Skip to main content

Latest Trade Secret Theft Case Involves Train Manufacturer

by Chris Brook on Friday September 18, 2020

Contact Us
Free Demo

It's believed the suspect, a software engineer, took the trade secrets with him to China, where he now resides.

Yet another software engineer has been charged with stealing sensitive data from a U.S. company and taking it to China.

The Department of Justice announced Thursday that it was charging Xudong Yao, a.k.a William Yao, with nine counts of theft of trade secrets.

The charges have been years in the making. According to the indictment, Yao allegedly stole the data back in 2014 and while the indictment was filed a few years later, in the U.S. District Court of the Northern District of Illinois' Eastern Division in December 2017; the federal indictment wasn't unsealed until this past Wednesday.

According to the DOJ, Yao previously worked an unnamed Chicago-area locomotive manufacturer as a software engineer. Shortly after he was hired in the summer of 2014, Yao went on to download 3,000+ electronic files containing proprietary and trade secret information on the system that run the manufacturer's locomotive.

The vehicle telematics industry is a niche one but exceedingly data-driven. It essentially deals in the parsing of data supplied by a GPS system with onboard diagnostics to record movements and vehicle conditions - in this case a train - at a point in time.

In particular the indictment alleges that Yao used one of the bigger files he downloaded, "LCC_Release-E25.11.00_TRI_20L40708," to snare a job at a Chinese competitor.

While working for the company, Yao apparently sought and accepted employment at a business in China that does similar work, an automotive telematics service system. While he was terminated by the Chicago company in February 2015 for unrelated reasons, he joined the Chinese company four months later, in July.

According to the indictment, when Yao traveled back to the U.S. in November that year, he had electronic files pertaining to the company's IP and trade secrets, including copies of source code and explanations on how it worked, in his possession. The indictment goes on, saying that Yao intended to convert the trade secrets

Per the indictment, Yao intended to convert the following source code:

• LCC-System-Specifications
• LCC_Release~E25.11.00_TRI_20L40708
• LCC-Release~E25.11.01-TRI_20140729
• LCC-Release~E25.L1.02-TRI_20140814
• LCC-Release~E25.11.ICC
• LCC-Release~E25.11—RSI
• LCC_Release~E25.11_WTL
• LCC-kcs-20136932_WTL~E25.11_WTL
• and LCC-rbt-53-ACe__E25.11

Details about how Yao tried exfiltrate the data are scant; the court document only says he downloaded the data from the company's internal computer network.

It's important to note that while Yao is believed to have fled to China, he was a naturalized United States Citizen. That said, the case does accent the growing trend of Chinese cyber-espionage. With the indictment of Yao, 50 percent of the top 16 of FBI's most wanted list are wanted in connection to cases of purported Chinese economic espionage.

Tags:  IP theft Industrial Espionage Industry Insights

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.