Short Bytes: FBI has arrested a DevOps Engineer Zhengquan Zhang for stealing proprietary source code and accessing employee accounts at KCG Holdings where he worked as a supervisor. Zhang deployed malware on company’s servers to get employee login details. He later told that he was afraid of losing his job due to an acquisition.
IIt was known last Friday that an American trading firm KCG Holdings was a victim of an internal data breach, it was brought to fruition by a senior employee named Zhengquan Zhang.
Employed since March 2010, the DevOps engineer Zhang was working as a supervisor at the firm when the news about the internal hacking came to light. He was arrested by the FBI on Friday, April 7, and charged with one count of theft of trade secrets.
Also Read: Longest-ever US Hacking Sentence — Russian Lawmaker’s Son Gets 27 Years In Prison
Between the months of December 2016 and March 2017, Zhang had accessed the accounts of various employees to gather the maximum amount of information. He also stole the proprietary source code of KCG’s trading system and transferred to a remote server, all of this totaling to around 3 million files.
Zhang’s actions were traced on March 25 when he tried to access the home computer of a quantitive analyst who was trying to access KCG’s network remotely. The employee sensed foul smell when he observed repeated disconnections. He was quick to report about the incident which was later tied to Zhang.
Zhang’s supervisor role, given in December 2016, had given him an idea about the ways he could easily hide from company’s tracking system. He confessed his actions to his former supervisor in an email written on Sunday, March 26.
In the email, obtained by the FBI, Zhang told he was afraid of losing his job after KCG’s acquisition by Virtu Financial Inc., and that he was aware of the consequences of his actions. He also admitted that he planted malware on company’s servers and accessed accounts of other employees.
“I am still questioning myself why I did that,” he said in the email.
Now, Zhang might be facing a maximum prison sentence of 10 years and fine of $250,000 or twice the gross gain or loss from the offense.
Also Read: Aadhaar Details Of 1.4 Millions People Leaked Due To Programming Error On Govt Website