Employee behind DJI data leak on Github sentenced to prison and fined

2 min read
(Image credit: Bigstock/artmagination)

A former employee of Chinese drone maker DJI was sentenced to six months in prison and fined RMB 200,000 for unauthorized disclosure of the company’s data to code-sharing platform Github, according to the prosecutor involved in the case.

The office of the People’s Procuratorate of Shenzhen posted on messaging app WeChat on Friday the sentence, though it did not reveal the company’s name. A DJI spokeswoman confirmed to TechNode on Monday that it was the subject of the data breach case.

The codes revealed included those used in an aircraft management platform and spraying system solution, which caused losses of RMB 1.14 million ($170,000) for the company, according to DJI.

According to The Economic Observer, the drone company reported to police in September 2017 that one of its servers had been hacked. An American researcher named Kevin Finisterre, referred to as a “hacker” by Chinese media, sought out the data as part of DJI’s de-bugging program, which pays cash rewards to individuals who report bugs to the company. DJI reportedly launched the bug bounty program following a US Army memo asking its members to not use DJI drones over cyber-security concerns.

The unnamed employee, a 28-year-old engineer who later said he committed the act unintentionally, turned himself in immediately to the local police, and deleted the data after the investigation, according to prosecutors. Shenzhen judges in the case in April this year sentenced the criminal with six months imprisonment and a RMB 200,000 (around $30,000) fine.

DJI is not the only Chinese tech company to be hit by confidential corporate data leaks. A Github repository containing more than 50 megabytes of source code for anime-streaming platform Bilibili was discovered earlier this month. The leaked data contained user names and passwords for an unknown, but reportedly sizable, number of users.

Bilibili later responded that the leaked data were from an older version of the website, and that it had taken measures to ensure user data security.

In March, a publicly available trove containing what was thought to be Huawei enterprise network credentials also on Github was reported by Dutch cybersecurity researcher Victor Gevers.

China is ramping up efforts to enhance intellectual property (IP) protections, as it has been a critical issue in the ongoing Sino-US trade negotiation, reported Reuters citing Shen Changyu, head of the national Intellectual Property Administration, in a press conference held Sunday in Beijing.

Shen said that Beijing will take further measures this year, including amending existing laws and accelerating the efficiency of IP approvals. “Up to five times of the amount of revenue relevant will be charged for malicious torts, which is pretty high even from a global perspective,”(our translation) said Shen.