Skip Navigation

Case Studies

SnowdenAmerican SuperconductorGoogle v. Uber

Snowden

Snowden represents the classic leaker. He made clear that his intentions were to “right the perceived wrongs” that

were being committed by the NSA. He was motivated by ideology in his view of the “greater good.” Snowden had become disillusioned with his work and his perceived illegalities. Snowden’s actions have undoubtedly cost the government billions in operational costs as a result of disclosed programs and methods. While the full circumstances Snowden’s actions and methods for exfiltrating the classified information are not fully known, a robust insider risk management strategy and toolset should have, in theory, been able to identify and detect his actions.

Event

By May 2013, Edward Snowden reportedly downloaded various classified information onto flash drives and removed them from NSA facilities. He thereafter requested time off for medical treatment and on May 20 traveled to Hong Kong. During subsequent interviews, he made clear that his intentions were to “right the perceived wrongs” that were being committed by the NSA. He does appear be motivated by some sense of self-aggrandizement, but mostly by ideology in support of his view of the “greater good.”

Persona

Snowden represents the classic leaker. Snowden enlisted in the Army in 2004 was soon discharged due to injuries suffered in training. By 2006, Snowden landed a position with the CIA and by 2009 Snowden had become disillusioned with his work and his perceived illegalities of the USA Patriot Act. This disillusionment caused his supervisor to write a memo discussing Snowden’s change in demeanor and work habits, raising suspicion that he had attempted to unlawfully access documents. Soon after, he left the CIA for a position with Dell computers where he provided IT contract support for the NSA. In 2013, he left Dell to work for Booz Allen Hamilton, another contractor for an NSA. Between 2009 and 2013, Snowden’s disillusionment over government surveillance increased.

Impact/Cost

Snowden’s actions have undoubtedly cost the government billions in operational costs as a result of disclosed programs and methods. His actions also greatly impacted the culture and reputation of NSA, which has overtly manifested itself in the form of numerous congressional inquiries and waning public support.

Solution

While the full circumstances of Snowden’s actions and methods for exfiltrating the classified information are not fully known, based on published reports, he appears to have been able to successfully download a vast amount of information to a thumb drive. This raises numerous questions regarding monitoring and the extent to which his actions were visible to security personnel. A robust insider risk management strategy and toolset should have, in theory, been able to identify and detect his actions.

American Superconductor


American Superconductor is a wind turbine company based in Massachusetts. Among their products, was software to regulate the flow of electricity from wind turbines to electrical grids. The case involves the recruitment of one of American Superconductor’s engineers, Dan Karabasevic by its competitor, Sinovel, a Chinese company. Karabasevic secretly copied the source code from American Superconductor’s computer system, which was then provided to Sinovel.

Karabasevic fits the classic definition of a conspirator. He was recruited by a competitor and thereafter engaged in activities designed to promote their interests. Karabasevic’s actions have had catastrophic impacts on American Superconductor’s business operations, culture and value. They lost 90% of its intrinsic value in nine months and $1 billion dollars in market value.

Here again, a solid user monitoring tool would have been able to provide the necessary visibility to alert on this activity.

Event

American Superconductor is a wind turbine company based in Massachusetts. The core business is the development, support, and production of equipment and software for wind turbines and electrical grids. Among the products, was software to regulate the flow of electricity from wind turbines to electrical grids. This software source code was developed by American Superconductor and deliberate steps were taken to protect it from unauthorized access and use. Among these measures, physical access to workspaces was restricted and employees were required to create and use a unique password to access the computer system. The case involves the recruitment of one of American Superconductor’s engineers, Dan Karabasevic by its competitor Sinovel, a Chinese company. Karabasevic secretly copied the source code from American Superconductor’s computer system, which was then provided to Sinovel.

Persona

Karabasevic fits the classic definition of a conspirator. He was recruited by a competitor and thereafter engaged in activities designed to promote the interests of Sinovel, as well as his own. Karabasevic appears to be financially motivated as he was offered a large salary and other expenses for his activities.

Impact

Karabasevic’s actions have had catastrophic impacts on American Superconductor’s business operations, culture and value. They lost an immediate $1 billion in contracts that were due to them from Sinovel. They also lost several other contracts as a result. This forced the layoff over 80% of its workforce having untold impacts on those employees in the future of the company itself.

Solution

While the company appeared to have placed various security measures to protect its source code, these appear to be limited to access control. Beyond limiting physical access and requiring unique login, there appears to have been little or no actual monitoring of the network itself or of Karabasevic’s behaviors. A solid user monitoring tool would have been able to provide the necessary visibility and alert on this activity.

Uber


In March 2017, Google filed suit against Uber alleging that former Google engineer Anthony Levandowski secretly downloaded 14,000 proprietary technical files pertaining to its self-driving technology before leaving to found self-driving truck startup Otto Trucking. Uber then acquired Otto shortly thereafter and put Levandowski in charge of its self-driving efforts.

Anthony Levandowski is the classic opportunist. He sought personal advancement by leveraging his position with Google into a much larger venture that ultimately included Uber. This case is still pending in the courts, but it has already impacted Uber and placed their entire business at risk.

According to public reports, Levandowski was able to freely download over 14,000 documents without being detected. Here again, a solid user monitoring tool would have been able to provide the necessary visibility to alert on this activity.

Event

In March 2017, Google filed suit against Uber alleging that former Google engineer Anthony Levandowski secretly downloaded 14,000 proprietary technical files before leaving to found self driving truck startup Otto. Uber acquired Otto in the summer of 2016 and put Levandowski in charge of its self driving efforts. According to the complaint, Levandowski told coworkers in the summer of 2015 that he had talked with Uber about forming a self driving car startup and that Uber would be interested in buying it. Throughout the rest of 2015, Levandowski allegedly recruited other Google employees and in December 2015, connected a laptop to Google’s network for eight hours and downloaded 9.7 gigabytes of data. Google doesn’t appear to have logged what the laptop did but the implication is that data was copied from the laptop to a memory card. Thereafter, Levandowski allegedly reformatted his work laptop and never used it again. Then, on January 4, 2016 downloaded five confidential technical documents to a personal device. Thereafter, he allegedly met again with Uber executives, officially formed a new company, then resigned from Google on January 27, 2016. February 1, 2016, he officially incorporated Otto Trucking. In early August 2016, Levandowski collected his final multimillion dollar payment from Google and shortly thereafter on August 19, 2016, Uber announced a deal to acquire Otto for $680 million.

Google began an investigation in the summer of 2016 after they suspected that their intellectual property had been misused. Then on December 13, 2016, a Google employee was accidentally copied on an email from a vendor intended for Uber which contained technical documents that Google believes are its designs.

Persona

Anthony Levandowski is the classic opportunist. It appears to have sought personal advancement by leveraging his position with Google into a much larger venture that ultimately included Uber. Based on published reports, he doesn’t appear to have sought to intentionally to harm Google, but simply to advance his own entrepreneurial interests.

Impact/Cost

This case is still pending in the courts, but it has already impacted Uber and placed their entire business at risk. It remains to be seen how much impact this will have to Uber’s market value, however, Uber’s CEO has publicly stated that self-driving technology is integral to Uber’s future revenue. Therefore, any judgments that prevent their use of this technology will undoubtedly have vast impacts on their value and since they are reportedly valued at over $26 billion, this could be catastrophic. This case is also impacted Uber’s reputation and culture as they have seen several executives depart in numerous negative press stories about business practices and low morale.

Solution

According to public reports, Levandowski was able to freely download over 14,000 documents without being detected. There appears to be have been a lack of monitoring of their network from both an asset- centric perspective that should have alerted on the large download activity, as well as a people- centric perspective that should have alerted Google to the fact that it was Levandowski that was performing the downloads. In fact, there appears to have been no proactive awareness or visibility of Levandowski’s actions. It was not until six months later when Google decided to conduct a forensic investigation that they uncovered these activities.