Wednesday, November 12, 2014

Hijacking The Secret Sauce: Intellectual Property

I’m always amazed when an employee steals intellectual property (IP) from their company. Only to take it with them as they head out the door for a new job. I wonder what is the thought process that they go through? I’m sure you may know a story or two about people who helped themselves. At one company that I was working for years back, I had set up SNMP (simple network management protocol) monitoring of the printers in the company. In turn that data was fed back into the centralized logging solution. One Friday afternoon I noticed a series of print jobs from a person who I knew had given their notice already two weeks previous. I read the names on the print jobs and I could not stop laughing. He was printing out internal documentation that was not meant to be distributed, let alone taken to his next job.
I picked up my coffee and stifled a smile. I decided to stroll by his desk. I walked by his, let’s call him Frank, desk. I took a sip and said, “Hey Frank. Just packing up?” He looked at me visibly unnerved. “Yup, last day you know.” I took another sip and answered back, “Oh right. Well, best of luck at the new gig.” I winked and walked away.
I positioned myself in a meeting room down the hall and around the corner. I was in a spot where I could see people leaving the building but, I was not readily visible unless someone looked back as they exited. I set up access to the CCTV on my screen and I waited. Thankfully, I didn’t have to wait long at all. Here he came along the hallway with three massive binders full of printouts. I just shook my head. Did “Frank” really think he was pulling one over on people? I was absolutely confused as to his logic.
I picked up the phone and called “Frank’s” boss. After I let him know what was transpiring he quickly slipped down the stairs and was sitting at the front door before the elevator made it to the lobby. They’re slow as molasses in January but, sometimes you really have to love hydraulic elevators.
Needless to say “Frank” was met in the lobby and he surrendered his binders claiming he wasn’t doing anything wrong. He also returned the other large binders that were in the trunk of his car.
This is a type of behaviour that seems to happen a lot. An example that I can point to from another former job is from this article on Ars Technica.
AMD filed a complaint yesterday alleging that four of its former employees—one former vice-president and three former managers—transferred sensitive AMD documents before joining competing graphics chip maker Nvidia and then violated a “no-solicitation of employees” promise. The company alleges that Robert Feldstein, Manoo Desai, and Nicolas Kociuk collectively downloaded over 100,000 files onto external hard drives in the six months before leaving the company. All three and another manager, Richard Hagen, were accused of recruiting AMD employees after leaving for Nvidia.
Since this is already in the public domain I will merely nod my head. I wish I could comment at length on this one but, I can merely say that operations security or OPSEC was not high on their list of priorities.
Another example is the recent case of Dr. Franklin R. Cockerill III who was the president/CEO of Mayo Medical Labs. He was alleged to have been siphoning trade secrets for months prior to moving to a competitor.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.