Press Release
Computer Engineer Arrested For Theft Of Proprietary Trading Code From His Employer
For Immediate Release
U.S. Attorney's Office, Southern District of New York
Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that ZHENGQUAN ZHANG, a/k/a “Zheng Quan Zhang,” a/k/a “Jim Z. Zhang,” was charged with theft of trade secrets for his alleged theft of proprietary computer code concerning algorithmic trading models and trading platforms from his employer, a global financial services firm headquartered in New York, New York, that engages in the trading of publicly traded securities and other financial products (“Firm-1”). ZHANG was arrested this morning in Santa Clara, California, and was presented this afternoon in federal court in San Jose, California.
Acting U.S. Attorney Joon H. Kim said: “As alleged, Zhengquan Zhang went to great lengths to surreptitiously steal confidential computer code from his employer. Zhang allegedly installed code designed to steal his employer’s proprietary information and illegally accessed colleagues’ computer systems to further his theft. The theft charged here can happen to even the most sophisticated companies, but this arrest was made possible by the exemplary cooperation between the FBI and the victim company, which came forward promptly and alerted law enforcement of this alleged crime.”
FBI Assistant Director-in-Charge William F. Sweeney Jr. said: “Proprietary computer code may not be a tangible asset that people can observe, but it is indeed one of the most critical assets that companies possess. Significant investments are made to develop code, safeguard it and use it to generate revenue. As we allege, Zhang misused his access to an employer’s computer system and proceeded to download and remove over three million files of data and computer code. The FBI is committed to enforcing laws that protect U.S. companies from the theft of trade secrets.”
According to the allegations contained in the Complaint unsealed today[1]:
Firm-1 uses proprietary algorithmic trading models to help it predict market movements and make trading decisions. In addition, Firm-1 uses proprietary trading platforms to create orders, automatically submit those orders to an exchange or market center, and execute orders. These trading models and trading platforms contribute substantially to Firm-1’s market share and profits, and their economic value depends, in part, on remaining undisclosed. Firm-1 accordingly has put in place substantial measures designed to protect the computer source code underlying its trading models and trading platforms (the “Source Code”), including the use of encryption keys to encrypt and decrypt portions of the Source Code, limits on employee access to the Source Code, and restrictions on employee use of file sharing websites and portable storage devices.
Beginning in March 2010, ZHANG was employed in technical roles within Firm-1 for which he was granted access to certain parts of Firm-1’s computer system. From December 2016 through March 2017, ZHANG took various steps to steal the Source Code. For example, ZHANG installed on Firm-1’s system computer code designed to look for encryption keys to gain access to portions of the Source Code. ZHANG also installed computer code designed to send data from Firm-1’s system to an external third-party software development site, which ZHANG accessed thousands of times from Firm-1’s system. ZHANG used an area of Firm-1’s computer system to store over 3 million files of data, including unencrypted portions of the Source Code, before sending it to the external site.
In addition, in late March 2017, ZHANG accessed parts of Firm-1’s computer system that he was not authorized to access. For example, ZHANG remotely accessed the computer desktops of certain quantitative analysts employed by Firm-1. ZHANG subsequently admitted to a supervisor that he did so without authorization, using software that he had modified in order to capture individuals’ usernames and passwords.
* * *
ZHANG, 31, of Santa Clara, California, is charged with one count of theft of trade secrets, which carries a maximum sentence of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense. The maximum potential sentence in this case is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
Mr. Kim praised the outstanding investigative work of the FBI. He also thanked the San Jose office of the FBI as well as the Santa Clara and Palo Alto Police Departments for their assistance.
The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorneys Eun Young Choi and Won S. Shin are in charge of the prosecution.
The charges contained in the Complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.
[1] As the introductory phase signifies, the entirety of the text of the Complaint, and the description of the Complaint set forth herein, constitute only allegations, and every fact described should be treated as an allegation.
Updated April 7, 2017
Topic
Cybercrime
Component