7 votes

Lessons learned from the Google trade secret theft indictment

12 comments

  1. [2]
    creesch
    (edited )
    Link
    Sorry to say, but this article seems like a fluff piece to me, aimed at promoting Cyberhaven's business. The article can be summed in two parts: A Chinese national working for Google stole trade...

    Sorry to say, but this article seems like a fluff piece to me, aimed at promoting Cyberhaven's business. The article can be summed in two parts:

    1. A Chinese national working for Google stole trade secrets to be used in their own startup. They did so by copying data from their Google laptop (exfiltration, really?) into a cloud note-taking app.
    2. Here are the security practices we at Cyberhaven suggest which would have of course all prevented this! Use our AI product! Also, be sure to subscribe to our blog for more cybersecurity news and analysis!
    13 votes
    1. chocobean
      Link Parent
      haha, fair -- probably more appropriate to link to the actual DoJ indictment? I kinda didn't have the attention span to read the whole thing though, so I didn't feel comfortable linking it Admins...

      haha, fair -- probably more appropriate to link to the actual DoJ indictment? I kinda didn't have the attention span to read the whole thing though, so I didn't feel comfortable linking it

      Admins please feel free to swap links or delete :)

      5 votes
  2. [2]
    skybrian
    Link
    Seems like a more cautious spy would have taken pictures of their screen. A more cautious organization would have much more locked-down equipment. It would probably be more like Apple.

    Seems like a more cautious spy would have taken pictures of their screen. A more cautious organization would have much more locked-down equipment. It would probably be more like Apple.

    4 votes
    1. highpulp
      Link Parent
      Since he was stealing from Google, it seems unbelievably idiotic that he used his personal Google drive to exfiltrate the data. Surely it's obvious that that is the one service that Google would...

      taken pictures of their screen

      Since he was stealing from Google, it seems unbelievably idiotic that he used his personal Google drive to exfiltrate the data. Surely it's obvious that that is the one service that Google would have the most insight into. Seems that something like Dropbox or even a thumb drive would've made it much less likely he gets caught. Maybe he thought a Google employee uploading things to a Google service would be normal enough to not raise any red flags, but there were almost certainly better options.

      6 votes
  3. [8]
    chocobean
    Link
    The linked article talks a bit more about the who what why how and lessons learned from a tech perspective rather than a criminal viewpoint, which seems more interesting anyway. In brief: a Google...

    On Wednesday, March 6th, 2024 the US Attorney’s Office of Northern California announced that a federal grand jury had indicted Linwei Ding on four counts of trade secrets theft. Ding was arrested in Newark, California and now faces up to 10 years in prison and a fine of $250,000.

    The linked article talks a bit more about the who what why how and lessons learned from a tech perspective rather than a criminal viewpoint, which seems more interesting anyway.

    In brief: a Google employee uploaded Google files to his personal google drive from his google issued laptop, and was arrested one day before he flies to China

    Timeline:

    2022-2023 - files exfiltrated without detection. Gets hired as CTO of Chinese tech firm and makes himself CEO of a different tech firm

    2023 Dec 02 - google detects Ding uploaded additional file, while he is physically in China, from within China to his personal google drive, using google issued laptop.

    ??? Ding flies back to California ???

    2023 Dec 08 - google internal investigation and Ding signs an affidavit

    2023 Dec 14 - Ding books one way ticket to China, dated Jan 7

    2023 Dec 26 - Ding resigns

    2024 Jan 06 - FBI searches residence, Ding arrested

    Additional links

    https://www.justice.gov/opa/pr/chinese-national-residing-california-arrested-theft-artificial-intelligence-related-trade

    Actual indictment with timeline
    https://www.justice.gov/usao-ndca/media/1341391/dl?inline

    https://www.washingtonpost.com/technology/2024/03/06/google-ai-doj-arrest/

    https://ca.news.yahoo.com/chinese-resident-california-arrested-over-172437839.html

    3 votes
    1. [7]
      teaearlgraycold
      Link Parent
      Got to be honest, Ding doesn’t seem very smart. But of course it’s the ones that make the mistakes that get caught.

      Got to be honest, Ding doesn’t seem very smart. But of course it’s the ones that make the mistakes that get caught.

      5 votes
      1. [6]
        chocobean
        Link Parent
        which makes me wonder how rampant corporate espionage really is? if he hadn't stolen more stuff from China, or if he hadn't ...re-uploaded stolen materials to a google drive, would he have gotten...

        which makes me wonder how rampant corporate espionage really is?

        if he hadn't stolen more stuff from China, or if he hadn't ...re-uploaded stolen materials to a google drive, would he have gotten caught? was that finally what tipped them off?

        5 votes
        1. [5]
          teaearlgraycold
          Link Parent
          Google gives employees full access to (almost) all source code for all Google projects. You're not supposed to look at stuff you don't need to look at, but when I was there I looked at the...

          Google gives employees full access to (almost) all source code for all Google projects. You're not supposed to look at stuff you don't need to look at, but when I was there I looked at the occasional file just for fun and no one ever said anything to me.

          You could theoretically exfiltrate small amounts of data relatively easily by taking pictures of your screen. It's untraceable and unless you're methodologically stealing every line of code from multiple projects you have no business looking at, there won't be a good signal-to-noise ratio with which to pin the IP theft on you.

          2 votes
          1. [4]
            chocobean
            Link Parent
            so, do you think a determined enough and careful enough state backed team could use a video camera to record every single line of a sensitive project, and then convert the video footage back into...

            so, do you think a determined enough and careful enough state backed team could use a video camera to record every single line of a sensitive project, and then convert the video footage back into text format? (or heck, use your billion people to meat-convert video to text)

            If they're careful and split up the effort, it wouldn't look too conspicuous at all among all the regular activity right?

            I suppose on some level no matter how careful they are, thieves will be able to steal this information -- short of making employees live on a Manhatten Project campus and going another step to erasing their brains of content when they leave, maybe corporate espionage is just a fact of life. The real advantage might be in the size of the behemoth and the clout they can throw around. A brand new start up with all the code base of google still isn't google, type of thing.

            1 vote
            1. [3]
              teaearlgraycold
              Link Parent
              If you worked on that project you could absolutely get away with it without anyone ever knowing for sure. Granted, the full dependency tree would be way too much data. But you could get the "trade...

              If you worked on that project you could absolutely get away with it without anyone ever knowing for sure.

              Granted, the full dependency tree would be way too much data. But you could get the "trade secret" parts easily enough. The fact is, however, that there's rarely if ever a magic trade secret part to a software project. It's the combination of a million little things all working together that provide the value.

              8 votes
              1. [2]
                chocobean
                Link Parent
                that's really cool to hear :D and exactly what I was hoping to glean from folks about this topic. Folks on the outside might imagine stolen secrets as like....a sticky note of 11 secret herbs and...

                that's really cool to hear :D and exactly what I was hoping to glean from folks about this topic. Folks on the outside might imagine stolen secrets as like....a sticky note of 11 secret herbs and spices I guess, and less an entire architecture and dependency tree and a huge team of people who all know very well how the whole thing works.

                I wonder if this particular person was more interested in "showing" others that he's got experience and "trade secrets" than actually trying to backwards engineer something with stolen code. He's in his twenties and from the report it sounds like he got hired as CTO for a chinese firm, and then he made up his own company as CEO, and was invited in a third organization all from the clout of "I worked on big secret AI at Google" that he shared on WeChat (Chinese WhatsApp).

                2 votes
                1. teaearlgraycold
                  Link Parent
                  It’s like the low level member of the US military that leaked secrets on Discord. He probably didn’t do much actual damage to the military’s security, he just got his 15 minutes of fame and is in...

                  It’s like the low level member of the US military that leaked secrets on Discord. He probably didn’t do much actual damage to the military’s security, he just got his 15 minutes of fame and is in a lot of trouble.

                  4 votes