According to an article in Network World, a former product engineer at Ford Motor Co. has been charged with stealing sensitive design documents from the auto maker worth millions of dollars. Xiang Dong Yu, of Beijing, also known as Mike Yu, was arrested Wednesday at Chicago's O'Hare International Airport upon his entry into the U.S. from China where he is working with a Ford rival. 

As Personally Identifiable Information (PII), credit cards, and financial information become more commoditized on the black market, we’re going to start seeing more attacks focused on sensitive data that is considered intellectual property – such as Ford’s design documents. Insiders abound regardless of the state of the economy, however, in difficult economic times the number of insider attacks is known to increase as malicious insider actions are often triggered by some type of crisis – personal, financial, or professional.

The greatest threats are from the inside. Insiders can operate more quickly, easily, and with greater stealth than an outsider. Insiders have two things outsiders don’t:  trust and access.  This makes barriers to committing the crime less of a technical issue and more of an ethical one. Criminals know this, and they know the Return On Investment or ROI of recruiting an insider is better than an external attack:  why hack when you can recruit.

While the case at Ford deals with sensitive data theft, consider attacks on critical infrastructure supported by nation-states or even terrorist organizations. The impact of a malicious insider is far more devastating than that of an external attacker. Never before has so much information been so easily accessible by so many. This in combination with a difficult economic environment is a perfect storm for malicious insiders.

Unfortunately the actions at Ford by Xiang Dong Yu (aka Mike Yu) aren’t that dissimilar from other high profile incidents of insider threat where millions of dollars worth of intellectual property were stolen and given to competitors. 

Some examples include:

• A Chinese national—a programmer at Ellery Systems in Boulder Colorado transferred proprietary source code to a Chinese competitor Beijing Machinery.  Subsequently, foreign competition directly attributed to loss of the source code drove Ellery Systems into bankruptcy. This incident was partially responsible for the 1996 Economic Espionage Act.
• Yonggang (Gary) Min plead guilty to stealing $400 million in trade secrets from DuPont in 2006 after ten years as a research chemist with the intention of bringing it to a competitor.
• Three Coca-Cola employees were charged with stealing confidential information and samples of a new drink and trying to sell them to Pepsi.

For more information on insider threats including white papers, videos, webcasts, and podcast interviews - including an interview with the former Deputy Director of the NSA, check out this insider threat site.