The U.S. Attorney's office in Delaware last week revealed a massive insider data breach at DuPont in which a scientist stole $400 million worth of trade secrets from the chemical company and now faces up to 10 years in prison, a fine of $250,000, and restitution when sentenced in March.

Gary Min, who also goes by the name Yonggang Min, pleaded guilty to stealing from DuPont late last year. He worked as a research chemist at the company for 10 years before signing an employment agreement with Victrex in October 2005 to start working for the DuPont competitor the following January. At DuPont, Min conducted research on high-performance polymer films. Victrex manufactures Peek, a polymer compound that competes with DuPont's Vespel and Kapton.

Min didn't tell DuPont he was leaving until Dec. 12, two months after signing the employment contract with Victrex. From August to Dec. 12, he accessed an unusually high volume of abstracts and PDF documents off of DuPont's electronic data library, prosecutors said. The EDL server, located at DuPont's experimental station in Wilmington, Del., is one of DuPont's primary databases for storing confidential and proprietary information. Min downloaded about 22,000 abstracts and accessed about 16,706 documents--15 times the number of abstracts and reports accessed by the next-highest user during that period.

It's unclear whether Min's frequent access to the database tipped off an automatic alert to DuPont officials or whether his behavior was discovered by studying database access logs. When DuPont discovered Min's EDL usage sometime after he gave notice, it contacted the FBI in Wilmington, which launched a joint investigation with the U.S. Attorney's Office and the Commerce Department.

Min began working at Victrex as planned on Jan. 1, 2006; around Feb. 2, he uploaded about 180 DuPont documents--including some containing confidential, trade-secret information--to his Victrex-assigned laptop computer. The following day, DuPont officials told Victrex officials in London about Min's activities. Victrex seized Min's laptop on Feb. 8 and turned it over to the FBI.

	Ten Signs An Employee Is About To Go Bad
	1. Frequent absences from work
	2. Changes in temperament
	3. Unusual behavior
	4. Frequent efforts to access unauthorized systems
	5. Changes in computer behavior or configuration
	6. Receives a bad performance review
	7. Exhibits signs of financial distress
	8. Office romance goes south
	9. Is terminated
	10. Voluntarily resigns
	Read the full story at DarkReading.com

When FBI and Commerce agents searched Min's home in Ohio the following week, they found several computers with DuPont documents marked "confidential." A software erasure program was in the process of erasing an external disk drive on one of the computers when the agents arrived, prosecutors said. They also found garbage bags filled with shredded DuPont technical documents, as well as remnants of DuPont documents burned in the fireplace.

Investigators said there was no evidence that Min had turned stolen information over to anyone at Victrex, DuPont senior VP and general counsel Stacey Mobley said in a statement.

Min's case isn't unique. Three-quarters of 40 thefts of proprietary and confidential information from 1996 to 2002 examined by Carnegie Mellon's CERT program in a study last July were committed by current employees, says Dawn Cappelli, a senior member of CERT's technical staff. Of those employees, 45% had already accepted a job offer with another company. "In between the time they have an offer and the time they leave is when they take the information," she says.

The majority of Min's EDL searches targeted DuPont's major technologies and product lines, as well as new and emerging technologies in R&D that were unrelated to his research responsibilities, prosecutors said. These were all signs that could have signaled a problem. And they're signs companies should be actively watching for, given the amount of damage that can be done quickly once an employee decides to go over to the dark side.