Crossroads Blog | Institute National Security and Counterterrorism

Cyber Espionage, Cyber Exploitation

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

Actual Indictment

Announced June 14, 2016:

Manhattan U.S. Attorney Announces Economic Espionage Charges Against Chinese Man For Stealing Valuable Source Code From Former Employer With Intent To Benefit The Chinese Government

Preet Bharara, the United States Attorney for the Southern District of New York, and John P. Carlin, Assistant Attorney General for National Security, announced a six-count superseding indictment (the “Superseding Indictment”) charging XU JIAQIANG with economic espionage and theft of trade secrets, in connection with XU’s theft of proprietary source code from XU’s former employer, with the intent to benefit the National Health and Family Planning Commission of the People’s Republic of China.  XU was initially arrested by the Federal Bureau of Investigation (“FBI”) in White Plains on December 7, 2015, and had previously been charged with one count of theft of trade secrets.  XU is scheduled to be arraigned on the Superseding Indictment at 12:00 p.m. on Thursday, June 16, 2016, in White Plains federal court before the Honorable Kenneth M. Karas.

U.S. Attorney Preet Bharara stated:  “As alleged, Xu Jiaqiang is charged with stealing valuable, proprietary software from his former employer, an American company, that he intended to share with an agency within the Chinese government.  Economic espionage not only harms victim companies that have years or even decades of work stolen, but it also crushes the spirit of innovation and fair play in the global economy.  Economic espionage is a serious federal crime, for which my office, the Department of Justice’s National Security Division, and the FBI will show no tolerance.”

Assistant Attorney General John P. Carlin stated: “Xu allegedly stole proprietary information from his former employer for his own profit and the benefit of the Chinese government.  Those who steal America’s trade secrets for the benefit of foreign nations pose a threat to our economic and national security interests.  The National Security Division will continue to work tirelessly to identify, pursue and prosecute any individual who attempts to harm American businesses by robbing them of their valuable intellectual property.”

According to the allegations contained in the criminal Complaint on which Xu was initially arrested, the original Indictment, and the Superseding Indictment[1] filed today in Manhattan federal court:

From November 2010 to May 2014, XU worked as a developer for a particular U.S. company (the “Victim Company”).  As a developer, XU enjoyed access to certain proprietary software (the “Proprietary Software”), as well as that software’s underlying source code (the “Proprietary Source Code”).  The Proprietary Software is a clustered file system developed and marketed by the Victim Company in the United States and other countries.  A clustered file system facilitates faster computer performance by coordinating work among multiple servers.  The Victim Company takes significant precautions to protect the Proprietary Source Code as a trade secret.  Among other things, the Proprietary Source Code is stored behind a company firewall and can be accessed by only a small subset of the Victim Company’s employees.  Before receiving Proprietary Source Code access, Victim Company employees must first request and receive approval from a particular Victim Company official.  Victim Company employees must also agree in writing at both the outset and the conclusion of their employment that they will maintain the confidentiality of any proprietary information.  The Victim Company takes these and other precautions in part because the Proprietary Software and the Proprietary Source Code are economically valuable, which value depends in part on the Proprietary Source Code’s secrecy.

In May 2014, XU voluntarily resigned from the Victim Company.  XU subsequently communicated with one undercover law enforcement officer (“UC-1”), who posed as a financial investor aiming to start a large-data storage technology company, and another undercover law enforcement officer (“UC-2”), who posed as a project manager, working for UC-1.  In these communications, XU discussed his past experience with the Victim Company and indicated that he had experience with the Proprietary Software and the Proprietary Source Code.  On March 6, 2015, XU sent UC-1 and UC-2 a code, which XU stated was a sample of XU’s prior work with the Victim Company.  A Victim Company employee (“Employee-1”) later confirmed that the code sent by XU included proprietary Victim Company material that related to the Proprietary Source Code.

XU subsequently informed UC-2 that XU was willing to consider providing UC-2’s company with the Proprietary Source Code as a platform for UC-2’s company to facilitate the development of UC-2’s company’s own data storage system.  XU informed UC-2 that if UC-2 set up several computers as a small network, then XU would remotely install the Proprietary Software so that UC-1 and UC-2 could test it and confirm its functionality.

In or around early August 2015, the FBI arranged for a computer network to be set up, consistent with XU’s specifications.  Files were then remotely uploaded to the FBI-arranged computer network (the “Xu Upload”).  Thereafter, on or about August 26, 2015, XU and UC-2 confirmed that UC-2 had received the Xu Upload.  In September 2015, the FBI made the Xu Upload available to a Victim Company employee who has expertise regarding the Proprietary Software and the Proprietary Source Code (“Employee-2”).  Based on Employee-2’s analysis of technical features of the Xu Upload, it appeared to Employee-2 that the Xu Upload contained a functioning copy of the Proprietary Software.  It further appeared to Employee-2 that the Xu Upload had been built by someone with access to the Proprietary Source Code who was not working within the Victim Company or otherwise at the Victim Company’s direction.

On December 7, 2015, XU met with UC-2 at a hotel in White Plains, New York (the “Hotel”).  XU stated, in sum and substance, that XU had used the Proprietary Source Code to make software to sell to customers, that XU knew the Proprietary Source Code to be the product of decades of work on the part of the Victim Company, and that XU had used the Proprietary Source Code to build a copy of the Proprietary Software, which XU had uploaded and installed on the UC Network (i.e., the Xu Upload).  XU also indicated that XU knew that the copy of the Proprietary Software XU had installed on the UC Network contained information identifying the Proprietary Software as the Victim Company’s property, which could reveal the fact that the Proprietary Software had been built with the Proprietary Source Code without the Victim Company’s authorization.  XU told UC-2 that XU could take steps to prevent detection of the Proprietary Software’s origins – i.e., that it had been built with stolen Proprietary Source Code – including writing computer scripts that would modify the Proprietary Source Code to conceal its origins.

Later on December 7, 2015, XU met with UC-1 and UC-2 at the Hotel.  During that meeting, XU showed UC-2 a copy of what XU represented to be the Proprietary Source Code on XU’s laptop.  XU noted to UC-2 a portion of the code that indicated it originated with the Victim Company as well as the date on which it had been copyrighted.  XU also stated that XU had previously modified the Proprietary Source Code’s command interface to conceal the fact that the Proprietary Source Code originated with the Victim Company and identified multiple specific customers to whom XU had previously provided the Proprietary Software using XU’s stolen copy of the Proprietary Source Code.

In connection with the economic espionage counts charged in the Superseding Indictment, XU stole, duplicated, and possessed the Proprietary Source Code with the intent to benefit the National Health and Planning Commission of the People’s Republic of China.

*                *                *

The Superseding Indictment charges XU, 30, with three counts of economic espionage, in violation of Title 18, United States Code, Sections 1831 and 2, each of which carries a maximum sentence of 15 years in prison, and three counts of theft of a trade secret, in violation of Title 18, United States Code, Sections 1832 and 2, each of which carries a maximum sentence of 10 years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by a judge.

Mr. Bharara praised the FBI’s outstanding investigative efforts.  This prosecution is the result of the close cooperative efforts of the U.S. Attorney’s Office for the Southern District of New York and the National Security Division of the U.S. Department of Justice.

The case is being prosecuted by the Office’s Terrorism and International Narcotics Unit and its White Plains Division.  Assistant U.S. Attorneys Benjamin Allee and Ilan Graff are in charge of the prosecution, with assistance from Trial Attorney David Aaron of the National Security Division’s Counterintelligence and Export Control Section.

The charges in the Superseding Indictment, the original Indictment, and the Complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

Actual Indictment

 

 

Leave a Reply

Bitnami