Yet another software engineer has been charged with stealing sensitive data from a U.S. company and taking it to China.
The Department of Justice announced Thursday that it was charging Xudong Yao, a.k.a William Yao, with nine counts of theft of trade secrets.
The charges have been years in the making. According to the indictment, Yao allegedly stole the data back in 2014 and while the indictment was filed a few years later, in the U.S. District Court of the Northern District of Illinois' Eastern Division in December 2017; the federal indictment wasn't unsealed until this past Wednesday.
According to the DOJ, Yao previously worked an unnamed Chicago-area locomotive manufacturer as a software engineer. Shortly after he was hired in the summer of 2014, Yao went on to download 3,000+ electronic files containing proprietary and trade secret information on the system that run the manufacturer's locomotive.
The vehicle telematics industry is a niche one but exceedingly data-driven. It essentially deals in the parsing of data supplied by a GPS system with onboard diagnostics to record movements and vehicle conditions - in this case a train - at a point in time.
In particular the indictment alleges that Yao used one of the bigger files he downloaded, "LCC_Release-E25.11.00_TRI_20L40708," to snare a job at a Chinese competitor.
While working for the company, Yao apparently sought and accepted employment at a business in China that does similar work, an automotive telematics service system. While he was terminated by the Chicago company in February 2015 for unrelated reasons, he joined the Chinese company four months later, in July.
According to the indictment, when Yao traveled back to the U.S. in November that year, he had electronic files pertaining to the company's IP and trade secrets, including copies of source code and explanations on how it worked, in his possession. The indictment goes on, saying that Yao intended to convert the trade secrets
Per the indictment, Yao intended to convert the following source code:
• LCC-System-Specifications
• LCC_Release~E25.11.00_TRI_20L40708
• LCC-Release~E25.11.01-TRI_20140729
• LCC-Release~E25.L1.02-TRI_20140814
• LCC-Release~E25.11.ICC
• LCC-Release~E25.11—RSI
• LCC_Release~E25.11_WTL
• LCC-kcs-20136932_WTL~E25.11_WTL
• and LCC-rbt-53-ACe__E25.11
Details about how Yao tried exfiltrate the data are scant; the court document only says he downloaded the data from the company's internal computer network.
It's important to note that while Yao is believed to have fled to China, he was a naturalized United States Citizen. That said, the case does accent the growing trend of Chinese cyber-espionage. With the indictment of Yao, 50 percent of the top 16 of FBI's most wanted list are wanted in connection to cases of purported Chinese economic espionage.
