusing on, the FBI has turned to the venture capital community. It's not that the FBI thinks Sand Hill Road is "housing intelligence officers from foreign countries," Shenkin said. Instead, it's interested in the firms as "knowledge nodes" that can help the FBI understand where the real valuable technological innovations are. The agency is also hoping to learn which companies in an investor's portfolio could most use a briefing to help protect their investments from IP theft.

That doesn't always mean the most cutting-edge tech. "If you're a quantum computing company, or a biotech company, or a green tech company, you are a juicier zebra on the Serengeti," Shenkin said. "But they're also going for just the slowest zebra on the Serengeti."

Not a witch hunt

The challenge with the briefings is not stoking the flames of anti-Chinese or anti-Russian resentment in the U.S., especially at a time when xenophobia is already on the rise. Shenkin said he doesn't want to start a witch hunt, or make companies afraid to hire people with Chinese or Russian names.

"The idea that we're out there, targeting Russian Americans, or Chinese Americans, or anybody of those ethnic groups — I mean, nothing could be further from the truth. We do not live under any delusion that one ethnic group has some sort of a genetic proclivity towards dishonest behavior. Absolutely not the case," Shenkin said.

He says it's a misconception, furthered by the media, that the FBI is targeting Chinese Americans when the reality, as he views it, is that the FBI is trying to protect them from the Chinese government. "From our perspective, the Chinese American community is being exploited by China. They're being targeted and exploited and forced to do illegal things by the government of China," he said.

The problem with that rhetoric is that it treats "China" or "Chinese Americans" as a homogenous body and introduces the idea that a person of Chinese ethnicity could be a threat when it's really based on the individual's vulnerabilities beyond whether they have family in an autocratic state, said Margaret Lewis, a professor at Seton Hall, who has argued for a rethink of the DOJ's larger China Initiative.

"That's creating this construct that Chinese Americans are vulnerable, by reason [of] being Chinese Americans, when I think we need to disaggregate that and look much more at an individual level," Lewis said. While there's no doubt China has exploited family connections some Chinese Americans may have, she said, there's also concern that it's both grouping too many people as vulnerable when they're not, and potentially excluding other vectors of vulnerabilities, like employees with gambling problems who may be desperate to sell information for cash.

Liu Pengyu, a spokesperson for the Chinese embassy in Washington, said in a statement that the media had "frequently hyped" the topic of spies, but that "quite a few later proved to be out of nothing." He added that "the cross-border flow of talent has driven technological and economic progress all across the world" and that he hoped the U.S. would "work to promote instead of disrupting China-US scientific exchange and cooperation."

Shenkin emphasized that the goal of the FBI's briefings, which predate the DOJ's China Initiative, is to focus on individual vulnerabilities, rather than having companies walk away not trusting their Chinese or Russian employees.

"What we're trying to say is, if you hire somebody that has a vulnerability to an autocracy, your best course of action is to help that person, to train that person to understand what their vulnerabilities are so they can protect themselves and the company can help protect that individual from exploitation by that autocratic government," he said. "That's our goal. And that's why we do this brief."

Like a phishing email

The solution the FBI pitches is neither a blanket ban on foreign nationals nor the shrug-emoji approach of assuming it's inevitable. Instead, Shenkin sees it like phishing emails: Companies need to train their employees to know what to look out for and install back-up measures to minimize the damage when someone slips up.

Big tech companies often already have the staff in place to assess insider threats and build the security back-ups needed to counter them, but startups are particularly vulnerable thanks to their size and work on cutting-edge technologies. That's why the FBI developed the Delta Protocol, named after the "delta" between when a company is formed and when it's large enough to have its own security staff trained for internal threats.

In the Delta Protocol, the FBI includes basic best practices like advising companies to log who has access to sensitive IP and install needed physical security, like self-locking doors and alarms. It also has a section on helping companies identify insider threat characteristics, from employees who may be coerced through high-risk activities (like racking up gambling debts that a government could pay off in exchange for information) to the mercenary employee who shows zero loyalty and will sell information to the highest bidder (described as someone who "may have significant issues in the workplace such as an inability to work with others, extreme disgruntlement, belligerence, and frequent violations of workplace rules and policies.")

Getting companies to adopt the Delta Protocol, or at least start grasping the scale of potential IP theft, is why the FBI has been doing more outreach.

"I think the most important thing for us is for people to understand the scope of this threat, and just how absolutely quotidian a large group of people's everyday job is to steal technology from Silicon Valley. That's just what they do for a living," Shenkin said. "And so much of it is not just people who steal because they want to steal technology. A very, very large chunk of it is normal human beings who do not want to steal, who were just trying to protect their families, and have to steal in order to protect their families."

Loom, Zoom, boom: How Rippling raised $250 million with a demo video and a memo

Video app Loom has become the founder’s tool of choice for pitching venture capitalists.

Rippling CEO Parker Conrad recorded a product demo on Loom and sent it to investors as a fundraising shortcut.

Photo: Rippling

Parker Conrad has come to deeply loathe PowerPoint slides. He’s raised money for three different startups, and sending investors slides of a pitch deck feels like sending them only half a presentation, he said.

“It’s like sending someone a song and some of the tracks of music are missing,” Conrad, the co-founder and CEO of HR startup Rippling, told Protocol. “Any slide that you put together is meant to be accompanied by your voice track. And so if you’re sending slides without that, it’s a terrible way to convey information.”

Keep Reading Show less
Biz Carson

Biz Carson ( @bizcarson) is a San Francisco-based reporter at Protocol, covering Silicon Valley with a focus on startups and venture capital. Previously, she reported for Forbes and was co-editor of Forbes Next Billion-Dollar Startups list. Before that, she worked for Business Insider, Gigaom, and Wired and started her career as a newspaper designer for Gannett.

The fintech developers who made mobile banking as routine as texting or online shopping aren't done. The next frontier for innovation is open banking – fintech builders are enabling consumers to be at the center of where and how their data is used to provide the services they want and need.

Most people don't even realize they're using open banking services today. If they connected their investment and banking accounts in a personal financial management solution or app, they're using open banking. Perhaps they've seen ads about how they can improve their credit score by uploading pay stubs or utility records to that same app – this is also powered by open banking.

Keep Reading Show less
Bob Schukai
Bob Schukai is Executive Vice President of Technology Development, New Digital Infrastructure & Fintech at Mastercard, where he leads the technical design, execution and support of innovative open banking and fintech solutions, as well as next generation technologies to support global payment and data capabilities. Prior to Mastercard, Schukai’s work focused on cognitive computing, financial technology, blockchain, user experience and digital identity. He is also a member of the Institute for Electrical and Electronics Engineers.

The cry-laughing emoji has absolutely earned this

Is it always sincere or even trendy? No. Does it serve its purpose? Absolutely.

The laugh-cry emoji has provided us with a codified process for indicating that we are all having a fun time here.

Photo: atomicstudio via Getty Images

In a stunning victory for the rights of people who find out about TikToks via Instagram Reels and have fond memories of Warped tour, the cry-laughing emoji has once again emerged from the fray as the most-used emoji of the year, according to data from the Unicode Consortium. The tearful grin, whose Christian name is “Face with Tears of Joy,” hasn’t relinquished its stranglehold on the top spot since 2015, when we as a nation were reeling from Zayn Malik’s One Direction exit, marveling at the Sisyphean efforts of pizza rat and becoming slowly numb to Uptown Funk. That was the same year that the teary-eyed grin was named Oxford Dictionary’s word of the year.

This is the second year that the Unicode Consortium, a nonprofit organization tasked with digitizing language, has released data (the first was in 2019). Other emoji in the top 10 include the red heart, sobbing face, face with heart eyes and Old Faithful, the venerable smiley face 😊. The Consortium notes that many of the most-used emoji’s placements have stayed consistent from its 2019 data, although the pleading face emoji (🥺) did make a noticeable leap from 97 to 14.

Keep Reading Show less
Becca Evans
Becca Evans is a copy editor and producer at Protocol. Previously she edited Carrie Ann Conversations, a wellness and lifestyle publication founded by Carrie Ann Inaba. She's also written for STYLECASTER. Becca lives in Los Angeles.
Protocol | Policy

Inside the scramble to fix Biden’s plan for the future of the internet

The White House is planning to unveil its Alliance for the Future of the Internet this week following a month of pushback and a mad dash to reshape the ambitious proposal.

An initial proposal raised alarm bells with civil society groups and other U.S. government agencies alike.

Photo: Joe Daniel Price/Getty Images

The White House is set to announce plans this week for its much-anticipated Alliance for the Future of the Internet, a bid to rally a coalition of democracies around a vision for an open and free web.

But behind the scenes, digital rights advocates, foreign governments and even other U.S. officials have spent the last month scrambling to push the White House to rethink its initial plans, leaving the fine points of the proposal in flux with days to go before the big reveal.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | China

How IP protection drove Chinese fans away from Hollywood

The sentencing of China’s largest volunteer subtitle group is a warning message to fans of pirated material.

Two major Chinese video platforms attended a press conference of the action against copyright violations in Beijing on Nov. 13, 2013.

Photo: WANG ZHAO / Stringer via Getty Images

For 16 years, Liang Yongping led one of the biggest Chinese fan translation groups, one that has brought countless foreign movies to the Chinese internet. His methods were legally questionable, but for a long time, the government didn’t seem to mind. When Liang was interviewed by a state-run magazine in 2011, he was called “the preacher of knowledge in the internet era.

But on Nov. 22, Liang was handed a sentence of 3.5 years in prison and a fine of over $230,000. The reason, to no one’s surprise, was copyright infringement.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
Latest Stories