Chicago Mercantile Exchange Secrets Leaked To China 121
chicksdaddy writes with this excerpt from Threat Post: "A 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange and passed them to officials in China, where he hoped to set up a software firm to help create electronic exchanges, according to a criminal complaint filed in U.S. District Court in Illinois. Chunlai Yang, 49, is alleged to have downloaded "thousands of files" containing "source code and proprietary algorithms" used by CME to run its trading systems. The files were downloaded from a company-owned source code repository maintained by CME to Yang's work computer, then copied them to removable "thumb" drives. The complaint also cites personal e-mail correspondence between Yang and an official in China that contained proprietary CME information."
Shades of an Earlier Era (Score:3, Insightful)
The United States was mighty competitive with Great Britain around the turn of the last century.
Same game, different faces.
Different faces? (Score:2)
Huh? Different faces?
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
But this stuff DOES still go on. No idea about what China's official policy is, but France hardly even hides an official policy of commercial espionage concerning the US. I know there will be nay-sayers [wikipedia.org], but I'm not going to hunt references at work.
Treason... (Score:3)
Putting Source Code for a major exchange in foreign hands is delivering information that can be useful for strategic electronic attacks. In the modern era, such espionage should be considered treasonous.
Re: (Score:1)
So China is now an enemy of the USA?
Or do you mean that giving away a private company's source code equals waging war against the US?
Re: (Score:2)
"Official"? What does that mean? Are you kidding me?
Don't mistake the governmental reflection of the power structure from the power structure itself.
Re: (Score:2)
We've already stolen the most valuable British resources, namely Hugh Laurie and Jude Law.
BTW, The Suspect is a US Citizen (Score:3, Informative)
so if you're gonna rant about H-1B visas, don't bother.
I suppose you can rant about legal immigration in general, if you want.
I thought this would be a fine example of the problems with H1-B workers, but the phrase "49-year-old Chunlai Yang, who is a naturalised US citizen," kept coming up in news articles about the arrest, so I had to give it up.
Re:BTW, The Suspect is a US Citizen (Score:5, Insightful)
Lame troll is lame.
Natural born citizens sell out to foreign countries all the time. Greed is not based on nationality or place of birth.
Re: (Score:2)
But nationalism and sometimes racism is.
The fact you have trouble relating to it says wonders about your culture of origin while at the same time, speaks extremely poorly of you in relation to you culture and the greater world around you.
To put it nicely, you referring to the parent post as a troll, is itself a farce and a trollish position to take.
Re: (Score:2)
The parent is trolling, else he would not have brought up the birther crap.
Over here in reality, people sellout their own nations all the time for money. It happened in the cold war, and for eons before.
Nationalism and racism are for people who have nothing to be personally proud about.
Re: (Score:2)
Nationalism and racism are for people who have nothing to be personally proud about.
Eep. Apt observation, but rather frightening, when you think about how many people don't have anything to be personally proud about.
Fortunately for me, I'm personally proud having constructed this grammatically correct English sentence, so I'm cool.
DOH!
Re:BTW, The Suspect is a US Citizen (Score:5, Interesting)
During the Cold War, many Soviet illegal agents (ie, lacking diplomatic cover; not "illegal immigrants") became naturalized US citizens. It is easier for a US citizen to get close to sensitive data, so its par for the course. If the KGB did it, you can bet the MSS is doing it, too. That's not to say he's a plant of the PRC, but I wouldn't be surprised at all. Just saying.
Re: (Score:1)
so if you're gonna rant about H-1B visas, don't bother.
Why? He may be a citizen now but have originally entered the US and established legal residency under an H1-B visa.
He must be guilty! (Score:2)
Because he's Chinese, in light of our MacArthur-style political climate.
The evidence against him includes screen captures showing Yang in the act of copying source code files to removable drives from his laptop.
Sounds like another Wen Ho Lee [wikipedia.org].
Re:He must be guilty! (Score:5, Informative)
Douglas MacArthur has nothing to do with Joseph McCarthy. If you are going to complain, at least complain about the right thing.
Re: (Score:2)
Re: (Score:3)
Sitting on Edgar Bergen's knee.
Re: (Score:2)
Otter: Germans?
Boon: Forget it...he's rolling....
Re: (Score:2)
Yeah... sorry, trying to beat crowd in posting. Got names mixed up. But you get the idea.
Re: (Score:3)
You know, I've spent years thinking that they were actually the same person. Once again, /. has taught me my one thing for today.
Re: (Score:2)
Yeah keep it straight. MacArthur was the one who demanded that Truman authorize multiple atomic bombing missions in China during the Korean War; MacCarthy was the one who exposed a Russian soviet spy.
The rabid anti-Chinese/anti-communist pose in American politics is owned by no man, it is decades old, spans generations and represents the finest in American consensus. Horrible, horrible consensus.
McCarthy-style (Score:2)
Fix typo. trying to beat crowd in posting. Got names mixed up. But you get the idea.
Re: (Score:2, Interesting)
But with hindsight McCarthy seems to have _under_estimated the USSR's penetration of the US government. He may have been crazy, but it would seem that he wasn't paranoid enough.
Re: (Score:2)
It's a little more complicated than that... CME has a discussion of their match algorithms on pages 42 through 52 of their electronic trading documentation:
http://www.cmegroup.com/globex/files/ElectronicTradingConcepts.pdf [cmegroup.com]
Not that it's necessarily that much harder in principle to implement 10 relatively-simple algorithms, but when you add requirements for performance/latency into the mix it doesn't seem that surprising that there would be some trade secrets in there somewhere.
US Govt Passes Secrets Too! Deliberately (Score:2)
Yup, this is marginally off topic, I admit, but it illustrates private corporation software going to foreign government entitites.
During the Clinton years the Secretary of Commerce forced some companies to sell software to Libya (known for software piracy) for proprietary oil operations (I can't say what) under the threat of federal prosecution if they did not do so.
This amounts to forced transfer of proprietary software, though not including original source code.
I do not think people realize what political
Re: (Score:3)
Re: (Score:2)
I'm not authorized to name names, but the software was essential to the refining of oil into finished products. Anyone in the industry can guess which of a couple companies that might be.
I can tell you that the firm that had to "turn over" the software, made sure that the code didn't have all the trade secrets in it.
The damnable government highjinks are actually undermining our country's companies, which means our jobs. It is our jobs that get lost when these "giveaways" occur because some political deal
Re: (Score:2)
Oh, and guess what then happened to the software that went to Libya?
Programmers who rely on income from their customers will expect this.
Suddenly the company who had to "give" the software to Libya started to get calls for software support from all sorts of places through the Mid-East and elsewhere in the world.
So much honesty and trust in the MidEast. Why it must absolutely be nirvana.
Economic Warfare (Score:2)
Re: (Score:3)
LOL! So that's what that "stux.zh.cn.jpg" file was all about... ;-)
Re: (Score:2)
Oh Noes! (Score:2)
Not the ...
if( traderID.isInsider() )
trade.execute();
else
tradeDelayQueue.push(trade);
... code snippet!
Chinese employees cannot be trusted with secrets (Score:1)
Re: (Score:2)
Is that so much worse than the US using the CIA and NSA to wiretap and bug foreign companies to steal trade secrets [europa.eu] for US companies? (search for "Published cases")
Thousand Grains of Sand (Score:5, Interesting)
The Chinese Government has a policy known as the 'Thousand Grains of Sand' where each citizen is encouraged to bring back a little something from overseas if they can. Then one of the hundreds of thousands of state officials implementing this policy will see what the person brought back and dole out any appropriate reward. This is why Chinese citizens (and some Chinese descended citizens who return to the motherland) are being caught all over the World doing this sort of stuff (eg. in New Zealand Chinese regularly get caught stealing agricultural samples that our higher-value export industries are based on). While anyone can be a criminal, I can't think of any other country in the modern age where this is officially sanctioned.
China wants to be number one in the World, and perhaps they will get there, but it seems an awful shame they're so determined to do so that they are quite unethical (from the majority of the rest of the World's point of view). This is not meant to be a bashing of China, or of Chinese citizens, just an explanation of why these events are becoming more frequent for those unaware of the official Chinese Government policy that encourages behavour considered criminal elsewhere. The Chinese Government will smile at you while robbing your house behind your back (although this is nothing compared to how they treat their own citizens).
Re: (Score:2)
Re: (Score:2, Interesting)
New Zealand Chinese regularly get caught stealing agricultural samples that our higher-value export industries are based on
None other than founding father Thomas Jefferson engaged in this sort of agricultural espionage (smuggling two bags or unhulled rice out of Italy, a crime punishable by death at the time), so its hardly new or damning to the Chinese.
Re: (Score:2, Insightful)
The Chinese learned the lessons of history well. Stealing industrial secrets from China was a favourite of Europeans:
"Similar to other European travellers of the period, such as Walter Medhurst, Fortune disguised himself as a Chinese merchant during several, but not all, of his journeys beyond the newly established treaty port areas. Not only was Fortune's purchase of tea plants forbidden by the Chinese government of the time, but his travels were also beyond the allowable day's journey from the European t
Re: (Score:1)
Remember: Before there was Machiavelli, there was Sun Tze.
The Chinese have been at this far longer than those of us in the West.
Re:Thousand Grains of Sand (Score:5, Insightful)
For as long as there has been property, there have been thieves. The U.S. stole much of its industrial-revolution era technology from the U.K. Europe stole many of the ideas that brought about the renaissance from the Arabs. The Arabs stole much of this engineering knowledge from the Byzantine Romans. They in turn stole from anyone they could lay their blood covered hands on. That's how it works. How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?
They're ideas, goddamnit. They spread. That's why they're beautiful.
Re: (Score:2)
Well said, wish I have mod points.
How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?
That's known as double standard mixed with scapegoating.
Re: (Score:3)
Well said, wish I have mod points.
How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?
That's known as double standard mixed with scapegoating.
Only if you don't know the difference between software patents and stealing a company's internal software and giving it to their competitors. They're such different concepts that I can hardly see how anyone could confuse the two.
Re: (Score:2)
Yes, there is a difference: robbery vs steal.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
How can people on Slashdot bitch about software patents, and then complain about Chinese theft of software?
Copyrights and patents are different things you know...
Re: (Score:2)
Deep Fried Success [bloomberg.com]
Re: (Score:2)
China vs. the USSR (Score:3)
Re: (Score:2)
You sit around for 2000 years not advancing and waiting for the next fisherman to show up.
Re: (Score:2)
Re: (Score:2)
send him to a federal pound me in the ass prison! (Score:2)
send him to a federal pound me in the ass prison!
Comment removed (Score:3, Insightful)
Translation.... (Score:2)
You stole our code which rigged the markets so a few can benefit.
How dare you!
Hackus
What is so secret about exhanges and trade? (Score:2)
Buying: I give you money, you give me property.
Selling: You give me money, I give you property.
For an exchange, repeat many times a day for lots of people.
If there is anything more complicated, I want to know about it.
Re: (Score:2)
Peter: "Oh, uh, I'm not really at liberty to talk about it. (She looks at him) I really can't. (Still looking) Alright, so when the sub routine compounds the interest, right, it uses all these extra decimal places that get rounded off. So we simplified the whole thing and we just-- we round 'em all down and drop the remainder into an account that we opened."
Joanna: "So, you're stealing."
Peter: "Uh, no. No, you don't understand. It's uh-- it's very
Re: (Score:2)
I don't want to go to jail because there are robbers and rapers and rapers who rape robbers!
oh, wait, maybe not...
Re: (Score:2)
Have fun [cmegroup.com].
Did this happen because he was fired? (Score:3)
I know a number of highly skilled people who have lost their jobs in recent years. Some due to office politics, but mostly it was a combination of downsizing and outsourcing. These folks had some serious knowledge. Management should have considered the consequences of sending these people out the door in search of employment. Let's just say I have seen some spectacular malfunctions of management strategy that I dare not mention in a public forum. Relying on a non-disclosure or non-compete agreement is not much protection when the ultimate sanction (loss of job) is already off the table. If the ex-employee goes to China, good luck with that non-compete agreement.
IT culture has deteriorated to the point where most employees have a "doomsday" thumb drive with all kinds of information that might be helpful at their next job. With nearly 20% of the work force effectively unemployed and the other 80% paranoid about their future, confidentiality is going to be a scarce commodity.
At the upper levels of management, there are golden parachutes for a terminated CEO, CFO, CIO, etc. In return for enough cash to sit back and carefully choose their next job, the quid pro quo is that secrets remain secret. At that level, the problem is acknowledged and solved with money. But there are a lot of secrets at all levels of management these days, and employers seem to be surprised when things leak.
Re: (Score:3, Informative)
Nope. He was fired the day the Feds arrested him.
From http://in.reuters.com/article/2011/07/02/idINIndia-58048420110702 :
"Yang had made reservations for a one-way flight to China, due to leave Chicago on July 7, and had asked for corresponding vacation time from his job, the FBI affidavit said."
Re: (Score:2)
Very interesting. Most people who are going to do something like this don't leak anything until they leave their jobs and bring it all on a thumb drive to their new employer. If this guy followed the standard protocol, he wouldn't have been arrested.
Re: (Score:2)
The people with "serious knowledge" at the CME probably have decent salaries, opportunity for an end-of-year bonus, and a paid non-compete agreement. The combination of a deferred bonus structure and a weekly paycheck for thumb twiddling should be a reasonable deterrent for mos
Re: (Score:2)
This looks like the work of someone who was not in the upper echelon of management, and therefore not "incentivized" to maintain confidentiality. Such people often work with information that the company considers top secret, without the compensation package (or even job security) that would cause the secrets to remain secret.
If the real issue was source code, any rogue programmer at CME (even a contractor) might be able to get a copy from a source code management system.
Many downsizing and outsourcing init
Who fucking care if source code is steal? (Score:2)
You can write it again.... ooops.. you don't need to write it again. Is unfair, but is like stealing some customized pants that only work for you. It will be a disavengate to try to use these pants.
Scare quotes around "thumb" drives? (Score:2)
Re: (Score:2)
And why do we insist on calling them "thumb drives"? Is the correct term "USB flash drive" THAT onerous?
Re: (Score:2)
Because A Real Man sticks his thumb into the USB port to copy source code.
Geez (Score:1)
If they have the code, they can game the system (Score:2)
1. Steal code
2. Write trading code that cheats the system
3. Profit
Typical Slashdot joke. Except we know what step two is, and a foreign government may be both directly and indirectly supporting the manipulation. The real world isn't quite so funny;.
Transparency, and the lack thereof (Score:3)
If the market were fair and open, this kind of thing wouldn't even be possible, because everyone would already know what code runs in the servers. It's the opacity that allows information asymmetry which gets us into trouble every time by enabling market manipulation.
All trades should be batch processed, every 5 minutes, and all this high-frequency scamming should be pulled out by the root. An open, honest, well regulated market is in the best interest of all investors.
Re: (Score:3)
Re: (Score:2)
Yeah, you're right, that's completely different. Fat-cat commodities gamblers in Chicago are nothing at all like the ones in NYC.
Re: (Score:2)
Re: (Score:2)
The CME group is the exchange, not the "Wall Street gamblers" you are vilifying. Yes, they're both in the finance industry. No, they are not the same.