Photo/Tan Yuhan (NBD)

Apr. 28 (NBD) -- A court in Shenzhen has imposed a six-month jail sentence and a 200,000-yuan fine on a former employee of DJI, Chinese manufacturer of the popular Phantom brand of consumer quadcopter drones, for trade secret infringement.

The offender was found to have given away the source codes for DJI's unmanned aerial vehicles for agricultural purposes. Despite reasonable confidential measures taken by DJI, the code leak still caused losses of 1.164 million yuan (172,939 U.S. dollars) to the company.

According to inside information disclosed by Shenzhen People's Procuratorate, researcher Kevin Finisterre in 2017 found a serious loophole in DJI's network security. By exploiting the loophole, hackers can get access to private keys for SSL certificate (also referred to as a "digital certificate") as well as private data uploaded by DJI customers.

Such security flaw rendered DJI's old private keys ineffective, hence putting customer identities, flight logs and other personal data under risk.

After probes, DJI sought out the person responsible - a former employee who posted publicly the codes for the management platform and the sprinkling system of DJI agricultural drones on GitHub, a web-based hosting service for version control using Git.

The codes published, which belong to non-public knowledge and had been applied to DJI drones, are identified as business secrets.

Shortly after being pinned down, the employee immediately wiped off the codes and actively cooperated with the investigation to prevent the situation from getting worse. The person wrote on Twitter, "I unintentionally revealed DJI's confidential information."

"I regret deeply that I have no legal consciousness and I'm willing to take the corresponding responsibilities," the employee also tweeted.

Email: gaohan@nbd.com.cn