Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Software Engineer Charged With Stealing Company Secrets

Unsealed Indictment Describes Alleged Insider Theft Scenario
Software Engineer Charged With Stealing Company Secrets
Xudong Yao is believed to be living in China (Image: FBI)

A former software engineer for an Illinois-based locomotive manufacturer allegedly stole proprietary information and other intellectual property from the company before fleeing to China, according to an indictment the U.S. Justice Department unsealed Thursday.

See Also: How to Build Your Cyber Recovery Playbook

Xudong Yao, 57, has been indicted on nine federal counts of theft of trade secrets, according to the U.S. Attorney's Office for the Northern District of Illinois, which is overseeing the case along with the FBI. Yao, who also used the first name "William," is believed to be living in China, according to federal prosecutors.

During his time with the company, Yao allegedly downloaded thousands of computer files and other documents that contained various company trade secrets and intellectual property, including data related to the system that operates the unnamed manufacturer's locomotives, according to the indictment.

While Yao was taking his former employer's intellectual property, he was negotiating for a new job with a firm in China that provided automotive telematics service systems, the Justice Department alleges. Yao was born in China, but he’s a naturalized U.S. citizen, according to the FBI.

Theft of trade secrets is a federal crime that carriers a possible 10-year prison sentence for each count, according to the Justice Department. It's unclear whether Yao will ever return to the U.S. to face the charges. China law does not allow extradition of its citizens.

Deception From the Start

The locomotive firm in suburban Chicago hired Yao in August 2014 as a software engineer, prosecutors say. Yao's alleged theft of company secrets and data started almost immediately, the indictment says.

After two weeks on the job, Yao downloaded more than 3,000 electronic files from the company that included about the systems that ran the company's locomotives, prosecutors allege.

Over the next six months, Yao allegedly continued to secretly download documents and intellectual property from the company, including more technical details as well as source code, according to the indictment. At the time he was taking these files, Yao was also negotiating for a new job at the Chinese firm, authorities allege.

In February 2015, Yao was fired from his job at the Illinois locomotive company, according to prosecutors. At the time, his former employer was not aware that Yao allegedly had downloaded and stole thousands of documents and files, authorities say.

In July 2015, Yao made copies of the files and documents and traveled to China to start his new job there, according to the indictment. In November, he made one final trip back to Chicago, traveling through O'Hare International Airport with "nine copies of the Chicago company's control system source code and the systems specifications that explained how the code worked," the indictment alleges. Yao then traveled back to China and has remained there since, prosecutors say.

In December 2017, a federal grand jury in Chicago indicted Yao on the nine charges of theft of trade secrets. That indictment remained sealed until this week.

Malicious Insider

Verizon's 2019 Data Breach Investigation Report found that that nearly 20 percent of cybersecurity incidents and 15 percent of the data breaches in 2018 involved employees working within a company. And while that covers both careless and malicious activity, these types of insider threats are a growing concern for companies of all sizes, says Terence Jackson, the CISO of Washington-based security firm Thycotic Software.

The Verizon report notes that malicious insider behavior has increased at least 50 percent since 2015.

"The indictment lists multiple instances where the malicious insider downloaded massive amounts of documents, and it seems that no one was able to detect these actions early on," Jackson says. "Enterprises should be performing data classification to first identify and classify highly sensitive data and intellectual property."

Aggressive Prosecutions

Over the last several months, the Justice Department has announced several pending cases or convictions connected to China involving and involving intellectual property.

For instance, on Tuesday, a federal judge sentenced a former U.S. State Department employee to more than three years in prison and a $40,000 fine for accepting cash and gifts from Chinese intelligence agents in exchange for information, according to Fox News.

In November 2018, the Justice Department unsealed an indictment charging a Chinese state-owned firm and its Taiwan partner for allegedly stealing trade secrets from U.S. chip maker Micron Technology, according to news reports.

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.