Incidents

Programmer is sent to jail for leaking source code of Chinese drone maker DJI

A former employee of the Chinese drone manufacturer DJI was sentenced to prison for leaking the private keys of the company’s repositories at GitHub, as reported by specialists in cybersecurity.

The company’s private keys were exposed to the
public at the beginning of 2018, because of this, any user with access to the
key, and with the required skills and knowledge, could have acceded to the
company’s encrypted flight control firmware, as well as eliminate some
restrictions on the drones.

Li Zhanbin, the employee responsible for the leaking,
worked in DJI creating code for a drone control platform, as well as in the
programming of devices used in agricultural machinery systems, the specialists
in cybersecurity mentioned.

The employee leaked 4 company’s source code repositories
by opening an account on GitHub,
loading the code in a public repository and making it accessible to any user on
this platform. The employee also leaked an SSL key for the company’s website,
which could spoof this site and decrypt communication between the company’s
devices and its servers in China.

The programmer argues that he accidentally shared
these private keys, adding that, after discovering his error, he immediately
removed the code from GitHub and reported the incident to law enforcement and
the company, adding that he was willing to face the legal consequences of his
mistakes.

Cybersecurity specialists from the
International Institute of Cyber Security (IICS) confirmed that Li Zhanbin was
sentenced to six months in prison, in addition to paying a fine equivalent to
$30k USD for revealing trade secrets. However, the company has mentioned that
the losses caused by this leak of confidential intellectual property have
caused damages of about $170k USD, five times the value of the imposed fine.

The company still does not know if any user was
able to access the filtered material during the time that the repositories
remained exposed to GitHub users; further reports on the incident will be
expected over the next few days.

To Top

Pin It on Pinterest

Share This