A former Apple engineer who worked on driverless car technology was arrested on his way to start a new job in China with autonomous vehicle start-up Xiaopeng Motors – a Guangzhou-based company also known as XMotors – Apple charged in federal court on Monday.
A criminal complaint charged the former employee, Xiaolang Zhang, with stealing trade secrets and accused him of downloading a blueprint related to autonomous cars to a personal laptop before trying to board a last-minute flight.
Zhang was arrested on 7 July after he passed through a security checkpoint at the San Jose airport.
According to the complaint, he was hired at Apple on 7 December 2015 to work on its autonomous car project – R&D that Apple’s kept very hush-hush. His most recent work was on the compute team, designing and testing circuit boards to analyze sensor data.
That role gave him access to all sorts of juicy, and confidential, databases.
According to the complaint, information about the project “is a closely guarded secret that has never been publicly revealed.”
Apple has been cagey about its research, making general comments about its interest in developing self-driving technology but keeping mum about just what, exactly, the company’s working on. According to the complaint, information has even been kept away from most of its employees. Some 5,000 staff, out of more than 135,000, have been “disclosed” on the project, meaning that they’re working on it directly or know something about it. Fewer people, about 2,700 “core employees,” have access to the project’s databases.
From 1 to 28 April 2018, Zhang took paternity leave following the birth of a child. During his leave, he and his family traveled to China. When he got back, he met with his immediate supervisor, as the complaint tells it, and told him that he planned to resign and move back to China in order to be closer to his ailing mother. Zhang allegedly also told his supervisor that he planned to take a job with XMotors: a Chinese start-up in the driverless car space.
Well, that didn’t particularly reassure his supervisor. Zhang’s boss felt that Zhang was being evasive during the meeting and so he requested the presence of Apple security. By the time the meeting wound up, Zhang had handed over all his Apple-owned devices – two iPhones and a MacBook – and was then walked off the campus.
Apple security then immediately revoked Zhang’s remote network access, badge privileges and all other employee access. He was also reminded about Apple’s intellectual property (IP) policy.
This all went down on 30 April. On 1 May, Apple security asked staff overseeing the company’s juicy autonomous vehicle IP databases for a review of Zhang’s historical network user activity, while a security-focused attorney began to review Zhang’s history of building access and activities on the Apple campus. He also requested a forensic exam of Zhang’s devices.
The complaint alleges that in the days just prior to that meeting with his supervisor, Zhang’s network activity spiked – “exponentially.” He allegedly performed a slew of bulk searches and targeted downloading of “copious” data from one database: 581 database rows one day, 28 rows another day. That’s a lot, compared with the 610 rows of user activity Zhang allegedly generated during the entire previous month. On another database, Zhang allegedly got his hands on a whopping 3,390 database rows: nearly triple the database activity on 1,484 rows he generated between July 2017 and March 2018.
In the two days prior to his announcement that he was off to China and XMotors, Zhang allegedly downloaded PDFs with confidential material such as blueprints for prototype cars and their requirements regarding power, low voltage, battery system, drivetrain suspension mounts, etc. CCTV footage from Apple campus security cameras allegedly showed the soon-to-be ex-engineer entering the driverless car software and hardware labs on 28 April – that would be during Zhang’s paternity leave – and then walking out with a computer keyboard, cables and a big box.
Apple security beckoned Zhang back in for another chat on 2 May. The complaint says that Zhang admitted that he was going after a job with XMotors while he was still working at Apple. Initially, he allegedly denied being on the campus during his paternity leave, but Apple security presented proof that he was. Zhang allegedly admitted he was there and had taken two circuit boards and a Linux server from the hardware lab. Zhang’s rationale, according to the complaint: he thought it would come in handy at a new job – at Apple. He never transferred to that job, though.
He also allegedly admitted to being shown a proprietary chip by colleagues while he was on campus that day, as well as transferring data to his wife’s laptop. Apple’s forensics on that laptop are still ongoing, but the company describes 60% of the data that it’s turned up as being “highly problematic.”
The criminal charge is based on only one of the PDF files that forensics found: a 25-page document containing electrical schematics for one of the circuit boards. The court document contained a sample of the big, prominent, full-caps NOTICE OF PROPRIETARY PROPERTY at the top of the document’s table of contents.
The FBI had a chat with Zhang on 27 June. On 7 July, FBI agents found that Zhang had picked up a last-minute, round-trip, solo-traveler ticket to China.
According to Reuters, XMotors said on Wednesday that there was no indication that Zhang communicated sensitive information from Apple. XMotors also said that it was informed of the case late last month and that it’s been working with local authorities on the probe.
Apple issued this statement:
We’re working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions.
Zhang’s lawyer, a federal public defender appointed by the court, hadn’t been reached as of Thursday. No plea has yet been entered.
Source : Naked Security