Cybersecurity Professor Reportedly Under Investigation for China Funding Before Vanishing, Sources Indicate

In a recent incident involving faculty member Xiaofeng Wang and his spouse, Nianli Ma, Indiana University (IU) has found itself at the center of a federal investigation, leading to the termination of Wang’s employment on March 28. According to Jason Covert, part of the legal team representing Wang and Ma, both individuals are currently safe and have not faced any arrest. They are reportedly unaware of any pending criminal charges, although their attorneys have reviewed a search warrant issued by the Department of Justice but have not yet received the supporting affidavit.

Wang, an esteemed researcher specializing in privacy, data security, and biometric privacy, has been affiliated with IU since 2004. In 2022, he established the Center for Distributed Confidential Computing and secured a grant exceeding $3 million from the National Science Foundation. As a recipient of federal funding, Wang would have been obligated to disclose any other grants he had received or were under consideration, raising questions about the university’s actions in light of potential investigations into his work.

The situation escalated when the FBI executed searches at two properties linked to Wang on March 28. On the same day, IU’s provost communicated Wang’s termination via email. This correspondence indicated that Wang had accepted a position at an unnamed university in Singapore, a claim reiterated in a subsequent statement. Wang allegedly requested a leave of absence to transition to the new role starting June 1, 2025, but IU preemptively placed him on administrative leave, disabled his email, and removed his university profile.

Legal representatives argue that the circumstances surrounding Wang’s dismissal breach established university protocol, which necessitates a hearing and providing notice before terminating a tenured faculty member. Concerns among faculty members are mounting, as they question the implications of dismissing a tenured professor without due process. Such actions could set a precedent that erodes job security and institutional integrity.

In light of these developments, an IU spokesperson confirmed the institution’s awareness of the federal probe but stated that the university would refrain from commenting further on the investigation, including any specifics regarding Wang’s employment status or the nature of communications leading to his dismissal.

From a cybersecurity perspective, this incident raises critical considerations about the vulnerabilities within academic institutions, particularly in the handling of sensitive research data and compliance with federal funding requirements. The tactics employed in this scenario may encompass initial access, particularly as it relates to investigations triggered by suspected misconduct. An understanding of persistence and privilege escalation methods could be pivotal in analyzing the nature of the threats faced by professionals working in data-sensitive environments.

As educational institutions increasingly become targets in the cybersecurity landscape, the case involving Wang serves as a reminder of the potential implications of breaches in data protection, privacy, and compliance with both legal and ethical standards. Business owners and stakeholders in similar fields should remain vigilant, considering the challenges of securing intellectual property and ensuring adherence to regulatory obligations in an era where such incidents can not only damage reputations but also jeopardize ongoing research and funding opportunities.

Source