The U.S. Attorney’s Office Southern
District of New York offers the below information:
Joon H. Kim, the Acting
United States Attorney for the Southern District of New York, and Dana Boente,
Acting Assistant Attorney General for National Security, announced today that
XU JIAQIANG pled guilty to economic espionage and theft of a trade secret, in
connection with XU’s theft of proprietary source code from XU’s former
employer, with the intent to benefit the National Health and Family Planning
Commission of the People’s Republic of China. XU pled guilty earlier today to
all six counts with which he was charged, before the U.S. District Judge
Kenneth M. Karas in White Plains federal court.
Acting U.S. Attorney Joon H.
Kim said: “Xu Jiaqiang admitted and pled guilty today to stealing high tech
trade secrets from a U.S. employer, intending to benefit the Chinese
government. What Xu did was not only a federal crime, but a threat to our
national security and the American spirit of innovation. Our Office is
committed to finding, arresting and holding accountable those who take
advantage of American businesses by engaging in economic espionage.”
Acting Assistant Attorney
General Dana Boente said: “Today, Xu pleaded guilty to stealing trade secrets from
his former employer for his own profit and intending to benefit the People’s
Republic of China. The Economic Espionage Act is a key tool in protecting our
economic and security interests. The National Security Division will pursue and
prosecute any individual who steals intellectual property from American
businesses to benefit a foreign government.”
According to the allegations
contained in the Complaint and the Superseding Indictment filed against XU, as
well as statements made in related court filings and proceedings:
From November 2010 to May
2014, XU worked as a developer for a particular U.S. company (the “Victim
Company”). As a developer, XU enjoyed access to certain proprietary software
(the “Proprietary Software”), as well as that software’s underlying source code
(the “Proprietary Source Code”). The Proprietary Software is a clustered file
system developed and marketed by the Victim Company in the United States and
other countries. A clustered file system facilitates faster computer performance
by coordinating work among multiple servers. The Victim Company takes
significant precautions to protect the Proprietary Source Code as a trade
secret. Among other things, the Proprietary Source Code is stored behind a
company firewall and can be accessed only by a small subset of the Victim
Company’s employees. Before receiving Proprietary Source Code access, Victim
Company employees must first request and receive approval from a particular
Victim Company official. Victim Company employees must also agree in writing at
both the outset and the conclusion of their employment that they will maintain
the confidentiality of any proprietary information. The Victim Company takes
these and other precautions in part because the Proprietary Software and the
Proprietary Source Code are economically valuable, which value depends in part
on the Proprietary Source Code’s secrecy.
In May 2014, XU voluntarily
resigned from the Victim Company. XU subsequently communicated with one
undercover law enforcement officer (“UC-1”), who posed as a financial investor
aiming to start a large-data storage technology company, and another undercover
law enforcement officer (“UC-2”), who posed as a project manager, working for
UC-1. these communications, XU discussed his past experience with the Victim
Company and indicated that he had experience with the Proprietary Software and
the Proprietary Source Code. On March 6, 2015, XU sent UC-1 and UC-2 a code,
which XU stated was a sample of XU’s prior work with the Victim Company. A Victim
Company employee (“Employee-1”) later confirmed that the code sent by XU
included proprietary Victim Company material that related to the Proprietary
Source Code.
XU subsequently informed UC-2
that XU was willing to consider providing UC-2’s company with the Proprietary
Source Code as a platform for UC-2’s company to facilitate the development of
its own data storage system. XU informed UC-2 that if UC-2 set up several
computers as a small network, then XU would remotely install the Proprietary
Software so that UC-1 and UC-2 could test it and confirm its functionality.
In or around early August
2015, the FBI arranged for a computer network to be set up, consistent with
XU’s specifications. Files were then remotely uploaded to the FBI-arranged
computer network (the “Xu Upload”). Thereafter, on or about August 26, 2015, XU
and UC-2 confirmed that UC-2 had received the Xu Upload. In September 2015, the
FBI made the Xu Upload available to a Victim Company employee who has expertise
regarding the Proprietary Software and the Proprietary Source Code
(“Employee-2”). Based on Employee-2’s analysis of technical features of the Xu
Upload, it appeared to Employee-2 that the Xu Upload contained a functioning
copy of the Proprietary Software. It further appeared to Employee-2 that the Xu
Upload had been built by someone with access to the Proprietary Source Code who
was not working within the Victim Company or otherwise at the Victim Company’s
direction.
On December 7, 2015, XU met
with UC-2 at a hotel in White Plains, New York (the “Hotel”). XU stated, in sum
and substance, that XU had used the Proprietary Source Code to make software to
sell to customers, that XU knew the Proprietary Source Code to be the product
of decades of work on the part of the Victim Company, and that XU had used the
Proprietary Source Code to build a copy of the Proprietary Software, which XU
had uploaded and installed on the UC Network (i.e., the Xu Upload). XU also
indicated that XU knew the copy of the Proprietary Software that XU had installed
on the UC Network contained information identifying the Proprietary Software as
the Victim Company’s property, which could reveal the fact that the Proprietary
Software had been built with the Proprietary Source Code without the Victim
Company’s authorization. XU told UC-2 that XU could take steps to prevent
detection of the Proprietary Software’s origins – i.e., that it had been built
with stolen Proprietary Source Code – including writing computer scripts that
would modify the Proprietary Source Code to conceal its origins.
Later on December 7, 2015, XU
met with UC-1 and UC-2 at the Hotel. During that meeting, XU showed UC-2 a copy
of what XU represented to be the Proprietary Source Code on XU’s laptop. XU
noted to UC-2 a portion of the code that indicated it originated with the
Victim Company as well as the date on which it had been copyrighted. XU also
stated that XU had previously modified the Proprietary Source Code’s command
interface to conceal the fact that the Proprietary Source Code originated with
the Victim Company and identified multiple specific customers to whom XU had
previously provided the Proprietary Software using XU’s stolen copy of the
Proprietary Source Code.
* * *
XU, 31, formerly of Beijing,
China, pled guilty to three counts of economic espionage, each of which carries
a maximum sentence of 15 years in prison, and three counts of theft of a trade
secret, each of which carries a maximum sentence of 10 years in prison. The
maximum potential sentences in this case are prescribed by Congress and are
provided here for informational purposes only, as any sentencing of the
defendant will be determined by the judge.
Xu's sentencing is scheduled
for October 13, 2017.
Mr. Kim praised the FBI’s
outstanding investigative efforts. He also thanked the U.S. Department of
Justice’s National Security Division.
The case is being handled by
the Office’s Terrorism and International Narcotics Unit and its White Plains
Division. Assistant U.S. Attorneys Benjamin Allee, Ilan Graff, and Shane T.
Stansbury, with assistance from Trial Attorney David Aaron of the National
Security Division’s Counterintelligence and Export Control Section, are in
charge of the prosecution.
No comments:
Post a Comment