The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Latest Trade Secret Theft Case Involves Train Manufacturer

by Chris Brook on Tuesday July 16, 2019

Contact Us
Free Demo
Chat

It's believed the suspect, a software engineer, took the trade secrets with him to China, where he now resides.

Yet another software engineer has been charged with stealing sensitive data from a U.S. company and taking it to China.

The Department of Justice announced Thursday that it was charging Xudong Yao, a.k.a William Yao, with nine counts of theft of trade secrets.

The charges have been years in the making. According to the indictment, Yao allegedly stole the data back in 2014 and while the indictment was filed a few years later, in the U.S. District Court of the Northern District of Illinois' Eastern Division in December 2017; the federal indictment wasn't unsealed until this past Wednesday.

According to the DOJ, Yao previously worked an unnamed Chicago-area locomotive manufacturer as a software engineer. Shortly after he was hired in the summer of 2014, Yao went on to download 3,000+ electronic files containing proprietary and trade secret information on the system that run the manufacturer's locomotive.

The vehicle telematics industry is a niche one but exceedingly data-driven. It essentially deals in the parsing of data supplied by a GPS system with onboard diagnostics to record movements and vehicle conditions - in this case a train - at a point in time.

In particular the indictment alleges that Yao used one of the bigger files he downloaded, "LCC_Release-E25.11.00_TRI_20L40708," to snare a job at a Chinese competitor.

While working for the company, Yao apparently sought and accepted employment at a business in China that does similar work, an automotive telematics service system. While he was terminated by the Chicago company in February 2015 for unrelated reasons, he joined the Chinese company four months later, in July.

According to the indictment, when Yao traveled back to the U.S. in November that year, he had electronic files pertaining to the company's IP and trade secrets, including copies of source code and explanations on how it worked, in his possession. The indictment goes on, saying that Yao intended to convert the trade secrets

Per the indictment, Yao intended to convert the following source code:

• LCC-System-Specifications
• LCC_Release~E25.11.00_TRI_20L40708
• LCC-Release~E25.11.01-TRI_20140729
• LCC-Release~E25.L1.02-TRI_20140814
• LCC-Release~E25.11.ICC
• LCC-Release~E25.11—RSI
• LCC_Release~E25.11_WTL
• LCC-kcs-20136932_WTL~E25.11_WTL
• and LCC-rbt-53-ACe__E25.11

Details about how Yao tried exfiltrate the data are scant; the court document only says he downloaded the data from the company's internal computer network.

It's important to note that while Yao is believed to have fled to China, he was a naturalized United States Citizen. That said, the case does accent the growing trend of Chinese cyber-espionage. With the indictment of Yao, 50 percent of the top 16 of FBI's most wanted list are wanted in connection to cases of purported Chinese economic espionage.

Tags: IP theft, Industrial Espionage, Industry Insights

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.