Cyber security Photo: IC

A major commercial secret theft case uncovered by police in South China's Hainan Province has recently drawn widespread public attention. Using the guise of business cooperation, the criminal gang implanted malicious software into more than 1,000 corporate computers, resulting in the theft of core data such as bid quotes and technical plans from over 500 enterprises, with the losses exceeding 100 million yuan ($14.07 million). Beyond the sheer scale of the victims, the case also serves as a stark warning to all enterprises about the security of commercial secrets due to its covert modus operandi, the National Administration of State Secrets Protection said on Monday in its WeChat account. 

According to the administration's report, the main suspect surnamed Yu, leveraging years of experience in the construction industry and accumulated connections, colluded with others to fraudulently gain the trust of over 500 enterprises under the pretext of "helping prepare bid documents." While taking over the companies' office computers to prepare bids on their behalf, the gang secretly installed disguised remote control software on more than 1,000 devices.

After the computers were returned to the enterprises, the criminal gang used the software to steal operational records and commercial data from the computers, including key information crucial to corporate competitiveness such as bid quotes and technical plans.

After illegally obtaining the bid data, designated personnel screened and organize the bidding information. Subsequently, professional cost engineers in the gang used the information to calculate project costs, profit margins, and competitive conditions, deriving the "optimal bid price" that would ensure a winning position in tenders, thereby sharply boosting the gang's own bid success rate.

As the gang accumulated more data they shifted from merely participating in bids and undertaking construction projects to directly reselling winning projects for profit. This black-market industry chain allowed the gang to amass huge wealth within just a few years, with the total amount exceeding 100 million yuan.

However, the gang's unusually frequent bids that violated markets rules eventually drew police attention.

After meticulous investigation, the police found conclusive evidence of the disguised illegal remote control software in the compromised computers. In March this year, the Hainan police filed the case in accordance with the law and arrested five key suspects including Yu in one operation. The investigation is ongoing.

Although the main suspects in this case have been arrested, the National Administration of State Secrets Protection warned that the case exposes deeper problems in corporate commercial-secret and data-security protection that warrant serious reflection serious reflection.

The security authority emphasized that enterprises must embed security protections throughout their entire business process: in external cooperation, establish strict access controls, conduct background checks and qualification checks on partners, clarify data access rights and confidentiality responsibilities, and prevent core equipment from leaving their independent control; in terms of technical protection, they should comprehensively enhance protection capabilities, deploy systems such as data encryption and abnormal behavior monitoring, and implement classified management of core data.

Global Times