Programmer Sentenced for Stealing Source Code from Federal Reserve
Insider threats are a uniquely troublesome security challenge for organizations, as the the perpetrators often have been granted access to the most sensitive of information, and breach detection usually only occurs long after the damage is already done. This week, Chinese national Bo Zhang was convicted of stealing proprietary software code from the Federal Reserve Bank of New York (FRBNY) where he had previously worked as a contract employee with a third-party service provider.
Zhang was arrested after a joint investigation by the FBI and the Department of the Treasury's Office of the Inspector General in early 2012 and pled guilty before United States Magistrate Judge Michael H. Dolinger a few months later. Zhang could have faced years in prison, but was ultimately sentenced to only six months of house arrest because the code had not been transferred to anyone else, though he may be subject to deportation after he finishes his sentence.
"Our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property. Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk,” said U.S. Attorney Preet Bharara at the time of Zhang's arrest.
From May 2011 and August 2011, Zhang was on contract and assigned to the FRBNY to work on the development of a portion of the Government-wide Accounting and Reporting Program (GWA) source code. The GWA is used to keep track of the United States government’s financial transactions by producing account statements for federal agencies, and the government has spent approximately $9.5 million to develop the system.
“Bo Zhang may have thought that he left no fingerprints when he engaged in his high-tech thievery—stealing proprietary government software worth nearly $10 million using little more than a mouse—but he was mistaken. He was caught in his tracks and now he will be punished for his cyber-thievery,” Bharara said.
Zhang was charged with stealing the GWA Code and transferring it to his private office computer, his home computer, and his personal laptop. Zhang subsequently pled guilty to one count of theft of government property and one count of immigration fraud related to false documentation he provided to immigration authorities in an effort help several foreign nationals obtain visas to enter and work in the United States, asserting that the individuals worked full-time for his computer training company.
“Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software. His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code,” FBI Assistant Director in Charge Janice K. Fedarcyk stated.