Getty Images/iStockphoto

Former Google engineer charged with stealing AI trade secrets

Linwei Ding, a Chinese national, allegedly evaded Google's data loss prevention systems and stole confidential information to start his own China-based AI company.


Listen to this article. This audio was generated by AI.

A Chinese national and former Google employee was indicted for allegedly stealing sensitive files and trade secrets related to the company's AI technology.

The U.S. Department of Justice (DOJ) unsealed an indictment against 38-year-old Linwei Ding, also known as Leon Ding, of Newark, Calif., where he was arrested on Wednesday. Ding is charged with four counts of theft of trade secrets and faces a maximum penalty of 10 years in prison and up to a $250,000 fine for each count, according to the press release.

Google hired Ding as a software engineer in 2019, and part of his responsibilities included developing the software deployed in the vendor's supercomputing data centers. He is accused of stealing more than 500 unique files of Google's propriety AI-related data while secretly being affiliated with two China-based technology companies. According to the indictment, one of the companies was a startup that Ding himself founded to train large AI models.

"The Justice Department will not tolerate the theft of artificial intelligence and other advanced technologies that could put our national security at risk," Attorney General Merrick Garland said in the press release. "We will fiercely protect sensitive technologies developed in America from falling into the hands of those who should not have them."

The alleged thefts occurred between May 21, 2022, and May 2, 2023. The DOJ said Ding was able to transfer a significant amount of confidential information from Google's network to his own personal Google accounts without setting off any alarms.

"For example, he allegedly copied data from Google source files into the Apple Notes application on his Google-issued MacBook laptop. By then converting the Apple Notes into PDF files and uploading them from the Google network into as separate account, Ding allegedly evaded detection by Google's data loss prevention systems," the DOJ said.

The indictment expanded on the data loss prevention (DLP) systems and Google's security protocols. Google had implemented other security protocols such as requiring unique device identification and authentication for all systems connecting to its network and two-factor authentication for work-related Google accounts.

In addition, the indictment said employee activity was logged, "including file transfers to platforms such as Google Drive or DropBox." The company's DLP system was intended to log certain data transfers to and from Google's network, but it somehow missed Ding's usage of the Apple Notes app.

Furthermore, access to sensitive information such as the AI trade secrets Ding is accused of stealing was restricted to a subset of employees. TechTarget Editorial asked Google for additional comment on how Ding was able to evade detection. A Google spokesperson provided the following statement:

We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets. After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.

Covering tracks

In addition to evading the DLP systems to extract files, Ding is also accused of manipulating Google's restrictive access badge system to hide a trip to China in December. He allegedly left his badge with another Google employee, who repeatedly scanned it at the entrance of a U.S. Google office, even though Ding was in China.

Ding allegedly had made an earlier, extended visit to China from October 2022 through March 2023. During that period, according to the indictment, he became the CTO for a China-based startup called Beijing Rongshu Lianzhi Technology Co. Ltd., raising capital for the company and accumulating 20% of its stock. Ding also worked to establish his own China-based AI company, Shanghai Zhisuan Technology Co., which launched in May.

The technology he allegedly stole from Google held the foundation of the vendor's supercomputing data centers, which the DOJ press release said "are designed to support machine learning workloads used to train and host large AI models."

Shanghai Zhisuan Technology Co. is involved in training large AI models powered by supercomputing chips, according to the indictment. The DOJ alleged that Ding shared a document with members of a Zhisuan WeChat messaging group that stated, "we have experience with Google's ten-thousand-card computational power platform; we just need to replicate and upgrade it -- and then further develop a computational power platform suited to China's national conditions."

Around this time, Google started to grow suspicious of Ding's activity. The indictment claimed that on Dec. 2, Ding uploaded more files from the Google network to another personal Google Drive account.

"Ding told a Google investigator that he had uploaded the files to his personal account to use the information as evidence of the work that he had conducted at Google. Ding assured the investigator that he had no intention of leaving Google," the indictment said.

While Ding signed a self-deletion affidavit on Dec. 8, promising he had deleted all copies of sensitive data, he ended up resigning on Dec. 26. Days later, after investigators discovered that Ding had presented at MiraclePlus, a China-based startup incubation program, Google locked his laptop remotely. Google also then uncovered how he had obfuscated his trip earlier that month to China by checking surveillance cameras.

The FBI executed a search warrant for Ding's residence on Jan. 6 and found the stolen files in a Google Drive account. Ding had booked a flight departing on the following day from San Francisco to Beijing.

As of Wednesday, the FBI and Commerce Department continue to investigate the case. The DOJ said the law enforcement action was a coordinated effort with the Commerce Department's Disruptive Technology Strike Force, which launched in February 2023. Over the last year, the strike force has been credited for charging 14 cases related to Russia, China and Iran.

Arielle Waldman is a Boston-based reporter covering enterprise security news.

Dig Deeper on Threat detection and response