The former Google software engineer, Linwei Ding, has been charged by the US Justice Department for allegedly stealing trade secrets related to artificial intelligence from the company. The charges include accusations of intending to utilize the stolen information at two AI-related firms in China that Ding was affiliated with.
If found guilty, Linwei Ding, also known as Leon Ding, could face a maximum sentence of 10 years in prison and a fine of $250,000 for each of the four counts of trade secret theft that he has been indicted on.
Among the data that Ding purportedly misappropriated are details concerning chip architecture and software design specifications for two new tensor processor versions utilized in machine learning and AI, comprehensive technical information about GPUs at Google’s supercomputing data centers, and software design specifications for the central cluster management system (CMS) employed at these facilities.
Attorney General Merrick Garland revealed the charges during an event hosted by the American Bar Association in San Francisco, emphasizing the US government’s commitment to vigorously pursuing individuals engaged in stealing secrets related to advanced technologies like AI to benefit other countries at the expense of national security.
Google employed Linwei Ding, a 38-year-old Chinese national residing in Newark, California, as a software engineer in May 2019. According to the indictment papers unsealed on March 6 in the US District Court for the Northern District of California, Ding’s role at Google involved software development to optimize graphics processing units (GPUs) for machine learning applications at Google’s supercomputing centers. This position granted Ding authorized access to a wealth of confidential information pertaining to hardware infrastructure, software platforms, AI models, and associated applications at Google’s supercomputing centers.
The indictment alleges that Ding abused his authorized access by exfiltrating approximately 500 unique files containing Google’s AI-related trade secrets and covertly uploading them to a personal Google Cloud account. The illicit activities are said to have commenced in May 2022 and persisted until May 2023.
In May 2023, Ding purportedly established Shanghai Zhisuan Technology, a company based in China focused on developing a CMS aimed at enhancing machine learning workloads and expediting AI model training. Subsequently, Ding, in his capacity as CEO of the startup, participated in a China-based incubation program for high-tech startups after openly leveraging his Google background to attract investors and pitching his goal to enhance China’s computational power platform by replicating and upgrading Google’s technology.
Additionally, following the completion of the alleged data theft in June, Ding engaged in discussions with the CEO of a tech startup in China specializing in software for accelerating machine learning on GPUs. The CEO reportedly offered Ding a lucrative compensation package to join the company as its chief technology officer, leading Ding to travel to China in October 2022. During his stay until the end of March the following year, Ding purportedly sought investment opportunities for the company in his role as CTO.
Ding resigned from Google in late December, shortly after allegedly transferring a set of additional confidential documents from Google’s network to his personal account. Although Ding initially explained the upload to Google investigators who detected the activity, a subsequent probe post-resignation uncovered Ding’s alleged data theft, prompting Google’s investigators to retrieve Ding’s Google laptop and mobile device.
The FBI executed a search warrant at Ding’s residence in early January, seizing his electronic devices and other evidence. Subsequent investigations revealed the theft of the 500 files from Ding’s personal Google accounts, leading to his arrest in Newark earlier this week.
Ding’s arrest and indictment underscore the ongoing concerns surrounding the theft of US trade secrets and intellectual property by individuals associated with China-based entities. While cyber-threat groups, often linked to the Chinese government, have been implicated in numerous incidents, recent cases have also involved individuals employed by US companies attempting to transfer sensitive information to Chinese counterparts.