An IT engineer on Wall Street is in trouble for stealing proprietary source code from his employer –but he was only caught after hacking into fellow employees' email accounts.
Zhengquan Zhang, 31, was a DevOps software engineer working with KCG Holdings, an international securities firm on Wall Street. He had been with the company for seven years and had been promoted to supervisor. In addition to managing several other engineers, he was also in charge of managing the source code of the KCG trading platform, as well as the trading algorithms used to automate some financial transactions.
However, according to the FBI affidavit (spotted by Bleeping Computer), everything came crashing down after Zhang received his promotion to supervisor in December 2016. For some reason, Zhang took it upon himself to install malware on KCG Holdings' servers in order to quietly capture the login credentials of his colleagues.
He then used these credentials to access and steal parts of the proprietary source code that had been developed for the trading platform and the algorithms.
No one found out what Zhang did, because his promotion granted him access to the company's Unix-based network infrastructure, so he could hide from the proxy servers designed to monitor traffic in the network. He even managed to send the data he'd stolen out to a remote server without his crime being noticed.
Zhang could have continued to work at KCG Holdings, but in late March he suddenly became paranoid that he might lose his job as he'd heard the company could be acquired soon. He decided to remotely access the email accounts of several employees using the credentials he'd collected, in order to find out if the company's future and his job were at stake.
Caught by the cybersecurity team
Unfortunately, one of the employees he hacked realised what was going on. A quantitative analyst who was working from home on Sunday 26 March noticed that he kept being disconnected from the session that allowed him to remotely access his work computer.
After he kept being disconnected from his account several times over a few hours, he realised that someone else had been accessing his work machine and that the folder that held his archived emails had been accessed, so he managed to log the attacker's unique identifier.
He handed that crucial detail to KCG Holdings' security team, who traced it back to Zhang's computer and cut off access to all of his work accounts that same day – as well as calling in the authorities.
Realising he'd been caught, Zhang admitted what he'd done to his supervisor, saying that he hacked his colleagues because of his fears about losing his job. However, he never explained why he felt it was necessary to steal proprietary source code.
Zhang was arrested on 7 April by the FBI and has been charged with theft of trade secrets, meaning he could be sentenced to up to 10 years in prison and a fine of $250,000 (£195,130). That same day, Virtu Financial Inc agreed to purchase KCG Holdings for almost $1.4bn.