back to article Feds cuff programmer in alleged trading-ware theft

Chunlai Yang, a 49-year old Chinese-born American, has been charged with stealing proprietary software code. Yang worked for CME Group – which makes trading platforms for commodity derivative markets – as a programmer. CME has been monitoring his computer use since May. He has worked for the company since 2000. He appeared in …


This topic is closed for new posts.


theft of trade secrets. = 10 years and 250K? harsh!

am i the only one who thinks the world would be better off without the stock markets?


The Law...

...has always been to protect property 1st, people 2nd.

Rob a bank, no one hurt 10years+

Beat the living daylights out of someone...Smack on the wrist to a few years.

Silver badge

@Mark 63

Yes you are the only one.

Actually 10 years and 250K fine is pretty light considering he wouldn't serve this time due to a plea deal.


I guess my prognistications that there **is** a market...

... for illicit financial market and trading software is, unfortunately, a correct one:

**** Matt Asay's original take on the matter:

-- --

-- -- -- Scrolling about 1/2-way down:

-- -- -- "While the BSA is concerned with paid-for, proprietary software, most of the world's software is not written by proprietary software firms, but instead by enterprises whose primary business is not software, but rather finance, pharmaceutical and so on. The software written by Morgan Stanley for Morgan Stanley simply isn't going to be pirated."

**** My response in the Comments to the above article:

-- --

-- -- -- Again, about 1/2-way down:

-- -- -- "To use Morgan Stanley as an example: A slightly-off-center firm could "buy" a chunk of code from a disgruntled Morgan Stanley IT wonk, reverse-engineer the code to gain insight into Morgan Stanley's trading algorithms, and look for routines related to arbitrage transactions**. They could then design more efficient, lower-latency routines that take better advantage of price difference windows, thereby gaining a competitive advantage with regard to automated trades.

Never underestimate the power of (successful) industrial espionage."

**** Then on March 18, 2011, Dan Goodin of El' Reg reported that a Goldman Sachs programmer got sent to the Big House for code theft:

-- --

... and now we have this guy (Chunlai Yang).

It's good that the Law Enforcement community is taking prompt action to keep such sensitive information from falling into the wrong hands. However, the questions I have regarding these affairs aren't "What were the alleged perpetrators were trying to steal/sell?" or "To whom were they trying to deliver the stolen code?" but rather "What were their fundamental motivations?" and -- most importantly -- "What did they leave behind [in the systems they compromised]?"

Since much of the world's major market Exchanges (and economies in general) are so software driven, it really makes one wonder how easily an incident lik the Flash Crash of 2010:

-- --

could be triggered intentionally, for either personal gain or, more sinisterly, large-scale economic sabotage.

(Wasn't sure whether I should use Battle Stations, or Black Helicopters. Flipped a coin; Battle Stations won.)

Black Helicopters


re: "It's good that the Law Enforcement community is taking prompt action to keep such sensitive information from falling into the wrong hands."

If you read the article it said one email, containing proprietary code was sent. Surely that means that at least some of the code is in the wrong hands.

If DARPA can build a flying camera platform that looks like a moth, I think pest control is going to have to be added to the PCI-DSS and HIPAA.

Black Helicopters, really small, black helicopters.


"If you read the article it said one email, containing proprietary code was sent."

Touche`; I stand corrected. :-)

Perhaps I should have said "It's good that the Law Enforcement community is taking the incident seriously and has initiated a (hopefully very thorough) investigation."


No Sympathy

If it could cause "great economic damage" for your competitors to see your Source Code, then you're way beyond help already.

Keeping secrets from the people who pay your wages only works as a business model until your clients discover that there is an alternative. That's why you've heard of OpenSSH, but you've never heard of Tectia Corp.



Was any encryption used? Was he naive enough to send it as plain-text?

This topic is closed for new posts.