CME Group Employee Arrested for Stealing Source Code

The FBI arrested a CME Group employee late last week for allegedly stealing proprietary source code from his employer and sending it to China.

The suspect, a 49-year-old Chinese-born US citizen named Chunlai Yang, from Libertyville, IL, was charged with one count of trade secrets theft, a felony offense carrying a maximum sentence of ten years in prison and a fine of $250,000.

Yang was arrested last Friday at the CME office in Chicago, where he worked since 2000 as a software engineer.

The CME Group operates derivatives exchanges in Chicago and New York and develops online trading platforms to support its marketplaces.

The company began monitoring Yang's work activity in May after noticing that thousands of confidential files were downloaded to his computer. It was later established that many of them were copied to removable storage devices.

According to the FBI, the files contained protected source code critical to CME's operations. Investigators also found that Yang exchanged multiple emails with the assistant director of the Logistics and Trade Bureau for the Zhangiagang Free Trade Zone, one of which had CME code attached.

The Zhangiagang Free Trade Zone is an inland river free trade zone located in China's Jiangsu province. It is connected to the Yangtze River and was established in 1992 to strengthen the link between Chinese companies and the international market.

At the time of his arrest Yang had intentions to travel to China. He had a flight booked for July 7th that was departing from O’Hare International Airport.

"CME Group places a high value on protecting its intellectual property and trade secrets. As soon as the company became aware of and confirmed the suspicious activities of one of its employees, CME Group cooperated with law enforcement authorities and moved to terminate the individual's employment.

"As a result, the individual charged with theft of CME Group confidential information is no longer employed by CME Group. The company has found no evidence that customer information, trading data or required regulatory information was compromised," a CME spokesperson commented, according to The Register.