Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/11/2017
09:50 AM
50%
50%

Computer Engineer Charged with Theft of Proprietary Computer Code

Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.

Zhengquan Zhang of California has been arrested and charged by a US federal court with stealing trade secrets from his employer, a New York financial services firm. A US Department of Justice (DoJ) release says that between March 2016 and March 2017, Zhang stole over three million files of confidential data and computer code.

According to the DoJ, Zhang stole the company’s source code for algorithmic trading models and trading platforms by installing a code that gained access to the network’s encryption keys. He allegedly also stored the stolen files on his employer’s network before installing another code to transfer the data to a third-party software development site.

William F. Sweeney Jr. of the FBI says, “Proprietary computer code may not be a tangible asset that people can observe, but it is indeed one of the most critical assets that companies possess.”

Zhang is also accused of illegally accessing the computers of his co-workers by stealing user credentials.

Read details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
qinezyqy
50%
50%
qinezyqy,
User Rank: Apprentice
6/27/2017 | 8:24:32 AM
it will increase
Theft like this will increase, a lot of engineers are not good persons.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/11/2017 | 3:16:35 PM
Insider Threat
This is a perfect example of the potential of insider threats. Employees are a huge risk based on the nature of their involvement with the company. They have credentials that may provide them upper level access and have access to proprietary information. It just takes one disgruntled employee to leverage these responsibilities in a nefarious manner.
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.
CVE-2020-5676
PUBLISHED: 2020-12-03
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
CVE-2020-5677
PUBLISHED: 2020-12-03
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
CVE-2020-5678
PUBLISHED: 2020-12-03
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.