[Photo: Red Owl / Pintinterest.com]

Driving Towards More Effective Detection of Inside Risk

A Case Study from RedOwl.com

Ho hum. Another week, another revelation of insider abuse striking at the heart of a major organization. In the latest example, a former Google executive and top engineer, Anthony Levandowski, has been accused of stealing highly sensitive intellectual property prior to his departure from Google (and later employment with Uber). This intellectual property, the technical details of an autonomous driving technology, was core to the business of eventual Google spinoff, Waymo, who just petitioned a federal court to block Uber’s work on its competing technology after these insider theft revelations came to light.

Incredibly, we still see major organizations continue to focus solely on detection of threats from external, unauthorized actors, while paying relatively little attention to threats from the inside. While fewer in number, these insider abuses tend to be more damaging per incident to the world’s businesses and government agencies.

Let’s consider a few key elements of this particular case, and explore how a technology like RedOwl can help mitigate the risk of the entitled insider who feels it’s their right to take intellectual property with them to their next job.

WHAT HAPPENED?    In January 2016, Mr. Levandowski left Google to launch an autonomous truck company called Otto, which he in turn sold to Uber within half a year of its founding. If Waymo’s lawsuit is to be believed, then perhaps one of the reasons he was able to to exit so successfully and so quickly was the unfair leg up he gave himself by stealing critical design details less than one month prior to his departure. According to Waymo, in December, 2015 - knowing he’d be departing soon to start his own business - Mr. Levandowski began committing a series of actions that would eventually result in this lawsuit, including:

• Searching his corporate Google Drive for access details to a document repository that housed highly sensitive files and code for a project named “Chauffeur”…you guessed it, an autonomous driving technology.
• After gaining access to the repository, he executed a software program that systematically downloaded almost 10 gigabytes of data, or 14,000 files, to his computer.
• Shortly thereafter, he inserted a memory stick into his computer, and proceeded to exfiltrate those files over the course of 8 hours.

The case of Mr. Levandoski mirrors so much of what we at RedOwl have seen in working with our clients, across all verticals. And as we’ve seen with those clients who have decided to proactively mitigate inside risk, a little bit of responsible corporate surveillance, coupled with smart technology and smart analysts, can go a long way to providing early insights into risky behavior. So how could RedOwl have helped in this case? It boils down to three things:

• Always make use of employee context
• Stay hot on the digital trail
• Look for signals in communications

[Click link to continue reading and to contact RedOwl.]