Silicon Valley Concern Says It Thwarted Software Theft

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://www.nytimes.com/2002/09/20/technology/20SOFT.html

September 20, 2002
By JOHN MARKOFF


SAN FRANCISCO, Sept. 19 - A Chinese software programmer was arrested
Tuesday after a Silicon Valley company complained that he had tried to
steal software used in seismic imaging of oil fields, company
officials said today.

The programmer, Shan Yanming, 32, has been in the United States since
the end of April as part of a contract between the state-owned China
National Petroleum Corporation and 3DGeo Development., a Mountain
View, Calif., software company.

Executives at the company said that the Chinese programmer, who had
been training in the use of the company's software, was caught trying
to use a company computer password to download company software to a
portable computer last Thursday.

At the time, the company confiscated the computer and told the
programmer to leave the premises and return to his apartment. He was
arrested by F.B.I. and local law enforcement officials on Tuesday at
the San Francisco International Airport while waiting to leave the
country.

The programmer, who is in custody at the Santa Clara County Jail, has
not yet been charged, according to an F.B.I. agent involved in the
arrest.

"He was trying to gain access to our high-end seismic imaging
software, which is proprietary," said Dmitri Bevc, president and
co-founder of 3DGeo.

Silicon Valley companies have frequently been the target of both
industrial and government espionage. Executives at the software
development company said that they had discovered another Chinese
employee from the same company trying to steal software five years
ago, but had not reported the incident to the government.

As a result of the earlier incident the company was alert to the
possibility of theft, he said.

"We were watching him," Dr. Bevc said. "We knew that a security risk
was possible. Our engineers were watching him and they saw him start
to do this."

According to the company officials, the programmer had a software tool
known as crack that is used to extract passwords that have been stored
and encrypted. But they said they did not believe that the program had
been used successfully. Instead, they said the programmer might have
observed another employee entering the password and then copied it.

3DGeo executives said they did not have any indication whether the
attempted theft was sanctioned by the Chinese National Petroleum
Corporation. They said the Chinese company had purchased one program
from the company, but that the theft involved a more powerful software
program that would typically sell for $100,000 to $200,000.

F.B.I. officials said the programmer had been assigned a public 
defender. Calls to the Chinese consulate in San Francisco were not 
returned.

 
_______________________________________________________________________
eric wolbrom, CISSP                     Safe Harbor Technologies
President & CIO                         190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000            Katonah, NY 10536
Fax   914.767.3911                              http://www.shtech.net
_______________________________________________________________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.