The U.S. Justice Department released
the below information:
Xu Jiaqiang, 31, formerly of
Beijing, China, was sentenced yesterday to five years in prison, for economic
espionage and theft of a trade secret in connection with Xu’s theft of
proprietary source code from Xu’s former employer, with the intent to benefit the
National Health and Family Planning Commission of the People’s Republic of
China. Xu previously pleaded guilty to
all six counts with which he was charged.
Acting Assistant Attorney
General for National Security Dana J. Boente and U.S. Attorney Geoffrey S.
Berman for the Southern District of New York made the announcement. The sentence was imposed by U.S. District
Judge Kenneth M. Karas in White Plains, New York federal court.
“Xu, a Chinese national, is
being held accountable for engaging in economic espionage against an American
company,” said Acting Assistant Attorney General Boente. “Xu not only stole
high tech trade secrets from his U.S. employer – a federal crime – he did so
both for his own profit and intending to benefit the Chinese government. Xu’s sentence clearly demonstrates that the
National Security Division will not hesitate to pursue and prosecute those who
steal from American businesses. I thank
the many people who worked hard to bring this result.”
“As he previously admitted in
federal court, Xu Jiaqiang stole high-tech trade secrets from a U.S. employer,
intending to benefit the Chinese government,” said U.S. Attorney Berman. “The laws governing economic espionage and
trade secrets exist, in part, to protect the sanctity of American ingenuity and
property. Xu’s prison sentence should be
a red flag for anyone attempting to illegally peddle American expertize and
intellectual property to foreign bidders.”
According to the allegations
contained in the Complaint and the Superseding Indictment filed against Xu, as
well as statements made in related court filings and proceedings:
From November 2010 to May
2014, Xu worked as a developer for a particular U.S. company (the Victim
Company). As a developer, Xu enjoyed
access to certain proprietary software (the Proprietary Software), as well as
that software’s underlying source code (the Proprietary Source Code). The Proprietary Software is a clustered file
system developed and marketed by the Victim Company in the United States and
other countries. A clustered file system
facilitates faster computer performance by coordinating work among multiple
servers. The Victim Company takes significant
precautions to protect the Proprietary Source Code as a trade secret. Among other things, the Proprietary Source
Code is stored behind a company firewall and can be accessed only by a small
subset of the Victim Company’s employees.
Before receiving Proprietary Source Code access, Victim Company
employees must first request and receive approval from a particular Victim
Company official. Victim Company
employees must also agree in writing at both the outset and the conclusion of
their employment that they will maintain the confidentiality of any proprietary
information. The Victim Company takes
these and other precautions in part because the Proprietary Software and the
Proprietary Source Code are economically valuable, which value depends in part
on the Proprietary Source Code’s secrecy.
In May 2014, Xu voluntarily
resigned from the Victim Company. Xu
subsequently communicated with one undercover law enforcement officer (UC-1),
who posed as a financial investor aiming to start a large-data storage
technology company, and another undercover law enforcement officer (UC-2), who
posed as a project manager, working for UC-1.
In these communications, Xu discussed his past experience with the
Victim Company and indicated that he had experience with the Proprietary
Software and the Proprietary Source Code.
On March 6, 2015, Xu sent UC-1 and UC-2 a code, which Xu stated was a
sample of Xu’s prior work with the Victim Company. A Victim Company employee (Employee-1) later
confirmed that the code sent by Xu included proprietary Victim Company material
that related to the Proprietary Source Code.
Xu subsequently informed UC-2
that Xu was willing to consider providing UC-2’s company with the Proprietary
Source Code as a platform for UC-2’s company to facilitate the development of
its own data storage system. Xu informed
UC-2 that if UC-2 set up several computers as a small network, then Xu would remotely
install the Proprietary Software so that UC-1 and UC-2 could test it and
confirm its functionality.
In or around early August
2015, the FBI arranged for a computer network to be set up, consistent with
Xu’s specifications. Files were then
remotely uploaded to the FBI-arranged computer network (the Xu Upload). Thereafter, on or about Aug. 26, 2015, Xu and
UC-2 confirmed that UC-2 had received the Xu Upload. In September 2015, the FBI made the Xu Upload
available to a Victim Company employee who has expertise regarding the
Proprietary Software and the Proprietary Source Code (Employee-2). Based on Employee-2’s analysis of technical
features of the Xu Upload, it appeared to Employee-2 that the Xu Upload
contained a functioning copy of the Proprietary Software. It further appeared to Employee-2 that the Xu
Upload had been built by someone with access to the Proprietary Source Code who
was not working within the Victim Company or otherwise at the Victim Company’s
direction.
On Dec. 7, 2015, Xu met with
UC-2 at a hotel in White Plains, New York (the Hotel). Xu stated, in sum and substance, that Xu had
used the Proprietary Source Code to make software to sell to customers, that Xu
knew the Proprietary Source Code to be the product of decades of work on the
part of the Victim Company, and that Xu had used the Proprietary Source Code to
build a copy of the Proprietary Software, which Xu had uploaded and installed
on the UC Network (i.e., the Xu Upload).
Xu also indicated that Xu knew the copy of the Proprietary Software that
Xu had installed on the UC Network contained information identifying the
Proprietary Software as the Victim Company’s property, which could reveal the
fact that the Proprietary Software had been built with the Proprietary Source
Code without the Victim Company’s authorization. Xu told UC-2 that Xu could take steps to
prevent detection of the Proprietary Software’s origins – i.e., that it had
been built with stolen Proprietary Source Code – including writing computer
scripts that would modify the Proprietary Source Code to conceal its origins.
Later on Dec. 7, 2015, Xu met
with UC-1 and UC-2 at the Hotel. During
that meeting, Xu showed UC-2 a copy of what Xu represented to be the
Proprietary Source Code on Xu’s laptop.
Xu noted to UC-2 a portion of the code that indicated it originated with
the Victim Company as well as the date on which it had been copyrighted. Xu also stated that Xu had previously
modified the Proprietary Source Code’s command interface to conceal the fact
that the Proprietary Source Code originated with the Victim Company and
identified multiple specific customers to whom Xu had previously provided the
Proprietary Software using Xu’s stolen copy of the Proprietary Source Code.
* * *
Mr. Boente and Mr. Berman praised the FBI’s
outstanding investigative efforts. Mr.
Berman also thanked the U.S. Department of Justice’s National Security
Division.
Assistant U.S. Attorneys
Benjamin Allee and Ilan Graff of the Southern District of New York, with
assistance from Trial Attorney David Aaron of the National Security Division’s
Counterintelligence and Export Control Section, are in charge of the
prosecution.
No comments:
Post a Comment