Theft of Valuable Source Code for China
On June 14, 2016, Jiaqiang Xu was charged in the Southern District of New York in a six-count superseding indictment with economic espionage and theft of trade secrets, in connection with Xu’s theft of proprietary source code from his former employer, with the intent to benefit the National Health and Family Planning Commission of the People’s Republic of China. On May 19, 2017, Xu pleaded guilty to the indictment, and is to be sentenced in January 2018. Xu was initially arrested by the FBI on Dec. 7, 2015, and subsequently charged on Jan. 6, 2016, by indictment with one count of theft of trade secrets. According to court documents, from Nov. 2010, to May 2014, Xu worked as a developer for a particular U.S. company (the “Victim Company”). As a developer, Xu enjoyed access to certain proprietary software (the “Proprietary Software”), as well as that software’s underlying source code (the “Proprietary Source Code”). The Proprietary Software is a clustered file system developed and marketed by the Victim Company in the U.S. and other countries. A clustered file system facilitates faster computer performance by coordinating work among multiple servers. The Victim Company takes significant precautions to protect the Proprietary Source Code as a trade secret. The Victim Company takes these precautions in part because the Proprietary Software and the Proprietary Source Code are economically valuable, which value depends in part on the Proprietary Source Code’s secrecy. In May 2014, Xu voluntarily resigned from the Victim Company. Xu subsequently, in a series of communication with UC agents, uploaded Victim Company’s Proprietary Source Code to the UC’s computer network. On Dec. 7, 2015, Xu met with UC-2 at a hotel in White Plains, New York (the Hotel). Xu stated, in sum and substance, that Xu had used the Proprietary Source Code to make software to sell to customers, that Xu knew the Proprietary Source Code to be the product of decades of work on the part of the Victim Company, and that Xu had used the Proprietary Source Code to build a copy of the Proprietary Software, which Xu had uploaded and installed on the UC Network (i.e., the Xu Upload). Xu also indicated that Xu knew the copy of the Proprietary Software that Xu had installed on the UC Network contained information identifying the Proprietary Software as the Victim Company’s property, which could reveal the fact that the Proprietary Software had been built with the Proprietary Source Code without the Victim Company’s authorization. Xu told UC-2 that Xu could take steps to prevent detection of the Proprietary Software’s origins – i.e., that it had been built with stolen Proprietary Source Code – including writing computer scripts that would modify the Proprietary Source Code to conceal its origins. Later on Dec. 7, 2015, Xu met with UC-1 and UC-2 at the Hotel. During that meeting, Xu showed UC-2 a copy of what Xu represented to be the Proprietary Source Code on Xu’s laptop. Xu noted to UC-2 a portion of the code that indicated it originated with the Victim Company as well as the date on which it had been copyrighted. Xu also stated that Xu had previously modified the Proprietary Source Code’s command interface to conceal the fact that the Proprietary Source Code originated with the Victim Company and identified multiple specific customers to whom Xu had previously provided the Proprietary Software using Xu’s stolen copy of the Proprietary Source Code. This case was investigated by the FBI.