DJI Employee Who Leaked Source Code Sent Behind Bars

A former employee of Chinese drone maker DJI has been issued a prison sentence for the leaking of proprietary source code to GitHub.

Last week, the Office of the People’s Procuratorate of Shenzhen posted the decision on WeChat, which fined the unnamed 28-year-old RMB 200,000 ($29,000). A six-month prison term was also issued.

See also: Court enforces need for warrant before police can access your real-time phone location

According to prosecutors, the former staff member worked as a software engineer and was responsible for developing code for both an agricultural drone management platform and the programming used in agricultural machinery systems.

The source code of both modules was leaked after the programmer opened an account on GitHub and uploaded the code, giving the public easy access.

CNET: Puma Australia shoppers hit with credit card hack, researcher says

When the source code leak appeared on DJI’s radar, the employee handed himself in and deleted the code, telling law enforcement that he was willing to bear the “legal responsibilities” of his actions.

DJI believes that the spread of the source code, as proprietary intellectual property, amounts to $170,000 in damages.

While government officials did not name DJI specifically, a spokesperson confirmed the company’s involvement to TechNode.

TechRepublic: How the cloud is evolving to improve enterprise security

GitHub, as an open code repository, is sometimes used in the distribution of leaked code alongside legitimate coding projects.

Earlier this month, source code belonging to the Chinese video-streaming platform Bilibili was also leaked on the platform. The company assured users that the code was from a legacy build and the modern system had not been compromised. An investigation with law enforcement has been launched and the source code was later removed from GitHub.

In March, a study conducted by North Carolina State University (NCSU) found that over 100,000 GitHub repos have leaked API tokens and cryptographic keys. An analysis of billions of files revealed that new repos are leaking their secrets on a daily basis.

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0