Cyber Forensics: Nine Insider IP Thefts

Intellectual Property Expert Witness:
Steps to Prevent IP Theft

9 Insider Intellectual Property Thefts

Intellectual Property Forensics Expert!

Example Intellectual Property Theft:

Here are just a few of the high profile insiders who caused havoc by exposing information or by trying to take down their employer's network.

1. Terry Childs, was an network administrator for the City of San Francisco, CA. Disgruntled because he felt his supervisors were incompetent. Childs held the city's systems hostage for quite some time while he refused to surrender passwords. In April, 2010, Childs was convicted of violating California's computer crime law.
2. A former network and computer system administrator, Ricky Joe Mitchell deliberately sabotaged his employers’ computer systems in June 2012. Mitchell damaged systems owned by EnerVest, an oil and gas company based in Charleston, WV. Mitchell was ultimately sentenced to four years in prison for sabotaging the company's systems. He damaged the systems when he found out he was going to be fire. He deleted backups that were housed in the company’s Houston, TX office and he reset the company's servers to their original factory settings
3. Fidelity National Information Services, based in Jacksonville, FL. experienced a data breach in 2007. The breach was perpetrated by a database administrator William Sullivan. Sullivan had stolen 3.2 million customer records from the company. The records included credit card, banking, and personal information. Sullivan plead guilty to federal fraud charges and was sentenced to four years and nine months in prison and ordered to pay a $3.2 million fine.
4. Patient information forms were stolen from Flowers Hospital in Dothan, AL. The insider data breach took place between June 2013 and February 2014. The forms, stolen by an employee, contained patient information. It is likely the information was used to file fraudulent income tax returns.
5. Fired in May of 2010, 34-year-old Sam Chihlung Yin created a fake Virtual Private Network (VPN) token in the name of a non-existent employee. Passing that off to Gucci IT staff, he managed to obtain access to their computer systems.
6. Army Private First Class Bradley Manning collected and released sensitive military documents to WikiLeaks in 2009. Manning, who is now known as Chelsea Manning, was sentenced to 35 years in prison.
7. Back in 1996, Timothy Lloyd planted a software time bomb in his employer’s computer system. Employed by Omega Engineering Inc. of Bridgeport, NJ, he became disgruntled with his employer over the loss of his job. The result of the software sabotage, according to court document, was over $10 million in loses for contracts and sales. In addition, 80 jobs were lost in the aftermath. He was sentenced in 2002.
8. In April 2014, NRAD Medical Associates discovered that an employee radiologist had accessed and acquired Protected Health Information (PHI) from NRAD’s billing systems. The access was done without authorization. The data breach affected an estimated 97,000 Electronic Medical Records (EMR). The information divulged included: patient names and addresses, dates of birth, Social Security information, health insurance, and diagnosis information. NRAD is based in Garden City, NY. The case was investigated by the Nassau County Police department who confiscated the evidence from the doctor’s home.
9. And the most famous whistleblower to date: Edward Snowden. Snowden released sensitive National Security Agency (NSA) documents. While Snowden actually worked for subcontractor, Booz Allen, he had significant access to sensitive information. Many of those classified documents showed how the United States government was conducting surveillance. Snowden was based in the Oahu, HI offices of Booz Allen when he released the classified documents.

What is the cost of IP Theft to Companies?

Employees steal an estimated $50 billion a year from their employers. It is also estimated up to 75 percent of employees have stolen at least once in their tenure. It is also estimated that almost one third of business bankruptcies are attributable to employee theft.

Steps to Protect Your Business From IP Theft:

Always run background and credit checks on candidates before making any job offer. If possible, also check state licensing boards as well as driving, school, and military service records.

An access control system offers more security than mere physical keys. Access cards are difficult to copy, yet can be easily replaced if lost or stolen and save the cost of rekeying locks.

Provide alarm codes only to those employees that open and close the business. Make sure that each employee (along with the cleaning crew and other vendors) has their own code so you can see who has entered and left the facility.

Use video surveillance and keep a security cameras focused on cash rooms, inventory storage, equipment storage and executive offices.

If you can do so, have all visitors sign in and wear a temporary ID badge. This will give you a list of who has come and gone from your place of business.