Targeting U.S. Technologies

Regional Collection Trends

Case Studies

A suspected representative of a foreign firm contacted via email a defense contractor employee, working on military grade technologies for a cleared U.S. defense company; however, DSS noted that the requestor's company's name did not match the incoming email address. The email correspondent claimed his company had an "urgent requirement" for military-grade technology developed at the contractor facility and wanted to establish a business relationship. Subsequent analysis revealed that the email address the correspondent used was associated with a second foreign company having a history of end-user certificate fraud.

A representative of a foreign research center contacted a cleared U.S. defense facility and provided product design schematics in an apparent attempt to justify obtaining export-controlled materials. A review of the research center's schematics revealed that they were associated with a military critical technology program. At first, the research center denied that the product in the schematics had any military applications; but when challenged, they eventually recanted and admitted the product design could indeed be used for military purposes. Despite this exposed deception, the foreign firm's representatives continued to maintain they had no intention of utilizing the final product for such purposes.

A cleared U.S. defense company reported receiving multiple deceptive emails with attachments that (when opened) resulted in malicious software being automatically installed on the company's internal computer system. Numerous employees within this cleared defense company were victims of this ruse. Following the extraction and analysis of one of the malicious payloads, cleared U.S. defense analysts discovered additional malicious codes embedded in .gif and .jpg image files in the software.

Over several months, a foreign firm repeatedly contacted an employee of a U.S. cleared defense company, cultivating his assistance to procure components for the foreign firm's use. Although the contact began with a seemingly innocuous request for non-export controlled components, the foreign firm later amended its list to include dual-use export controlled items. The foreign company eventually shared the contractor employee's contact information with multiple sections inside the foreign firm, resulting in a flood of additional requests to the same contractor employee. Within a month, this same foreign firm shifted focus to a second cleared defense company, requesting technology of interest to the military research and development efforts of the foreign firm's country of origin.

An individual apparently posing as a foreign student contacted an employee working for a cleared U.S. defense company performing aerodynamics research, asking for what amounted to classified information on the cleared defense company's UAV applications. The foreign "student," supposedly an aerodynamics major at a major foreign university, also inquired about the possibility of an intern position in the company's aerodynamics research branch. The "student's" requested information and research interests related to classified and export restricted technology actively sought by the student's country of origin.

An engineering team from a U.S. defense contractor participated in an exchange with a foreign counterpart team during which approved, unclassified technical information was shared between participants. Following the exchange program's completion, representatives of the U.S. company discovered several export-restricted documents among a large volume of printed materials that the foreign engineer team left on-site. Upon further review of the printed materials the foreign engineers left, the U.S. company representatives discovered the foreign team had acquired a large amount of open source information on military programs clearly outside the scope of the unclassified contract with the cleared U.S. defense company.

Back to Top