Attacks/Breaches

4/11/2017
09:50 AM
50%
50%

Computer Engineer Charged with Theft of Proprietary Computer Code

Zhengquan Zhang arrested for stealing over 3 million files containing company trade secrets from his employer, a global finance firm.

Zhengquan Zhang of California has been arrested and charged by a US federal court with stealing trade secrets from his employer, a New York financial services firm. A US Department of Justice (DoJ) release says that between March 2016 and March 2017, Zhang stole over three million files of confidential data and computer code.

According to the DoJ, Zhang stole the company’s source code for algorithmic trading models and trading platforms by installing a code that gained access to the network’s encryption keys. He allegedly also stored the stolen files on his employer’s network before installing another code to transfer the data to a third-party software development site.

William F. Sweeney Jr. of the FBI says, “Proprietary computer code may not be a tangible asset that people can observe, but it is indeed one of the most critical assets that companies possess.”

Zhang is also accused of illegally accessing the computers of his co-workers by stealing user credentials.

Read details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/11/2017 | 3:16:35 PM
Insider Threat
This is a perfect example of the potential of insider threats. Employees are a huge risk based on the nature of their involvement with the company. They have credentials that may provide them upper level access and have access to proprietary information. It just takes one disgruntled employee to leverage these responsibilities in a nefarious manner.
qinezyqy
50%
50%
qinezyqy,
User Rank: Apprentice
6/27/2017 | 8:24:32 AM
it will increase
Theft like this will increase, a lot of engineers are not good persons.
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11321
PUBLISHED: 2018-05-22
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-11322
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11323
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-11324
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11325
PUBLISHED: 2018-05-22
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.