Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:15 PM
Connect Directly

Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.

A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron.

The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Micron's DRAM technology. The trio is then alleged to have used the stolen data to advance China's development of its own DRAM technology.

Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.

In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhua's own DRAM development work.

The stolen trade secrets included Micron's work on DRAM design and manufacturing, the entire manufacturing process for a specific 25 nm DRAM product, software used to track the product through the fabrication process, and a design rules document. Also allegedly misappropriated was Micron IP relating to a next-generation 1 xnm DRAM product. The indictment estimated the market value of the stolen information to UMC and Fujian Jinhua as ranging from $400 million to a staggering $8.75 billion.

Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the company's US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.

A lot of the stolen trade secrets were contained in PDF documents and multitabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.

The indictment does not indicate what sort of access the Taiwan-based engineer had to these documents in the regular course of his work at MMT. It is also not clear how he managed to download the 900-plus files and put them on personally owned external USB drives and in a personal cloud storage account without being detected. However, in the weeks leading up to his resignation from the Micron subsidiary in Taiwan, the engineer systematically ran numerous deletion processes and the CCleaner utility program on his official laptop to hide evidence of the data misappropriation.

The indictment against the China government-affiliated actors is the latest manifestation of the US government's crackdown on what it says is widespread economic espionage by China. Only earlier this week, the US Department of Justice charged Chinese government intelligence agents with conducting a wide-ranging IP theft campaign targeting American and European aerospace firms.

While a lot of attention is being paid to the geopolitical implications of such actions, for enterprises the main takeaway is the need to better protect against insider threats. While organizations are spending millions of dollars shoring up against external attacks, data suggests they are not doing enough to protect against insiders with trusted access to enterprise networks and data.

Numerous surveys have shown that employees pose as much, if not an even greater, risk to enterprise data than external actors. Many breaches have resulted from negligence and mistakes, while others, such as the one at Micron, have resulted from malicious behavior. Security analysts have long noted the need for organizations to deploy monitoring controls for detecting suspicious or anomalous user behavior to manage the threat.

Related Content:


Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/8/2018 | 1:51:31 PM
All too familiar
I'm familiar with insider based IP thefts.

In 2011, a company I once worked for was victimized by a similar scheme. The object of the theft was the source code for software that controlled inverters the company was selling in China.

I have a somewhat tenuous personal connection to this case, as the software embodied some of my work for the company prior to my departure in 2002 - and in 2011 I owned 75 shares of their stock given as compensation for some of the stolen IP.

So I have the rather dubious fame of having a role in developing of something the Chinese thought worth stealing.   Don't think I will ask that be put on my gravestone.

On the other hand, and not as a justification but as a bit of history, in the 19th century US companies used IP developed in England to gain advantage in the textile and other industries.

The thing that really burns me about the IP the Chinese stole was that they could have invented around the ideas disclosed in publicly available patent documents.

Lazy, cheaper, faster - or something else?

As a reader of Chinese literature in my retirement I have found many references to the idea that any exchange between parties has a winner and a loser - equal exchanges are rare and usually denigrated.

And 70 years of pseudo-Marxist tyranny hasn't done much to inspire an idea of a civil society governed by the rule of law.

User Rank: Strategist
11/3/2018 | 11:49:02 AM
Espionage the old fashioned way
Well, state-sponsored espionage and theft of intellectual property are staples of how China, and other governments, operate. The Chinese government is mainly concerned with obtaining intellectual property of commercial and military value. Having former Micron employees walk out the door and turn over some of the company's intellectual property to a manufacturer in China is definitely old school, but it still works. While everyone protects against external security threats, the internal security threat remains ever present.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read ...
PUBLISHED: 2021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/t...
PUBLISHED: 2021-05-14
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is...
PUBLISHED: 2021-05-14
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application tha...
PUBLISHED: 2021-05-14
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream...