FBI: Employee Passed Chicago Mercantile Exchange Secrets to China

A 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange, according to a criminal complaint filed in U.S. District Court in Illinois. 

CMEA 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange, according to a criminal complaint filed in U.S. District Court in Illinois. 

The complaint, dated June 30, 2011 and signed by FBI Special Agent Joanne Cullinan, alleges that Chunlai Yang, 49, downloaded “thousands of files” containing “source code and proprietary algorithms” used by CME to run its trading systems. The files were downloaded from a company-owned source code repository maintained by CME to Yang’s work computer, then copied them to removable “thumb” drives. The complaint also cites personal e-mail correspondence between Yang and an official in China that contained proprietary CME information. 

CME Group was unable to immediately respond to a request for comment from Threatpost.
Yang was born and educated in China, but received his Ph.D in physics in the U.S and is a naturalized U.S. citizen. He had been working at CME since 2000. 

The case against Yang appears to  have come together quickly. According to the complaint, CME only began monitoring his activities in early May and he continued to work for the firm as late as June 27, 2011.

Forensic analysis of his hard drive and active monitoring of his activities suggests that Yang was perusing CME’s ClearCase source code repository for sensitive documents, then offloading them to portable media. The evidence against him includes screen captures showing Yang in the act of copying source code files to removable drives from his laptop. 
Evidence presented in the complaint, including e-mail messages, suggest that Yang was preparing to leave CME and set up a new company, East China Technology Innovation Park Co. Ltd.” in mainland China, with Yang and two other individuals listed as sole directors and shareholders. The purpose of the company, according to e-mail messages obtained by CME, was to increase the trading volume at the Zhangjiagang chemical electronic trading market and build a futures exchange using software provided by Yang’s new company. 

This isn’t the first evidence of foreign interest in the proprietary trading systems that run key U.S. markets. In March, NASDAQ reported a security breach on its systems. That was not believed to have yielded sensitive trading source code or secrets, but the U.S. National Security Agency was investigating the incident. Attacks carried out by insiders are a particular concern for organizations whose business hinges on proprietary software products and trade secrets. Threatpost’s list of the Ten Infamous Insiders includes the likes of Gary Min, a DuPont engineer believed to have made off with company secrets valued at $400 million, and Xiaodong Sheldon Meng, alleged to have passed secrets from defense contractor Quantum3D to the People’s Republic of China. 

Suggested articles

Discussion

  • china is a rogue state on

    We will be at war with them soon

  • Anonymous on

    remember Wen-ho Lee of Los Alamos ?

    now that's damaging..

  • Bazz on

    It's ever been thus!

    Hasselblad and Sony news video cameras were reversed engineered by CCCP in 1960's

    USA copied Charles Dickens books and Scottish steam railway tech in 1870's

    Its the easy way to catch up!

    Until UN has laws that fine Chinese theft of USA tech in China they are safe!

  • Bazz on

    In the 1960's 1970's (?) Israel copied 2 tons of plans in Switzerland of  French fighter plans!

    Its much easier today to copy tons of paper electronically!

    The security has to be draconian for protection of data!
    Death penalty bankruptcy and exile!

  • Bazz on

    In Nuclear Power Stations there are clean rooms to eliminate radiation exiting the facility!

    Well all sites need that to protect data!

    A company prototyping Capacitance Battery Technology has NO externally connected computers! NO wifi NO USB NO email NO internet!

    EASY!   A whole new segment of PC designed for Corporate Safety!     

    But Bach (?) copied a song in a single hearing from the Vatican in his mind with only one mistaken note!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.