(Bloomberg) -- Oak Ridge National Laboratory in Tennessee has for decades been a hotbed of US nuclear experimentation. It’s also a target for countries seeking to steal American secrets. More than 1,700 technologies developed in the lab are in China’s crosshairs, according to three-year-old startup Strider Technologies Inc. The list includes ion beams, nuclear power equipment and energy storage materials.
Using custom software to scour widely available sources of information on China’s internet, Strider executives said they identified two postdoctoral researchers in nanotechnology who, while working at Oak Ridge, were recruited into China’s Youth Thousand Talents Program. The researchers were lured by perks including a grant of 500,000 yuan (about $75,000) apiece and other subsidies worth up to 3 million yuan (about $450,000), the executives said. Both relocated to China and are now employed by university labs with ties to China’s defense industry, they said.
This is the potential power of Strider, which uses open-source data from China to identify technologies most at risk of being stolen—and to spot the people who might be tempted to steal them. The company’s pitch coincides with a debate in the US over how to investigate Chinese industrial espionage while protecting civil liberties, and follows a decision by the Justice Department to shut down a program targeting crimes involving China amid allegations that the agency was targeting people based on their ethnicity.
The brainchild of globetrotting American twin brothers, Strider, which is based in suburban Salt Lake City, used Oak Ridge only as an example of its prowess; the lab isn’t a client.
“Companies around the world have been dealing with nation-state threats and IP theft for a decade or more, with little to no tools,” said Eric Levesque, Strider’s chief operating officer. “Governments can’t solve for this and there is huge unmet demand in the market. We’re enabling companies to get ahead of the threat rather than just react to issues post-incident.”
For its part, Oak Ridge said it has strict policies to “protect US scientific research and technological innovation from exploitation by foreign governments while continuing to recognize international cooperation as a bedrock value.” Employees are required to disclose any “perceived participation” in foreign recruitment programs, and foreign nationals are subject to background checks and restrictions on work they can perform, the lab said.
China’s Ministry of Foreign Affairs didn’t immediately respond to requests for comment on Strider’s claims about Oak Ridge. Regarding allegations of IP theft involving China, a spokesperson for the ministry said, “Statements about the Chinese side’s so-called stealing of intellectual property ignore basic facts and are entirely malicious slandering and smearing against China. We firmly oppose this.”
China’s scientific achievements were “fought for through the intelligence and sweat of the Chinese people,” the spokesperson said.
Founded in 2019 by Greg and Eric Levesque, Strider has raised $57 million from DataTribe, Koch Disruptive Technologies and Valor Equity Partners, an early investor in Tesla Inc. and Space Exploration Technologies Corp., at a valuation of more than $200 million.
Company executives said they have dozens of Fortune 500 customers, including semiconductor, aerospace and defense, and oil and gas companies, but declined to name any, citing confidentiality agreements.
One customer that Bloomberg was able to identify—the US Air Force—has used the technology since 2020 to vet its suppliers for potentially problematic ties to China, according to procurement records and two people involved with the work, who requested anonymity because they weren’t authorized to discuss the project publicly.
In a statement, the Air Force confirmed that the Defense Department has contracted with Strider “to build a more robust assessment of adversarial foreign ownership, control and influence risk.” “DoD ran several pilots with Strider over the past 18 months,” according to the Air Force statement. “These pilots provided innovative approaches to identify risk at scale across several DoD research programs.”
The Levesque brothers, who are from Augusta, Maine, credit early international travel for developing language skills and foreign exposure that has informed their work. Greg Levesque became fluent in Mandarin Chinese during a mission for the Mormon church to Taipei, Taiwan, and Eric Levesque served his mission in Yekaterinburg, Russia, becoming fluent in Russian.
When they decided to start a company together, Greg was a Washington-based consultant on national security and China. Eric was in Oman, researching tech investments for the Middle Eastern country’s sovereign wealth fund.
Greg’s work revealed that there was a huge amount of data on the Chinese internet detailing Beijing’s programs to recruit engineers and scientists, potentially signaling efforts to acquire foreign technologies. That information, the brothers concluded, could be helpful for organizations trying to protect their trade secrets.
A third founder, Mike Brown, the former chief technology officer for Comscore Inc., the digital media-measurement company, has led the development of Strider’s algorithms. He said they use techniques from the online advertising industry to identify targets of recruitment and correlate their activities across multiple large datasets.
National security officials say that Chinese IP theft causes billions of dollars in losses each year, and FBI Director Christopher Wray said earlier this month that the Chinese government poses the “biggest long-term threat to our economic and national security.”
In 2018, under the Trump administration, the Justice Department launched what it called the “China Initiative” to investigate a range of crimes connected to China, focused especially on corporate espionage and cases involving “non-traditional collectors” of sensitive information, including university researchers.
But the Justice Department shut down the program in February after it was accused of stoking discrimination and more than a half dozen cases against academics failed in court or were withdrawn. The agency rebranded its efforts to no longer focus specifically on China, and improved oversight of cases involving academics — the types that prompted much of the criticism of the China Initiative.
Several China scholars said they were concerned that Strider’s technology could represent a “privatizing” of the China Initiative and stigmatize people without their knowledge, a characterization that Strider rejects.
“Once you’re flagged, that’s going to shape your career trajectory,” said Abigail Coplin, an assistant professor at Vassar College whose focus is technology and China. “Even if they don’t fire you, when in doubt, an HR manager is not going to put people on these lists on sensitive projects. That level of opacity is deeply alarming.”
Jim Dempsey, a civil liberties expert and lecturer on cybersecurity at the University of California Berkeley School of Law, said Strider’s data has the potential to be abused if employers use it to justify targeting employees based on ethnicity. But investigations involving China are complicated, in part because Beijing focuses recruitment efforts on Chinese nationals living abroad, he said.
“The Chinese government has made ethnicity an issue: the Chinese government is targeting individuals of Chinese background,” Dempsey said. “The ethnicity element is unavoidable, but that’s not to say there’s nothing to worry about here.”
Greg Levesque, Strider’s chief executive officer, said his company’s algorithms look for connections between people and Chinese government programs for recruiting engineers and scientists. The data the company compiles include lists of invited speakers to Chinese universities and government-sponsored conferences, and membership rosters of talent programs offering grants and other incentives to work in China, he said.
The company doesn’t consider ethnicity nor does it accuse anyone of committing a crime—it highlights only that they are being targeted by a foreign government and could be susceptible to its inducements, he said. A link on Strider’s website allows a way for people to request the data the company holds about them and delete it if desired.
Greg Levesque said that despite the setbacks caused by the China Initiative, the vast majority of prosecutions involving China in recent decades have been successful, underscoring the need for organizations to protect themselves.
The Justice Department declined to provide comprehensive numbers. But a database kept by Nick Eftimiades, a senior fellow at the Atlantic Council, shows that since the 1990s, 683 people have been charged with espionage, theft of trade secrets, illegally exporting military technologies and other alleged crimes involving China. Most of the cases are in the US, he said. Of those, 461 people have been convicted, and most of the others are pending or involve people who are fugitives, said Eftimiades, who previously worked at the Defense Department and Central Intelligence Agency. Fewer than 10 percent have resulted in acquittals or the government dropping charges, he said.
Another Strider customer that Bloomberg was able to identify is a large US technology company, which government records show has incurred billions of dollars in losses as a result of IP theft by China. Strider’s data has provided crucial insights into potential insider threats that would otherwise be difficult to obtain, according to an executive employed by the company, who agreed to discuss its use of Strider on the condition that it not be named.
The company has safeguards in place to prevent abuse, the person said. Workers flagged by Strider are assessed by the security team, which determines how serious of a potential risk each one represents, the person said. The most concerning cases are forwarded to the legal department, which then decides which—if any—can be investigated using measures including accessing their e-mail and monitoring activities on the corporate network, the person said.
Strider has uncovered previously unknown information, the person said. The company had investigated an engineer who worked on a sensitive technology for suspected trade secret theft—a probe that was limited and ultimately inconclusive, the person said. But Strider found evidence that the company had missed, showing that Chinese officials had approached the engineer about recruitment to a talent program that came with lucrative financial benefits, the person said. Not long after the approach, the engineer resigned and joined a different company in the same industry, the person said.
While not evidence of a crime, the person said, the information gave the security team what it needed to resurrect the investigation into whether the engineer stole IP while employed by the company—a probe that remains ongoing.
Most Read from Bloomberg Businessweek
©2022 Bloomberg L.P.