Attacks/Breaches

11/2/2018
04:15 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.

A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron.

The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Micron's DRAM technology. The trio is then alleged to have used the stolen data to advance China's development of its own DRAM technology.

Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.

In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhua's own DRAM development work.

The stolen trade secrets included Micron's work on DRAM design and manufacturing, the entire manufacturing process for a specific 25 nm DRAM product, software used to track the product through the fabrication process, and a design rules document. Also allegedly misappropriated was Micron IP relating to a next-generation 1 xnm DRAM product. The indictment estimated the market value of the stolen information to UMC and Fujian Jinhua as ranging from $400 million to a staggering $8.75 billion.

Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the company's US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.

A lot of the stolen trade secrets were contained in PDF documents and multitabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.

The indictment does not indicate what sort of access the Taiwan-based engineer had to these documents in the regular course of his work at MMT. It is also not clear how he managed to download the 900-plus files and put them on personally owned external USB drives and in a personal cloud storage account without being detected. However, in the weeks leading up to his resignation from the Micron subsidiary in Taiwan, the engineer systematically ran numerous deletion processes and the CCleaner utility program on his official laptop to hide evidence of the data misappropriation.

The indictment against the China government-affiliated actors is the latest manifestation of the US government's crackdown on what it says is widespread economic espionage by China. Only earlier this week, the US Department of Justice charged Chinese government intelligence agents with conducting a wide-ranging IP theft campaign targeting American and European aerospace firms.

While a lot of attention is being paid to the geopolitical implications of such actions, for enterprises the main takeaway is the need to better protect against insider threats. While organizations are spending millions of dollars shoring up against external attacks, data suggests they are not doing enough to protect against insiders with trusted access to enterprise networks and data.

Numerous surveys have shown that employees pose as much, if not an even greater, risk to enterprise data than external actors. Many breaches have resulted from negligence and mistakes, while others, such as the one at Micron, have resulted from malicious behavior. Security analysts have long noted the need for organizations to deploy monitoring controls for detecting suspicious or anomalous user behavior to manage the threat.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sixscrews
50%
50%
sixscrews,
User Rank: Apprentice
11/8/2018 | 1:51:31 PM
All too familiar
I'm familiar with insider based IP thefts.

In 2011, a company I once worked for was victimized by a similar scheme. The object of the theft was the source code for software that controlled inverters the company was selling in China.

I have a somewhat tenuous personal connection to this case, as the software embodied some of my work for the company prior to my departure in 2002 - and in 2011 I owned 75 shares of their stock given as compensation for some of the stolen IP.

So I have the rather dubious fame of having a role in developing of something the Chinese thought worth stealing.   Don't think I will ask that be put on my gravestone.

On the other hand, and not as a justification but as a bit of history, in the 19th century US companies used IP developed in England to gain advantage in the textile and other industries.

The thing that really burns me about the IP the Chinese stole was that they could have invented around the ideas disclosed in publicly available patent documents.

Lazy, cheaper, faster - or something else?

As a reader of Chinese literature in my retirement I have found many references to the idea that any exchange between parties has a winner and a loser - equal exchanges are rare and usually denigrated.

And 70 years of pseudo-Marxist tyranny hasn't done much to inspire an idea of a civil society governed by the rule of law.

 
timwessels
50%
50%
timwessels,
User Rank: Apprentice
11/3/2018 | 11:49:02 AM
Espionage the old fashioned way
Well, state-sponsored espionage and theft of intellectual property are staples of how China, and other governments, operate. The Chinese government is mainly concerned with obtaining intellectual property of commercial and military value. Having former Micron employees walk out the door and turn over some of the company's intellectual property to a manufacturer in China is definitely old school, but it still works. While everyone protects against external security threats, the internal security threat remains ever present.
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6260
PUBLISHED: 2018-11-13
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
CVE-2018-16850
PUBLISHED: 2018-11-13
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
CVE-2018-17187
PUBLISHED: 2018-11-13
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options...
CVE-2018-1792
PUBLISHED: 2018-11-13
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
CVE-2018-1808
PUBLISHED: 2018-11-13
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.