DuPont scientist admits downloading, stealing $400M worth of trade secrets

Computerworld - In a case that highlights the dangers posed by malicious insiders, a former research scientist at DuPont has admitted to downloading and stealing proprietary and technical information valued at $400 million from the company.

Gary Min pleaded guilty to stealing trade secrets from Wilmington, Del.-based DuPont in November 2006, but details of the case were officially unsealed only today by U.S Attorney Colm Connolly in the U.S. District Court in Delaware. Min, who also goes by the first name Yonggang, faces up to 10 years in prison and a fine of up to $250,000 when he is sentenced on March 29.

According to the details released today, Min started worked as a scientist at DuPont in November 1995 and focused mainly on research involving a certain type of high-performance films. In June 2005, he started talking with a U.K.-based multinational firm, Victrex PLC, about possible job opportunities in Asia and eventually accepted a job with the company in October 2005. Though he was scheduled to start working for Victrex in January 2006, he did not inform DuPont about the job until Dec. 12, 2005.

Between August 2005 and December 2005, Min downloaded approximately 22,000 abstracts and viewed approximately 16,700 full-text PDF documents from DuPont's Electronic Data Library (EDL) server, which was located at a company facility in Wilmington. The EDL server hosts DuPont's primary databases for storing confidential information. A large portion of the downloaded material had nothing to do with his primary areas of research; instead, it covered most of DuPont's major technology and product lines, including some emerging technologies that were still in the research-and-development stage.

The theft was noticed only after Min announced his plans to leave DuPont, when an internal probe by the company uncovered his unusually high EDL usage and the large volume of abstracts and reports he had accessed -- about 15 times higher than the next-highest user of the system.

DuPont immediately contacted the FBI and the U.S. Department of Commerce, both of which launched a joint investigation of Min's activities. About a month after Min started work at Victrex, he uploaded about 180 DuPont documents, including ones containing trade secrets and confidential information, to a Victrex-owned laptop computer. Victrex officials in London were contacted by DuPont and informed of the theft. Victrex then seized Min's laptop and handed it over to the FBI.

A raid of Min's home in Ohio on Feb. 14, 2006, uncovered several computers with confidential DuPont information, numerous garbage bags that were filled with shredded DuPont technical documents as well as evidence of documents that had been burned in a fireplace. At the time federal agents entered the house, Min had launched a software erasure program on one of the computers in an attempt to destroy the contents on its hard disk.

"The cooperation of both DuPont and Victrex was pivotal to the investigation of the case," Connolly said in a statement. The case demonstrated the "important partnership" between private companies and the government when it comes to safeguarding intellectual property rights, he added.

A statement issued today by DuPont commended the U.S. Attorney's Office and the other federal agencies involved in the investigation for their "leadership and professionalism" in handling the issue. DuPont also said there has been no evidence uncovered so far to show that Min actually disseminated the technology he illegally accessed.

Read more about security in Computerworld's Security Knowledge Center.