Intel Insider Theft

A story in The Boston Globe reveals that a former Intel employee stands charged with theft:

In a criminal complaint unsealed Tuesday, the FBI alleged that Biswahoman Pani of Worcester copied a host of confidential Intel documents, including 13 “top secret” company files containing highly sensitive design plans for future processor chips. In the complaint, filed in late August in US District Court in Boston, FBI Special Agent Timothy Russell of the bureau’s Boston computer crime squad said in an affidavit that more than 100 pages of sensitive Intel documents, as well as 19 computer-aided-design drawings, were found in a search of Pani’s house conducted on July 1.

Strange, but a search for Biswahoman Pani suggests I search for Biswamohan Pani instead. A LinkedIn profile on the latter also shows that the name in the story might be wrong.

Biswamohan Pani
Sr Staff Engineer at AMD
Greater Boston Area

Apparently Biswamohan wanted a transfer within Intel to a location closer to his wife, who also worked for the company. Although Intel agreed to the transfer, the accused gave a two-week notice for his resignation, said he wanted to work in hedge funds, and that he would immediately take vacation. He then took a week to relocate and apparently went to work for a rival the following week.

However, Russell said, unbeknownst to Intel officials, Pani had been discussing a possible job at AMD for several months. He began working for AMD on June 2, eight days before his employment at Intel ended. Pani still had access to his Intel laptop and the company’s computer network. Russell said Pani used this access to collect sensitive documents that might have provided valuable competitive intelligence for his new employer.

Certainly reads as though he was ashamed, afraid or intentionally deceptive about his new role at a rival. Good case example of how to detect insider abuse. As soon as he gave notice the SIEM or log management system should have been tuned to alert on any remote access and download activity from his user account. Instead, the case began when another employee “noticed” Biswamohan had joined AMD.

Anyone else think changes to his public LinkedIn profile were the first clue?

Now comes the really interesting part:

During an interview with the FBI on July 23, Pani admitted to obtaining the files, but said he had done so out of curiosity and to assist his wife in preparing for her new job at the Hudson plant.

Given that his wife still works for Intel, why would he be in any kind of rush to access files that she also could access in the future? The case is more clear if he was copying files she was not authorized to, and less clear if they had the same level of access and legitimate need.

This case reminds me of the recent controversy about a retired engineer who stands accused of selling US military information to China:

…prosecutors say Noshir Gowadia used Maui as a base to design a stealth cruise missile for China. He was indicted on 21 counts of conspiracy, money-laundering and falsifying tax returns.

Despite the seriousness of the charges, the case has received scant public attention.

There too, the question of motive is complicated:

Cheryl Gowadia said he’s honest and, in a way, naive. He didn’t bother calling a lawyer when agents showed up at his home and started questioning him.

“He is totally unable to lie. It is not his nature. He’s as honest and truthful and trusting as they come,” Cheryl Gowadia said.

[…]

The defendant’s son, Ashton Gowadia, said it doesn’t make sense that someone with a distinguished career like his father’s would sell military secrets. He also questioned why anyone living a comfortable life would sell classified material for so little money.

“We want this thing in court,” Ashton Gowadia said. “He wants to show the world that he’s innocent and he wants to clear his name.”

There certainly is a shifting perspective on what constitutes illegal activity, as documented in a story from 2000 when the Clinton administration charged Lockheed for sharing satellite secrets with the Chinese:

The Lockheed Martin Corporation has agreed to pay $13 million to the government to settle a case involving the sale of satellite technology to China in 1994, company and Clinton administration officials said today.

In other words, people looking backward in time with a current set of values might accuse people of all kinds of unconscionable activity. Hindsight is clearly 20-20, but did the accused know they were in violation at the time?

Military memory stick found at club

The BBC reports that more than a hundred memory sticks have been lost by the UK military in just four years. I am not sure if there is an increase or trend, but 26 went missing this year and 22 contained classified information. Today has yet another example:

The discovery at a Cornish nightclub of a computer memory stick with details of troop movements on it is being probed by the Ministry of Defence (MoD).

The USB stick, outlining training for 70 soldiers from the 3rd Battalion, Yorkshire Regiment, was found on the floor of The Beach in Newquay in May.

Club movements? I thought that used to be called dancing. Maneuvers in the dark?

Times, locations and travel and accommodation details for the troops were included in files on the device.

Perhaps a soldier handed it to a potential date as a sort of “sorry I don’t have a pen, but you can find me here” pick-up line.

Anyway, I expect new procedures for the military to be forthcoming, now that they have been caught in public with their stick out of their pants, so to speak.

The MoD said that it was carrying out a full forensic examination on the stick this week.

It added that it was “undertaking a programme of improvement to safeguard personal data and sensitive information” as recommended in the Burton report.

Full forensic examination on a USB stick? Phrases like that sound suspicious to me because there is little or no difference between full and regular forensic examinations when it comes to a USB stick.

Good for the MoD. Better late than never. If only they could convince staff to leave their sticks at home when going out on a bender.