iPhone XS and XS Max in silver, space gray, and gold.
Former Apple Employee Charged With Theft of Trade Secrets Related to Autonomous Car Project [Updated]
The United States Federal Bureau of Investigation this week charged former Apple employee Xiaolang Zhang with theft of trade secrets, according to documents filed with the Northern District Court of California.
Zhang was hired at Apple in December of 2015 to work on Project Titan, developing software and hardware for use in autonomous vehicles. Zhang specifically worked on Apple's Compute Team, designing and testing circuit boards to analyze sensor data.
The intellectual property disclosure on one of the documents Zhang stole
He was provided with "broad access to secure and confidential internal databases" due to his position, which contained trade secrets and intellectual property for the autonomous driving project that he ultimately ended up stealing.
In April 2018, Zhang took family leave from Apple following the birth of his child, and during that time, he visited China. Shortly after, he told his supervisor at Apple he was leaving the company and moving to China to work for XMotors, a Chinese startup that also focuses on autonomous vehicle technology.
Zhang's supervisor felt that he had "been evasive" during the meeting, which led Apple's New Product Security Team to begin an investigation, looking into Zhang's historical network activity and analyzing his Apple devices, which were seized when he resigned.
Apple found that just prior to Zhang's departure, his network activity had "increased exponentially" compared to the prior two years he had worked at Apple. He accessed content that included prototypes and prototype requirements, which the court documents specify as power requirements, low voltage requirements, battery system, and drivetrain suspension mounts.
In a second interview with Apple's security team, Zhang admitted to taking both online data and hardware (a Linux server and circuit boards) from Apple during his paternity leave. He also admitted to AirDropping sensitive content from his own device to his wife's laptop.
All of Apple's evidence was relayed to the FBI after the company's Digital Forensic Investigations team discovered that at least 60 percent of the data Zhang had downloaded and transferred to his wife's computer was "highly problematic." The FBI, in the court filing, describes the information as "largely technical in nature, including engineering schematics, technical reference manuals, and technical reports."
Of interest, the filing also gives a glimpse into Apple's security protocols. To access sensitive projects like Titan, an employee must be logged into Apple's virtual private network and must be granted "disclosure," a status that can only be granted when an employee is sponsored by another employee who already has access to the project, with an administrator reviewing all requests. Approximately 5,000 Apple employees have access to data on Apple's autonomous driving efforts, with the databases Zhang accessed further restricted to approximately 2,700 "core employees."
When hired, Zhang signed an Intellectual Property Agreement and attended a mandatory in-person secrecy training session, which he violated. Zhang was interviewed by the FBI in late June, where he admitted to stealing the information, and he was later arrested attempting to leave to China on July 7.
For stealing Apple's trade secrets, Zhang is facing up to 10 years in prison and a $250,000 fine.
It's no surprise that Apple cracked down on Zhang. Shortly before Zhang's theft was discovered, Apple sent out a lengthy cautionary memo to employees warning them against leaking data to the media. In the letter, Apple said that in 2017, it caught 29 leakers, with 12 of those individuals being arrested and charged.
Update: Apple provided the following statement on the case to TechCrunch: "Apple takes confidentiality and the protection of our intellectual property very seriously. We're working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions."
Update 2: XMotors said there is no indication that Zhang ever communicated any sensitive information from Apple to XMotors, according to Reuters. XMotors also said the firm had terminated Zhang and is supporting local authorities.
Update 3: On July 16, Zhang pled not guilty to the charges.
Zhang was hired at Apple in December of 2015 to work on Project Titan, developing software and hardware for use in autonomous vehicles. Zhang specifically worked on Apple's Compute Team, designing and testing circuit boards to analyze sensor data.
He was provided with "broad access to secure and confidential internal databases" due to his position, which contained trade secrets and intellectual property for the autonomous driving project that he ultimately ended up stealing.
In April 2018, Zhang took family leave from Apple following the birth of his child, and during that time, he visited China. Shortly after, he told his supervisor at Apple he was leaving the company and moving to China to work for XMotors, a Chinese startup that also focuses on autonomous vehicle technology.
Zhang's supervisor felt that he had "been evasive" during the meeting, which led Apple's New Product Security Team to begin an investigation, looking into Zhang's historical network activity and analyzing his Apple devices, which were seized when he resigned.
Apple found that just prior to Zhang's departure, his network activity had "increased exponentially" compared to the prior two years he had worked at Apple. He accessed content that included prototypes and prototype requirements, which the court documents specify as power requirements, low voltage requirements, battery system, and drivetrain suspension mounts.
The majority of his activity consisted of both bulk searches and targeted downloading copious pages of information from various confidential database applications. The information contained within the downloading contained trade secret intellectual property, based on the level of Zhang's access within Apple's autonomous vehicle team.A review of recorded footage at Apple indicated Zhang had visited the campus on the evening of Saturday, April 28, entering both Apple's autonomous vehicle software and hardware labs, which coincided with data download times, and he left with a box of hardware.
In a second interview with Apple's security team, Zhang admitted to taking both online data and hardware (a Linux server and circuit boards) from Apple during his paternity leave. He also admitted to AirDropping sensitive content from his own device to his wife's laptop.
All of Apple's evidence was relayed to the FBI after the company's Digital Forensic Investigations team discovered that at least 60 percent of the data Zhang had downloaded and transferred to his wife's computer was "highly problematic." The FBI, in the court filing, describes the information as "largely technical in nature, including engineering schematics, technical reference manuals, and technical reports."
Of interest, the filing also gives a glimpse into Apple's security protocols. To access sensitive projects like Titan, an employee must be logged into Apple's virtual private network and must be granted "disclosure," a status that can only be granted when an employee is sponsored by another employee who already has access to the project, with an administrator reviewing all requests. Approximately 5,000 Apple employees have access to data on Apple's autonomous driving efforts, with the databases Zhang accessed further restricted to approximately 2,700 "core employees."
When hired, Zhang signed an Intellectual Property Agreement and attended a mandatory in-person secrecy training session, which he violated. Zhang was interviewed by the FBI in late June, where he admitted to stealing the information, and he was later arrested attempting to leave to China on July 7.
For stealing Apple's trade secrets, Zhang is facing up to 10 years in prison and a $250,000 fine.
It's no surprise that Apple cracked down on Zhang. Shortly before Zhang's theft was discovered, Apple sent out a lengthy cautionary memo to employees warning them against leaking data to the media. In the letter, Apple said that in 2017, it caught 29 leakers, with 12 of those individuals being arrested and charged.
Update: Apple provided the following statement on the case to TechCrunch: "Apple takes confidentiality and the protection of our intellectual property very seriously. We're working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions."
Update 2: XMotors said there is no indication that Zhang ever communicated any sensitive information from Apple to XMotors, according to Reuters. XMotors also said the firm had terminated Zhang and is supporting local authorities.
Update 3: On July 16, Zhang pled not guilty to the charges.
USA v. Xiaolang Zhang by MacRumors on Scribd
[ 215 comments ]
Top Rated Comments
(View all)
10 weeks ago
There's no way this wasn't a state-sponsored quid pro quo to give the Chinese company a leg up on automated vehicles. This will continue until there's a 100% punitive embargo on China, including their strategic staples like pork, requiring them to deliver full economic compensation for theft of intellectual property and complete monitored compliance with WTO regulation. Until that happens, this is equivalent to letting banks make tens of billions in fraudulent instruments and then fining them a few million in damages. Their investors don't care about the public and brand cost so long as the penalties are a tiny fraction of profits. China doesn't care either because, at the moment, the benefits outweigh the cost.
10 weeks ago
Glad to see Apple found out and took swift action. Hope he gets the maximum sentence.
10 weeks ago
This is how propaganda and disinformation work...
Step 1: State an unprovable assumption that is designed to make the reader angry.
Step 2: State a second, unprovable assumption based on the first, unprovable assumption, along with a list of retaliatory responses that mirror a current political position that the author is attempting to justify.
Step 3: Try to get a blogger somewhere to focus on the unprovable assumptions and other inaccuracies as a way to justify a political stance, then peddle that blog to a large propaganda outlet like Fox News as a way to legitimize the misinformation.
You forgot Step 3. Maybe you're still working on that?
Yes, folks, this is how it's done.
There's no way this wasn't a state-sponsored quid pro quo to give the Chinese company a leg up on automated vehicles.
Step 1: State an unprovable assumption that is designed to make the reader angry.
This will continue until there's a 100% punitive embargo on China, including their strategic staples like pork, requiring them to deliver full economic compensation for theft of intellectual property and complete monitored compliance with WTO regulation.
Step 2: State a second, unprovable assumption based on the first, unprovable assumption, along with a list of retaliatory responses that mirror a current political position that the author is attempting to justify.
Step 3: Try to get a blogger somewhere to focus on the unprovable assumptions and other inaccuracies as a way to justify a political stance, then peddle that blog to a large propaganda outlet like Fox News as a way to legitimize the misinformation.
You forgot Step 3. Maybe you're still working on that?
Yes, folks, this is how it's done.
10 weeks ago
You'd think that huge amounts of data access would be a red flag for their security people, especially at off hours.
There is no such thing as off hours in Silicon Valley :P
10 weeks ago
I have worked in US tech companies that had teams in China, and leading work that needed to be original in order for us to claim license/patent on it. I found countless times that my colleagues in China submitted content, signed that it was their original work, and I was suspicious by how well written it was. A quick Google search found word for word plagiarism of the material.
After many discussions and getting to know these Chinese colleagues, I learned that as part of a socialist country, they were trained from birth that no one owned any property and so the notion of copying some intellectual property was incomprehensible. They simply operated on the principal that property was community owned so anyone in the community could take it and use it... and anything they created could also be taken and used by anyone else.
Obviously in this case the guy was breaking laws and should have the full extent of the law thrown at him, but we need to understand what we are dealing with when dealing with anything in China. Its not "fair" to trade with someone who is trying to steal your property.
After many discussions and getting to know these Chinese colleagues, I learned that as part of a socialist country, they were trained from birth that no one owned any property and so the notion of copying some intellectual property was incomprehensible. They simply operated on the principal that property was community owned so anyone in the community could take it and use it... and anything they created could also be taken and used by anyone else.
Obviously in this case the guy was breaking laws and should have the full extent of the law thrown at him, but we need to understand what we are dealing with when dealing with anything in China. Its not "fair" to trade with someone who is trying to steal your property.
10 weeks ago
Wow, you're with real empathy! We are talking about a human here not a dead product! Amazing how things are being worshipped and humans are being used these days! What a greedy world!
Yes…a human who stole extremely valuable internal information, potentially providing it to a competing foreign company, and will most likely receive quite a hefty punishment for it in fines and/or jail time.Don’t want to go to jail for a long time? Don’t do things that, if you’re caught, will result in your going to jail for a long time.
10 weeks ago
All of this actually makes Apple look like the devil - all smiles and empathy pretends to the public but in reality, they come across as pure evil if any of their staff go out of line. Must be a pretty horrible place to work in all honesty!
Jeez, you’re really sticking up for this alleged criminal. Maybe you should join his defense team.Anyway, I know multiple people in the Bay Area working for Apple. Some have been at Apple for years. I figure if it was “pretty horrible,” they’d have jumped to other companies by now. Certainly good candidates to do so!
[ Read All Comments ]
If you updated your iPhone to iOS 12 this week and noticed that some Activity Challenge awards are missing, you're not alone.
In a new support document, Apple has acknowledged that five...
The watchOS 5 update, introduced yesterday, brought several new watch faces that weren't available during the beta testing period. These faces are designed to work with the Apple Watch Series 4...
Google today updated its popular Google Maps navigation app, introducing support for CarPlay. With iOS 12, third-party mapping apps work with CarPlay for the first time, giving CarPlay users an...
For a special giveaway this week to celebrate the launch of Apple's new iPhones, we've teamed up with iMobie to offer MacRumors readers a chance to win a 64GB iPhone XS Max and a copy of the...
Apple this morning seeded the first beta of an upcoming tvOS 12.1 update to developers for testing purposes, just one day after releasing the tvOS 12 update.
Designed for the fourth and...
Apple today seeded the first beta of an upcoming watchOS 5.1 update to developers, just one day after releasing the new watchOS 5 operating system.
Once the proper configuration profile has been...
One year after launching the successful live game show app HQ Trivia, Intermedia Labs is planning a new game called HQ Words. Instead of a basic series of trivia questions and multiple choice...
MacRumors has received confirmation that the names of Apple's latest iPhone models are to be stylized with a capital X, followed by the S or R in Small Caps, which are lowercase characters...
