The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Sinovel Fined $1.5M in IP Theft Case

by Chris Brook on Wednesday July 11, 2018

Contact Us
Free Demo
Chat

Sinovel, a Chinese turbine manufacturer behind one of the decade's classic insider threat cases, was ordered to pay $1.5M by a federal judge last week for the theft of trade secrets.

On the heels of a conviction in January, a federal judge late last week ordered Sinovel Wind Group, the Chinese turbine manufacturer involved in a nasty, lengthy IP theft case, to pay $1.5 million for stealing trade secrets from the U.S. based firm AMSC, Inc.

In addition to handing down the fine - the maximum U.S. District Judge James Peterson could have levied - Sinovel was also placed on probation for a year.

The $1.5M figure stems from the fact that AMSC's losses, in the eyes of Judge Peterson, surpassed $550 million, a number that correlated to the maximum statutory fine of $1.5M. While on probation the company will be forced to pay Massachusetts turbine owners $850,000 in restitution.

“This case is about protecting American ideas and ingenuity,” Scott C. Blader, the U.S. attorney for the Western District of Wisconsin said Friday, according to the Associated Press. “The devastation Sinovel’s illegal actions caused to AMSC and its employees will not be tolerated.”

The ruling comes just a few days after the two companies agreed to a settlement in which Sinovel would pay $57.5 million restitution to AMSC in two installments. According to AMSC, Sinovel was prompt in paying the first installment. Sinovel paid AMSC $32.5 million on July 4, and will reportedly pay the second installment, $25 million, at some point before May 6, 2019, a date that will mark ten months since Friday's sentence.

The fine is the latest in the U.S. v. Sinovel Wind Group Co Ltd saga. Both rulings, Friday’s and the settlement, reached on July 3, come a few months after a jury convicted the company of conspiracy to commit trade secret theft, theft of trade secrets, and wire fraud.

The case, for those who haven't been keeping track, involved the theft of source code stolen by an employee who in 2011 worked for AMSC in Austria. The employee, Dejan Karabasevic, worked for AMSC Windtec Gmbh, a subsidiary of AMSC, copied code on a turbine control system from a machine in Wisconsin to Austria.

The theft came after Sinovel had contracted with AMSC, formerly known as American Superconductor Inc. to purchase $800 million in equipment that would facilitate how electricity flows from turbines to the electrical grid.

The theft purportedly cost the Massachusetts company, a global energy solutions provider, over $1 billion in shareholder equity and 700 jobs.

The fine, like most of the legal repercussions in the court case so far, likely serves as a stark reminder to corporations of the exigencies of the insider threat.

Sinovel didn’t rely on a collective of hackers to siphon data from AMSC. The company recruited Karabasevic, who was working for AMSC on a one-year contract, to copy the company’s source code from its systems. Enterprises should be equipped to combat not just external threats but internal threats as well, especially if the organization relies on valuable trade secrets, or intellectual property, to do its business.

Companies need to ensure that sensitive data doesn't fall into the wrong hands. When that data does, organizations should make sure there's a way to monitor it as its moved or uploaded. In this case details on AMSC's LVRT (Low Voltage Ride Through) software, software Sinovel wanted to help comply to retrofit turbines to China's grid requirements, was stolen.

The source code may have been a critical piece of the company's business but it still took AMSC several months to discover the theft. Data loss prevention software could have kept track of sensitive electronic data in motion and prevented the exfiltration of data like source code. Endpoint detection and response technology could have provided AMSC visibility, detect Karabasevic's suspicious activity, and alerted the company before it was too late.

Tags: Industry Insights, IP Protection

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.