FBI: Insider Stole from Fed Reserve

Programmer Charged With Stealing Proprietary Code

By , January 24, 2012.
FBI: Insider Stole from Fed Reserve

Prosecutors have charged a former computer programmer at the Federal Reserve with stealing software used to track federal collections and payments.

See Also: Actionable Threat Intelligence: From Theory to Practice

The Federal Bureau of Investigation announced that its complaint against Bo Zhang had been unsealed. Zhang was arrested and charged Jan. 18 for stealing proprietary code used by the Department of Treasury in its Government-Wide Accounting and Reporting Program. The program, which is used to track government finances and issue account statements for federal agencies, cost an estimated $9.5 million to develop.

Zhang, 32, of Queens, N.Y., reportedly admitted to authorities he copied the code and used it as a training tool for a personal side business. He now faces up to 10 years in prison and a $250,000 fine.

The source code is maintained by the Federal Reserve Board of New York. Zhang allegedly accessed the code between May 2011 and Aug. 11, 2011, while working as a contracted programmer at the Federal Reserve Bank in New York.

Mike Braatz, senior vice president and general manager of bank fraud for Memento, a fraud-management software services provider, says what's notable about the case is that the Federal Reserve is taking the threat seriously by prosecuting the suspect. "But," he adds, "the fact that this type of breach was able to go unnoticed until the suspect notified his supervisor is further evidence that organizations of all types can and should be doing more to monitor the activities of insiders and detect and investigate suspicious behavior."

FBI Assistant Director Janice K. Fedarcyk said the case highlights vulnerabilities the nation's cyberinfrastructure faces from internal threats. [See Insiders: Security Risk No. 1.]

"Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software," she said. "His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code."

According to court files, Zhang was hired last May by an unnamed consulting firm that had been brought in by the Fed to work on computers. Investigators uncovered the breach after one of Zhang's colleagues told a supervisor he had lost a hard drive containing the code.

Julie McNelley, a research director and fraud analyst for Aite Group, says the case reinforces the value of information. "It's not just money that's the target, but also intellectual property, which can then be monetized in a variety of ways," she says. "As organizations are looking to secure their infrastructure, they need to be aware of all the ways in which valuable data could be exposed and stolen, and implement technologies and procedures to mitigate that risk."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Industry News: Trend Micro, HP Collaborate

Leading this week's industry news roundup, Trend Micro and Hewlett Packard collaborate to help...

Latest Tweets and Mentions

ARTICLE Industry News: Trend Micro, HP Collaborate

Leading this week's industry news roundup, Trend Micro and Hewlett Packard collaborate to help...

The ISMG Network