Intel sues former staffer for allegedly stealing Xeon cloud secrets in USB drives and exploiting info at Microsoft

Re: A bit of an Intel fail

“fails very much on document control” that does seem to be the case. But I find it hard to believe Intel would not have put him on gardening leave for the period of his notice and locking him out of their systems the moment he told them he was going to leave.

If that is the case and the files were taken after he told Intel he was going to leave it looks like he did not originally plan to take the files when he left. If he were planning to take the files surely, he would have done that before announcing he was leaving when he knew he still had access to them. Not condoning the theft but looks like a crime of opportunity.

Re: A bit of an Intel fail

I can attest that Intel does indeed wall the garden much tighter after you give notice. I worked in the Oregon development fab 11 yrs ago before moving on. At least in the fab, most employees who gave notice would be escorted to the door and have their cube packed up & shipped to them, especially if they were going to work for any company deemed a competitor. I wasn't going to any such company so I was allowed to linger and tie things up for the couple weeks. However, my email was restricted to outgoing only and the fab badge was collected. It was like sort of like being a ghost.

Re: Air gapped espionage

The software used to access and view the controlled documents placed water marks across the screen of "Intel Top Secret" and such along with your username + IP address. It won't stop you from taking a photo, but any photo would pinpoint back to you.

Re: Impressive forensic capabilities

I suspect Intel has gigabytes of logs of people connecting external drives and downloading stuff, and if they investigated them all (even from departing employees) they'd need a lot more staffing for their security team. If they didn't have people who need to do this as part of their workflow (if only because they find it helps them work more efficiently) they would simply ban USB storage connection or only allow whitelisted storage devices owned by Intel and suitably encrypted so they wouldn't work when connected to non-Intel owned PCs.

They were clearly alerted to this by the guy using Intel proprietary knowledge and doing the digging after the fact to find out what information he had accessed. In a way that's smart - if you catch the guy when he's walking out the door you can't prosecute because he hasn't attempted to misuse the info. If you wait until he does, you can send him away for a few years for theft of trade secrets and set a MUCH better example when word of jail time gets around to other Intel employees versus "hey did you hear when Bob was walking out they stopped him and he had copied some data onto an external drive earlier that day so they made him erase it before he could leave?"

Re: Impressive forensic capabilities

Not really...

A client uses Panda Adaptive Defense 360 (ie. a mainstream security offering aimed as small businesses). Within the device security section you can configure much of this behaviour.

Although AD360's device security is a little basic, so block the connection of modems and it will report every time someone plugs their phone in to charge...

Re: Really...?

Seems impressive to those of us not in the know. :)

I just a programmer and "enterprise Endpoint security suites" are not in my area. But I do now consider myself forewarned and for that have an up vote.

Re: MAC address

MAC addresses can be changed or spoofed

Probably sufficiently VIPs can make policies bend to them when it comes to devices they declare essential to their work. I'm not sure exactly how high up a principal of strategic planning is but it's not an entry-level peon.

Because that's what any responsible company would do. For starters would you want a suspected trade secrets thief working for you?

Because, complicit or not, it plays out much nicer for MS to cooperate and deny all knowledge. I mean, they already got the benefit.

"If the reason for the alleged data theft is to benefit the new employer (MS) then why are they co-operating with the Intel investigation, or am I missing something obvious?"

For starters, the goal could have been to benefit Microsoft, but could also be to benefit the employee as in "That guy always gets the good prices from Intel. Let's give him a raise". Someone stealing information might want to avoid telling the new employer that he's going to use illegal means to benefit them; they might be pleased and go along with the crime, but they might turn him in. Much safer just to help them without telling them what you're doing, bag the rewards, and have the ability to do the same with someone else in case they don't give you as much reward as you want. I think it's more likely that Microsoft was surprised to here this happened rather than expect the corruption to go to the top.

Meanwhile, whether that's the case or Microsoft wanted to commit the crime, it's dangerous not to go along with the investigation. Stealing data is illegal. If they can claim that Microsoft did it, Intel gets a ton of money and Microsoft gets investigated by law enforcement. Microsoft isn't going to let that happen. Also, if this ever happens in reverse, Intel will help Microsoft investigate too. No reason to throw that away.

Crime doesn't pay

Because MS (and its executive suite) doesn't want to be prosecuted / fined as a party to a crime?

It is a little hypocritical, as they presumably hired the guy in the first place partly because he knows something incidental about Intel. On the other hand, it's not in their interest to be a blatantly criminal enterprise.

Except web activity would show uploads (but not what) of data.