A Wall Street IT engineer has been arrested following accusations that he installed malware on his employer’s computer in order to discover if he was going to be fired.
BleepingComputer reports that 31-year-old Zhengquan Zhang was arrested by the FBI on April 7th under suspicion of hacking his employer’s computer in order to determine whether or not he was going to be fired. Zhang began working for his employer, KGC Holdings, Inc. in March 2010, initially operating out of the companies New York offices before relocating to San Francisco.
Zhang began working as DevOps engineer for the company and was promoted to the role of supervisor, overseeing multiple engineers in his department. Zhang’s role included managing the source code of KGC’s trading platform and the trading algorithms used by the company to manage some of their financial transactions.
Access to the repository containing the source code was heavily guarded, with approved employees receiving encryption keys that decrypted the source code as appropriate for the employee’s access level. On March 25th, a quantitive analyst working for KGC remotely logged into his work computer, then became disconnected from his remote session. After re-opening his session, the analyst found that someone had accessed a folder which held his archived email messages.
The analyst was disconnected from his computer a number of times while trying to work, leading to him becoming suspicious. He began logging the attacker’s unique identifier as it was connecting to his work computer. After providing the identifier to the companies security team, Zhang was quickly identified as the attacker. KGC admins revoked Zhang’s access to the company, began an investigation, and called the authorities.
It was revealed during the investigation that in December 2016, following his promotion to the role of supervisor, Zhang had installed malware on company servers in an attempt to record user credentials. KGC claims that they have found evidence that Zhang then used these credentials to steal parts of the company’s trading program source code and algorithms.
Zhang admitted to his actions in an email sent to a KGC employee following the revoking of Zhang’s system access. According to the email, Zhang knew that the blocking of his accounts, “would happen because [of] what I did in the past few days and Saturday.” He added, “I am still questioning myself why I did that.”
In the rest of the email, Zhang stated that he installed the malware and stole the source code as he feared for his job. He had heard of a potential acquisition by KGC and thought that once it was completed, he would be let go. He began hacking the accounts of other employees in an effort to discover more about the company’s dealings and future plans, but this does not explain why he stole the company’s source code.
Zhang has been charged with one count of theft of trade secrets by the Department of Justice. This charge carries a maximum sentence of 10 years in prison and a $250,000 fine.