Forgot your password?
typodupeerror
China Security IT

Chicago Mercantile Exchange Secrets Leaked To China 121

Posted by timothy
from the like-coffee-to-south-america dept.
chicksdaddy writes with this excerpt from Threat Post: "A 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange and passed them to officials in China, where he hoped to set up a software firm to help create electronic exchanges, according to a criminal complaint filed in U.S. District Court in Illinois. Chunlai Yang, 49, is alleged to have downloaded "thousands of files" containing "source code and proprietary algorithms" used by CME to run its trading systems. The files were downloaded from a company-owned source code repository maintained by CME to Yang's work computer, then copied them to removable "thumb" drives. The complaint also cites personal e-mail correspondence between Yang and an official in China that contained proprietary CME information."
This discussion has been archived. No new comments can be posted.

Chicago Mercantile Exchange Secrets Leaked To China

Comments Filter:
  • by MarkvW (1037596) on Thursday July 07, 2011 @02:06PM (#36685524)

    The United States was mighty competitive with Great Britain around the turn of the last century.

    Same game, different faces.

    • Huh? Different faces?

    • Nope. There was no official US Government policy to steal stuff from Britain. Although infraction of copyright and patents were ignored in the US (similar to what China is doing now).
      • by gnick (1211984)

        But this stuff DOES still go on. No idea about what China's official policy is, but France hardly even hides an official policy of commercial espionage concerning the US. I know there will be nay-sayers [wikipedia.org], but I'm not going to hunt references at work.

        • Putting Source Code for a major exchange in foreign hands is delivering information that can be useful for strategic electronic attacks. In the modern era, such espionage should be considered treasonous.

          • by Anonymus (2267354)

            So China is now an enemy of the USA?

            Or do you mean that giving away a private company's source code equals waging war against the US?

      • by MarkvW (1037596)

        "Official"? What does that mean? Are you kidding me?

        Don't mistake the governmental reflection of the power structure from the power structure itself.

      • by Ihmhi (1206036)

        We've already stolen the most valuable British resources, namely Hugh Laurie and Jude Law.

  • by idontgno (624372) on Thursday July 07, 2011 @02:16PM (#36685648) Journal

    so if you're gonna rant about H-1B visas, don't bother.

    I suppose you can rant about legal immigration in general, if you want.

    I thought this would be a fine example of the problems with H1-B workers, but the phrase "49-year-old Chunlai Yang, who is a naturalised US citizen," kept coming up in news articles about the arrest, so I had to give it up.

    • by bsDaemon (87307) on Thursday July 07, 2011 @02:25PM (#36685752)

      During the Cold War, many Soviet illegal agents (ie, lacking diplomatic cover; not "illegal immigrants") became naturalized US citizens. It is easier for a US citizen to get close to sensitive data, so its par for the course. If the KGB did it, you can bet the MSS is doing it, too. That's not to say he's a plant of the PRC, but I wouldn't be surprised at all. Just saying.

    • by Anonymous Coward

      so if you're gonna rant about H-1B visas, don't bother.

      Why? He may be a citizen now but have originally entered the US and established legal residency under an H1-B visa.

  • Because he's Chinese, in light of our MacArthur-style political climate.

    The evidence against him includes screen captures showing Yang in the act of copying source code files to removable drives from his laptop.

    Sounds like another Wen Ho Lee [wikipedia.org].

    • by bsDaemon (87307) on Thursday July 07, 2011 @02:26PM (#36685780)

      Douglas MacArthur has nothing to do with Joseph McCarthy. If you are going to complain, at least complain about the right thing.

      • by idontgno (624372)
        Oh, yeah? Where was your precious McCarthy when the Germans bombed Pearl Harbor?
      • Yeah... sorry, trying to beat crowd in posting. Got names mixed up. But you get the idea.

      • You know, I've spent years thinking that they were actually the same person. Once again, /. has taught me my one thing for today.

      • by iluvcapra (782887)

        Yeah keep it straight. MacArthur was the one who demanded that Truman authorize multiple atomic bombing missions in China during the Korean War; MacCarthy was the one who exposed a Russian soviet spy.

        The rabid anti-Chinese/anti-communist pose in American politics is owned by no man, it is decades old, spans generations and represents the finest in American consensus. Horrible, horrible consensus.

    • Fix typo. trying to beat crowd in posting. Got names mixed up. But you get the idea.

      • Re: (Score:2, Interesting)

        by 0123456 (636235)

        But with hindsight McCarthy seems to have _under_estimated the USSR's penetration of the US government. He may have been crazy, but it would seem that he wasn't paranoid enough.

  • Yup, this is marginally off topic, I admit, but it illustrates private corporation software going to foreign government entitites.

    During the Clinton years the Secretary of Commerce forced some companies to sell software to Libya (known for software piracy) for proprietary oil operations (I can't say what) under the threat of federal prosecution if they did not do so.

    This amounts to forced transfer of proprietary software, though not including original source code.

    I do not think people realize what political

    • by idontgno (624372)
      The Nixon Doctrine: It's not illegal if the President does it, or orders it done.
  • This is obviously an attempt by the US to sabotage the Chinese economy by getting them to engage in the same kind of economic masturbation that the US does. Do we really want Chinese physicists working on new technologies when ours are at the stock exchanges? If they do that they clean our clocks and completely dominate us.
    • LOL! So that's what that "stux.zh.cn.jpg" file was all about... ;-)

    • by Nerdfest (867930)
      What, you think the Chinese are going to screw with their economy? They know the ins and outs of an American stock exchange ... they can now screw with the US economy. Admittedly, it may be hard to spot though.
  • by PPH (736903)

    Not the ...


    if( traderID.isInsider() )
    trade.execute();
    else
    tradeDelayQueue.push(trade);

    ... code snippet!

  • It's been proven time and time again, they will steal and send to china internal documents, critical data and other secrets.
    • by Halo1 (136547)

      Is that so much worse than the US using the CIA and NSA to wiretap and bug foreign companies to steal trade secrets [europa.eu] for US companies? (search for "Published cases")

  • by SplashMyBandit (1543257) on Thursday July 07, 2011 @02:26PM (#36685764)

    The Chinese Government has a policy known as the 'Thousand Grains of Sand' where each citizen is encouraged to bring back a little something from overseas if they can. Then one of the hundreds of thousands of state officials implementing this policy will see what the person brought back and dole out any appropriate reward. This is why Chinese citizens (and some Chinese descended citizens who return to the motherland) are being caught all over the World doing this sort of stuff (eg. in New Zealand Chinese regularly get caught stealing agricultural samples that our higher-value export industries are based on). While anyone can be a criminal, I can't think of any other country in the modern age where this is officially sanctioned.

    China wants to be number one in the World, and perhaps they will get there, but it seems an awful shame they're so determined to do so that they are quite unethical (from the majority of the rest of the World's point of view). This is not meant to be a bashing of China, or of Chinese citizens, just an explanation of why these events are becoming more frequent for those unaware of the official Chinese Government policy that encourages behavour considered criminal elsewhere. The Chinese Government will smile at you while robbing your house behind your back (although this is nothing compared to how they treat their own citizens).

    • by Kenja (541830)
      But remember, we have to keep low trade tarifs and encourage off shore contracting because of "Globalization". Funny thing is we seem to be the only one doing this. Its like the saying, "what if we had a war and only one side showed up?".
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      New Zealand Chinese regularly get caught stealing agricultural samples that our higher-value export industries are based on

      None other than founding father Thomas Jefferson engaged in this sort of agricultural espionage (smuggling two bags or unhulled rice out of Italy, a crime punishable by death at the time), so its hardly new or damning to the Chinese.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The Chinese learned the lessons of history well. Stealing industrial secrets from China was a favourite of Europeans:

      "Similar to other European travellers of the period, such as Walter Medhurst, Fortune disguised himself as a Chinese merchant during several, but not all, of his journeys beyond the newly established treaty port areas. Not only was Fortune's purchase of tea plants forbidden by the Chinese government of the time, but his travels were also beyond the allowable day's journey from the European t

    • by wiggles (30088)

      Remember: Before there was Machiavelli, there was Sun Tze.

      The Chinese have been at this far longer than those of us in the West.

      • by jpapon (1877296) on Thursday July 07, 2011 @03:16PM (#36686398) Journal
        Oh, please. I have no love for the Chinese government, but even I know that this is in no way unique to them.

        For as long as there has been property, there have been thieves. The U.S. stole much of its industrial-revolution era technology from the U.K. Europe stole many of the ideas that brought about the renaissance from the Arabs. The Arabs stole much of this engineering knowledge from the Byzantine Romans. They in turn stole from anyone they could lay their blood covered hands on. That's how it works. How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?

        They're ideas, goddamnit. They spread. That's why they're beautiful.

        • Well said, wish I have mod points.

          How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?

          That's known as double standard mixed with scapegoating.

          • by 0123456 (636235)

            Well said, wish I have mod points.

            How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?

            That's known as double standard mixed with scapegoating.

            Only if you don't know the difference between software patents and stealing a company's internal software and giving it to their competitors. They're such different concepts that I can hardly see how anyone could confuse the two.

            • Yes, there is a difference: robbery vs steal.

            • by jpapon (1877296)
              Well, no, I see the difference. I was merely pointing out that if you can steal source code, then it is someone's property. If source code can be someone's property, then software patents do indeed have some merit. I mean, let's say some company had an amazing algorithm, and someone left the company, went to China, and created an imitation of it. The only recourse then would be to claim that they stole a "patented idea"...
        • How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?

          Copyrights and patents are different things you know...

    • by kenrblan (1388237)
      Don't worry. The US has a corporate counter-strategy that could be known as the "Billion Clogged Arteries." The overt health destruction agency known as KFC is having a very successful deployment in China.
      Deep Fried Success [bloomberg.com]
  • by Zontar_Thing_From_Ve (949321) on Thursday July 07, 2011 @02:29PM (#36685828)
    In the past the USSR would steal all the technology it could mostly because they lacked the money to develop their own and the Cold War denied them a good way to develop their own stuff, so they just stole it when they could due to lack of alternatives. The Chinese are flush with cash but they are just lazy. It's much quicker to steal something than to develop it yourself, even when you've got the means to do so. An entire generation of Chinese people are being put to work in their system looking for shortcuts like this. You can steal a fish today from the guy next to you who knows how to fish and thereby feed yourself, but what happens tomorrow when he doesn't come to the river and you don't know how to catch fish yourself?
    • by ErikZ (55491) *

      You sit around for 2000 years not advancing and waiting for the next fisherman to show up.

  • Why don't we just summarily shoot these people for espionage? Or do they get a free pass because they're from big, bad, scary China?

    There's a very simple way to deal with China's aggressive, abusive 'Thousand Grains of Salt' campaign: brutally crack down on Chinese spies, and deal with perpetrators mercilessly.

    • by jpapon (1877296)
      That's exactly what they did less than a century ago. Not very progressive, are we?
  • send him to a federal pound me in the ass prison!

  • by MikeRT (947531) on Thursday July 07, 2011 @02:43PM (#36685988) Homepage

    Because the average American cannot believe their lying eyes that China is now starting to go around the world much like the British Empire in advancing its own interests, building its power, subverting local governments and even yes colonizing (how many Americans know that China is exporting surplus population to Africa to help it acquire resources). Stupid Americans make comments about how we can't rush to judgment that Chinese might be more dangerous than other ethnic groups to hire for sensitive positions, despite the fact that it's public knowledge that their government aggressively engages in and encourages industrial espionage. They have a crowdsourcing program for intelligence (of all types) gathering, for fuck's sake.

    But oh no, it's just those evil right-wing extremists and union workers who think China is a serious threat to our people and way of life. Everyone knows they're just a large asian version of Mexico.

  • You stole our code which rigged the markets so a few can benefit.

    How dare you!

    Hackus

  • Buying: I give you money, you give me property.
    Selling: You give me money, I give you property.

    For an exchange, repeat many times a day for lots of people.

    If there is anything more complicated, I want to know about it.

    • by jittles (1613415)
      Joanna: "Hey, what were you guys celebrating last night?"
      Peter: "Oh, uh, I'm not really at liberty to talk about it. (She looks at him) I really can't. (Still looking) Alright, so when the sub routine compounds the interest, right, it uses all these extra decimal places that get rounded off. So we simplified the whole thing and we just-- we round 'em all down and drop the remainder into an account that we opened."
      Joanna: "So, you're stealing."
      Peter: "Uh, no. No, you don't understand. It's uh-- it's very
      • by Thud457 (234763)
        Richard Pryor [wikipedia.org] did it better.

        I don't want to go to jail because there are robbers and rapers and rapers who rape robbers!

        oh, wait, maybe not...

    • If there is anything more complicated, I want to know about it.

      Have fun [cmegroup.com].

  • by dcavanaugh (248349) on Thursday July 07, 2011 @03:24PM (#36686494) Homepage

    I know a number of highly skilled people who have lost their jobs in recent years. Some due to office politics, but mostly it was a combination of downsizing and outsourcing. These folks had some serious knowledge. Management should have considered the consequences of sending these people out the door in search of employment. Let's just say I have seen some spectacular malfunctions of management strategy that I dare not mention in a public forum. Relying on a non-disclosure or non-compete agreement is not much protection when the ultimate sanction (loss of job) is already off the table. If the ex-employee goes to China, good luck with that non-compete agreement.

    IT culture has deteriorated to the point where most employees have a "doomsday" thumb drive with all kinds of information that might be helpful at their next job. With nearly 20% of the work force effectively unemployed and the other 80% paranoid about their future, confidentiality is going to be a scarce commodity.

    At the upper levels of management, there are golden parachutes for a terminated CEO, CFO, CIO, etc. In return for enough cash to sit back and carefully choose their next job, the quid pro quo is that secrets remain secret. At that level, the problem is acknowledged and solved with money. But there are a lot of secrets at all levels of management these days, and employers seem to be surprised when things leak.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Nope. He was fired the day the Feds arrested him.

      From http://in.reuters.com/article/2011/07/02/idINIndia-58048420110702 :
      "Yang had made reservations for a one-way flight to China, due to leave Chicago on July 7, and had asked for corresponding vacation time from his job, the FBI affidavit said."

      • Very interesting. Most people who are going to do something like this don't leak anything until they leave their jobs and bring it all on a thumb drive to their new employer. If this guy followed the standard protocol, he wouldn't have been arrested.

    • These folks had some serious knowledge. Management should have considered the consequences of sending these people out the door in search of employment... If the ex-employee goes to China, good luck with that non-compete agreement.

      The people with "serious knowledge" at the CME probably have decent salaries, opportunity for an end-of-year bonus, and a paid non-compete agreement. The combination of a deferred bonus structure and a weekly paycheck for thumb twiddling should be a reasonable deterrent for mos

      • This looks like the work of someone who was not in the upper echelon of management, and therefore not "incentivized" to maintain confidentiality. Such people often work with information that the company considers top secret, without the compensation package (or even job security) that would cause the secrets to remain secret.

        If the real issue was source code, any rogue programmer at CME (even a contractor) might be able to get a copy from a source code management system.

        Many downsizing and outsourcing init

  • You can write it again.... ooops.. you don't need to write it again. Is unfair, but is like stealing some customized pants that only work for you. It will be a disavengate to try to use these pants.

  • Come on, I thought this was News for Nerds.
    • And why do we insist on calling them "thumb drives"? Is the correct term "USB flash drive" THAT onerous?

      • And why do we insist on calling them "thumb drives"? Is the correct term "USB flash drive" THAT onerous?

        Because A Real Man sticks his thumb into the USB port to copy source code.

  • Dumb ones are caught...
  • If you have access to the algorithms that manage how trades are done, you can potentially manipulate trades to make illegal profit.

    1. Steal code

    2. Write trading code that cheats the system

    3. Profit

    Typical Slashdot joke. Except we know what step two is, and a foreign government may be both directly and indirectly supporting the manipulation. The real world isn't quite so funny;.

  • by ka9dgx (72702) on Thursday July 07, 2011 @09:06PM (#36689822) Homepage Journal

    If the market were fair and open, this kind of thing wouldn't even be possible, because everyone would already know what code runs in the servers. It's the opacity that allows information asymmetry which gets us into trouble every time by enabling market manipulation.

    All trades should be batch processed, every 5 minutes, and all this high-frequency scamming should be pulled out by the root. An open, honest, well regulated market is in the best interest of all investors.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...