Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million

Three individuals who worked for DRAM makers Taiwan subsidiary stole Micron IP to benefit company controlled by Chinas government, US says in indictment.

Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.
A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron.
The indictment alleges that Stephen Chen, former president of a Micron subsidiary in Taiwan called Micron Memory Taiwan (MMT), conspired with two other former employees to steal proprietary data on Microns DRAM technology. The trio is then alleged to have used the stolen data to advance Chinas development of its own DRAM technology.
Chen resigned from Micron in 2015 and began working as a senior vice president at United Microelectronics Corp. (UMC), a Taiwanese semiconductor foundry with a technology-sharing agreement with Fujian Jinhua Integrated Circuit, a Chinese government-owned semiconductor plant.
In that role, Chen is alleged to have hired two former MMT process managers to UMC. Both of the engineers allegedly stole confidential and proprietary data before and after quitting the Micron subsidiary and used it to advance UMC and, in turn, Finjan Jinhuas own DRAM development work.
The stolen trade secrets included Microns work on DRAM design and manufacturing, the entire manufacturing process for a specific 25 nm DRAM product, software used to track the product through the fabrication process, and a design rules document. Also allegedly misappropriated was Micron IP relating to a next-generation 1 xnm DRAM product. The indictment estimated the market value of the stolen information to UMC and Fujian Jinhua as ranging from $400 million to a staggering $8.75 billion.
Before leaving MMT, one of the indicted individuals, based in Taiwan at the time, allegedly downloaded over 900 confidential and proprietary files belonging to Micron from the companys US servers. The engineer stored the downloaded files on external USB drives and in a personal Google Drive account that he later accessed while working for UMC.
A lot of the stolen trade secrets were contained in PDF documents and multitabbed Excel spreadsheets. Several of the PDF documents contained hundreds of pages — the biggest one had 360 pages.
The
indictment
does not indicate what sort of access the Taiwan-based engineer had to these documents in the regular course of his work at MMT. It is also not clear how he managed to download the 900-plus files and put them on personally owned external USB drives and in a personal cloud storage account without being detected. However, in the weeks leading up to his resignation from the Micron subsidiary in Taiwan, the engineer systematically ran numerous deletion processes and the CCleaner utility program on his official laptop to hide evidence of the data misappropriation.
The indictment against the China government-affiliated actors is the latest manifestation of the US governments crackdown on what it says is widespread economic espionage by China. Only earlier this week, the US Department of Justice charged Chinese government intelligence agents with conducting a
wide-ranging IP theft campaign
targeting American and European aerospace firms.
While a lot of attention is being paid to the geopolitical implications of such actions, for enterprises the main takeaway is the need to better protect against insider threats. While organizations are spending millions of dollars shoring up against external attacks, data suggests they are not doing enough to protect against insiders with trusted access to enterprise networks and data.
Numerous surveys have shown that employees pose as much, if not an even greater, risk to enterprise data than external actors. Many breaches have resulted from negligence and mistakes, while others, such as the one at Micron, have resulted from malicious behavior. Security analysts have long noted the need for organizations to deploy monitoring controls for detecting suspicious or anomalous user behavior to manage the threat.
Related Content:
NITTF Releases New Model for Insider Threat Program
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Report: Chinas Intelligence Apparatus Linked to Previously Unconnected Threat Groups
6 Ways to Tell an Insider Has Gone Rogue
The 6 Worst Insider Attacks of 2018 – So Far

Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ Black Hat USA 2013 covers SIM card, Femtocell hacking talks. ◂ Discovered: 26/12/2024 Category: security	▸ General Alexander, head of U.S. Cyber Command, to keynote at Black Hat USA 2013. ◂ Discovered: 26/12/2024 Category: security	▸ SAFECode launches program training for firms software security. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million