Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/2/2018
04:15 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.

A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron.

The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Micron's DRAM technology. The trio is then alleged to have used the stolen data to advance China's development of its own DRAM technology.

Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.

In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhua's own DRAM development work.

The stolen trade secrets included Micron's work on DRAM design and manufacturing, the entire manufacturing process for a specific 25 nm DRAM product, software used to track the product through the fabrication process, and a design rules document. Also allegedly misappropriated was Micron IP relating to a next-generation 1 xnm DRAM product. The indictment estimated the market value of the stolen information to UMC and Fujian Jinhua as ranging from $400 million to a staggering $8.75 billion.

Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the company's US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.

A lot of the stolen trade secrets were contained in PDF documents and multitabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.

The indictment does not indicate what sort of access the Taiwan-based engineer had to these documents in the regular course of his work at MMT. It is also not clear how he managed to download the 900-plus files and put them on personally owned external USB drives and in a personal cloud storage account without being detected. However, in the weeks leading up to his resignation from the Micron subsidiary in Taiwan, the engineer systematically ran numerous deletion processes and the CCleaner utility program on his official laptop to hide evidence of the data misappropriation.

The indictment against the China government-affiliated actors is the latest manifestation of the US government's crackdown on what it says is widespread economic espionage by China. Only earlier this week, the US Department of Justice charged Chinese government intelligence agents with conducting a wide-ranging IP theft campaign targeting American and European aerospace firms.

While a lot of attention is being paid to the geopolitical implications of such actions, for enterprises the main takeaway is the need to better protect against insider threats. While organizations are spending millions of dollars shoring up against external attacks, data suggests they are not doing enough to protect against insiders with trusted access to enterprise networks and data.

Numerous surveys have shown that employees pose as much, if not an even greater, risk to enterprise data than external actors. Many breaches have resulted from negligence and mistakes, while others, such as the one at Micron, have resulted from malicious behavior. Security analysts have long noted the need for organizations to deploy monitoring controls for detecting suspicious or anomalous user behavior to manage the threat.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sixscrews
50%
50%
sixscrews,
User Rank: Apprentice
11/8/2018 | 1:51:31 PM
All too familiar
I'm familiar with insider based IP thefts.

In 2011, a company I once worked for was victimized by a similar scheme. The object of the theft was the source code for software that controlled inverters the company was selling in China.

I have a somewhat tenuous personal connection to this case, as the software embodied some of my work for the company prior to my departure in 2002 - and in 2011 I owned 75 shares of their stock given as compensation for some of the stolen IP.

So I have the rather dubious fame of having a role in developing of something the Chinese thought worth stealing.   Don't think I will ask that be put on my gravestone.

On the other hand, and not as a justification but as a bit of history, in the 19th century US companies used IP developed in England to gain advantage in the textile and other industries.

The thing that really burns me about the IP the Chinese stole was that they could have invented around the ideas disclosed in publicly available patent documents.

Lazy, cheaper, faster - or something else?

As a reader of Chinese literature in my retirement I have found many references to the idea that any exchange between parties has a winner and a loser - equal exchanges are rare and usually denigrated.

And 70 years of pseudo-Marxist tyranny hasn't done much to inspire an idea of a civil society governed by the rule of law.

 
timwessels
50%
50%
timwessels,
User Rank: Strategist
11/3/2018 | 11:49:02 AM
Espionage the old fashioned way
Well, state-sponsored espionage and theft of intellectual property are staples of how China, and other governments, operate. The Chinese government is mainly concerned with obtaining intellectual property of commercial and military value. Having former Micron employees walk out the door and turn over some of the company's intellectual property to a manufacturer in China is definitely old school, but it still works. While everyone protects against external security threats, the internal security threat remains ever present.
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2013-2092
PUBLISHED: 2019-11-20
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2093
PUBLISHED: 2019-11-20
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2015-3166
PUBLISHED: 2019-11-20
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...