Security Experts:

Software Engineer Pleads Guilty To Stealing Source Code

The U.S. Attorney’s Office said on Wednesday that a former software engineer working for Chicago-based CME Group pleaded guilty to theft of trade secrets after he stole source code and other proprietary information from the company.

The defendant, Chunlai Yang, 49, had apparently been pursuing plans to improve an electronic trading exchange in China, and admitted that he downloaded more than 10,000 files containing source code that belonged to CME.

The code Yang sole reportedly accounted for a substantial part of the operating systems for the CMS’s Globex electronic trading platform. The government pegs the loss between $50 million and $100 million, while Yang disagrees, saying that the potential loss was less than $55.7 million.

Pleading guilty to two counts of theft of trade secrets, Yang faces a maximum penalty of 10 years in prison and a $250,000 fine on each count, while a written plea agreement contemplates an advisory federal sentencing guideline of 70 to 87 months in prison. 

Yang also agreed to hand over computers and other equipment that were seized at the time he was arrested in July 2011.

According to the plea agreement, Yang began working for CME Group in 2000 and was a senior software engineer at the time he was arrested. As a developer, Yang had access to the software and source code that supported the Globex electronic trading platform, an electronic trading platform that enables market participants to buy and sell CME Group products from anywhere at any time. The source code and algorithms that made up the supporting programs were proprietary and confidential business property of CME Group, which reportedly had measures in place to protect its trade secrets.

Yang copied many of source code and other files from his work computer to USB flash drives, and subsequently copied the files over to his computers and hard drives at home. Court documents said that Yang also printed numerous CME internal manuals and system documentation.

Yang also admitted that he and two business partners had plans to create a business referred to as the Tongmei (Gateway to America) Futures Exchange Software Technology Company (Gateway), whose purpose was to increase the trading volume at the Zhangjiagang, China, chemical electronic trading exchange (the Zhangjiagang Exchange). Yang engaged in contract negotiations on behalf of Gateway with the Zhangjiagang Free Trade Board for Gateway to improve the trading platform for the Zhangjiagang Exchange, the U.S. Attorney’s Office said.

"The Zhangjiagang Exchange was to become a transfer station to China for advanced technologies companies around the world," a statement from the Attorney’s Office said. "Yang expected that Gateway would provide the exchange with technology through written source code to allow for high trading volume, high trading speeds, and multiple trading functions. To help the China exchange attract more customers and generate higher profits, Gateway proposed to expand the Zhangjiagang Exchange’s software by providing customers with more ways of placing orders; connecting the exchange database’s storage systems and matching systems; rewriting the trading system software in the Java computer programming language; raising the system’s capacity and speed by modifying communication lines and structures; and developing trading software based on the FIX computer coding language."

“This case and similar prosecutions demonstrate that law enforcement and corporations can work together to protect trade secrets,” said Gary S. Shapiro, Acting United States Attorney for the Northern District of Illinois. “CME Group reported this matter to federal authorities and fully cooperated with the investigation. Trade secret theft is a serious economic crime that affects the interests of corporations, as well as our national interest, in protecting intellectual property. We encourage the private sector to work with federal agencies in the investigation and prosecution of trade secret theft.”

Yang has been released under a $500,000 secured bond and is scheduled to be sentenced on February 20, 2013.

Subscribe to the SecurityWeek Email Briefing
view counter
view counter