Ex-GE engineer gets two years in prison after stealing turbine tech for China An ex-General Electric engineer has been sentenced to two years in prison after being convicted of stealing the US giant's turbine technology for China. New York resident Xiaoqing Zheng, 59, who used to be employed at GE Power and specialized in turbine sealing technology, was convicted of conspiracy to commit economic …
"His time behind bars should have been at least 10 years"
But then, we don't know how secret were the data he attempted to steal.
Methink it was proprietary but in no way secret. And using crypto and steg. shows he had some technical training for data exfiltration, but probably not enough :)
I was a little surprised at the sentence myself. It sounds fair for what he did, but incredibly lenient by US standards.
I'd be interested know what you think GEs financial loss is though. I'm sure GEs lawyers managed to come up with some very large number which the judge will have taken into account based on reality when applying the sentencing guidelines.
Power turbine manufacturers make a 'lot' of money by way of servicing and refurbishment of turbines as non OEM parts invalidate warranties. Major failiure of a turbine with a purchase cost in 10's to 100 million GBP range is an expensive outcome.
The sealing technology refered to are generally proprietary designs which minimise the flow and escape of heat energy through the rotating parts of the turbine ( generically refered to as labyrinth seals). The more effective the design, the higher the efficiency of the turbine due to reduced losses.
These are the factors which would be used to build the business case and influence the court regarding IP loss and overall monetary impact.
China has been slurping up as much tech as they can for their use for a long time. Everything from computers to cars to airplanes and even pirating other industries large and small. And yes they shoiuld have tossed the book at him as China would that to anyone "stealing" for any non-Chinese companies.
Very high risk, encrypting, using steg, emailing from company PC - massive digital trail.
Was security such that personal mobile phones were not allowed on site? ..As taking a few photos of information is a lot less risky (though downside is later using OCR and potentially manually fixing of faulty conversion to get the data back unless purchaser is OK just with the photos)
So many companies lock down & audit machines massively but seem to forget that the majority of their employees carry a device in their pocket with ability to easily, rapidly and subtly take lots of decent quality photos of sensitive data.
A friend told me he visited a companies that was aware of the smart phone camera attack vector. They placed a seal over the camera of his phone and inspected that seal on checkout. He didn't tell the security guys that he could just have removed the back cover of the phone unblocking the lens while leaving the seal intact.
Locking down your employees computer to stop espionage is about as (in)effective as taking away water bottles from passengers to stop bombs being smuggled onto an airplane. I believe management is aware of that but has to do something to be able to say they did their due diligence.
Real security would be inconvenient and get in the way of work being done and more importantly money being made.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
