Traditionally, by the end of the year we ask our analysts to share the most memorable incidents of the past year. So, in the final digest of 2023, we’ll tell about stealing corporate secrets, putative labourers, genetic information leaks and very vindictive employees.
TRADE SECRET PRESENTATION
What happened: Santa Clara NVIDIA employee accidentally revealed source code of the product by his previous employer’s company during a video conference with former colleagues. Now NVIDIA is facing accusation of stolen trade secrets usage.
How it happened: In 2021, developer Mohammad Moniruzzamana quit Valeo Schalter und Sensoren in Germany and joined NVIDIA. After a year at NVIDIA, Mohammad had a video call with former colleagues from Valeo to discuss work with a mutual customer. However, the call didn’t go as planned: Mohammad demonstrated the screen and showed a PowerPoint presentation to conference participants. Unfortunately, he forgot to switch off the screen demonstration after the call. Thus, all the video call participants saw the window with Valeo's source code and the file called ValeoDocs, which were present on the developer’s desktop. Valeo employees recognized the source code and managed to take screenshots before Mohammad switched off the demonstration.
After the incident, Valeo officials conducted an audit and discovered that Mohammad had taken the training documentation, parking and driving assistance software source code with him before quitting.
In its lawsuit, Valeo claimed that the stolen information was disclosed to other NVIDIA software developers. Valeo representatives believe their trade secrets helped NVIDIA accelerate the development of its own first parking software, saving the company millions of dollars. NVIDIA officials declined to comment on the lawsuit. According to the letter, received by Valeo's lawyers, NVIDIA representatives had no idea of Mohammad's actions.
LEAK OF MILLIONS OF DNA
What happened: a hacker stole data on 6.9 million of 23andMe users. 23andMe is personal genomics and biotechnology company, which offers genetic testing service and provides clients with reports, relating to the customer's ancestry and genetic predispositions to health-related topics.
How it happened: In early October, the hacker forum user claimed stealing DNA data on 23andMe customers. As proof of the hack, the attacker posted the sample data trove with details on one million users.
The company official reported that the hackers obtained the personal data on about 5.5 million people who opted in to 23andMe's DNA Relatives feature. This feature allows users to share their data with other users. It’s known, that the intruders managed to obtain the following data:
- Names
- Birth dates
- Relationship information
- Ancestry reports.
23andMe representatives claimed that the incident occurred because users reused passwords, which have been exposed as a result of data breaches at the side of other companies.
IRREPROACHABLE SLACKERS
What happened: an employee had been receiving a salary from 16 companies for three years, but never went to work.
How it happened: Guan Yue, the resident of China, took jobs at 16 companies over three years. Guan Yue kept a special journal in which she recorded information about her employer, her job position, the date she started work and the details of the bank account, to which her salary was transferred. To commit fraudulent activities from time to time the woman used fake IDs.
Each time the woman had a job interview, she made a video of herself supposedly conducting work meetings. The fraudster shared these videos in the work chats of other companies so that her colleagues would not have any questions. After several months, the employers used to realize that there was no result from the new employee's work and dismissed her.
The fraud scheme was revealed after Guan Yue decided to take her fraudulent scheme to the next level and make it even more impressive. The woman got a job as a senior manager in an IT company and convinced the manager to hire 7 other managers, who had impressive CVs and relevant experience. After three months of work, the company’s CEO understood, that the team was totally inefficient and terminated their employment relationship.
Shortly after terminating the employees, the director began reviewing documentation and noticed some inconsistencies indicating fraud. In addition, one of the employees blurted out that he had worked for another company at the same time. Thus, the CEO contacted the law enforcements.
The police officers revealed that there were 53 people involved in Guan Yue's fraudulent scheme, who successfully passed the interviews and then did nothing. Together with her husband, who was also involved in the fraud schemes, Guan bought a flat in Shanghai. All in all, within three years, the fraudsters managed to earn about 50 million yuan.
VENGEFUL ENGINEER
What happened: the fired employee crashed the large bank’s software development infrastructure.
How it happened: Miklos Daniel Brody worked as a cloud services engineer at US First Republic Bank (FRB). In March 2020, the IS department reported that Brody was violating security policies by connecting of flash drives with pornographic content to his corporate laptop. The HR vice president called the engineer for a conversation. Miklos Brody explained that the flash drive with the allegedly recorded film The Matrix was given to him by friends, and he connected it to his laptop by accident. The next day, the vice-president received a letter from the engineer, in which he explained his mistake by some kind of mental confusion and illness. The letter had no effect and Brody was fired the same day.
The ex-employee was asked to send back the corporate MacBook he had been given. Instead of returning the device, the engineer decided to take revenge on the bank. Luckily for the ex-employee, his corporate laptop was still connected to the bank's corporate network. He connected to First Republic Bank's network, deleted the contents of the bank's repositories, ran a malicious script, modified the code, and crashed some services while running sessions on behalf of former colleagues. The engineer also mailed himself the code he was working on at FRB. The code was worth $5,000. Brody logged in using his personal ID while attempting to impersonate another employee. After the incident, the bank representatives contacted the ex-employee and asked him to return the laptop, but Miklos ignored the request and sent FRB another letter complaining about unfair dismissal.
Total damages, caused by former employee’s malicious actions to the bank accounted for $220,000. The court sentenced Miklos Brody to two years of imprisonment.
SOFTWARE CLEAN-UP
What happened: the former water treatment plant employee nearly caused an environmental disaster.
How it happened: From July 2016 till the end of 2020, Rambler Gallo had worked as an instrumentation technician for Veolia North America. The company also maintained a water treatment plant in the city with a population of 15,000 people in Northern California.
The ex-employee had full access to the water treatment plant system and was responsible for maintaining all instrumentation and programmable controllers. Despite the plant's systems were connected into one internal network, which wasn’t connected to the internet, they could be accessed through the contractor's laptop located at the plant. Rambler Gallo installed remote access software on this laptop.
After the resignation, Gallo connected to the system and initiated the command to delete the tool, which was designed, among other things, to control water pressure, chemical composition and filtration process. Company technicians detected the incident and blocked the employee's access to the system.
The former technician faces up to 10 years in prison and a $250,000 fine.
THE SMALL ACCIDENTAL LEAK
What happened: the data of 5.6 thousand VirusTotal VIP clients was exposed by mistake.
How it happened: The company employee accidentally published the file on the service's platform that contained information about corporate clients of VirusTotal (owned by Google). The file contained such data as:
- Full names
- Email addresses
- Company names.
The file also contained information about US and UK intelligence officers and IS experts from various agencies. Experts found out that the incident affected employees of Deutsche Bahn (Germany's main railway operator), Bundesbank, BMW, Mercedes-Benz and Deutsche Telekom.
The company officials confirmed the unintentional leak of a small amount of contact details and warned customers of possible phishing attacks.
ONE STYLE HACK
What happened: the ransomware attack paralysed the Dallas Police Department.
How it happened: In May 2023, Dallas authorities confirmed that hackers attacked police department resources and gained access to internal information. The incident affected the department's dispatch system, which notifies police officers of emergency calls. Cyber experts believe the attack began with a phishing email. Hackers from the Royal group claimed responsibility for the attack. The attackers claimed to have encrypted "important data", they also promised to publish the stolen confidential information in the public domain.
In December, a similar attack was reported. That time the victim of attackers from INC Ransom was a Californian emergency hospital Tri-City Medical Centre. On 9 November, specialists detected suspicious activity in the organization’s internal systems. Thus, the executives decided to send patients to other hospitals. The Ransom hackers claimed responsibility for the incident, and as for the proof, they published samples of files allegedly stolen from the hospital:
- Individual medical records
- Surgical consent forms
- Tri-City's financial records
- Reports on the distribution of $1.5 billion among the state's medical institutions.
SAFE DATA LEAK
What happened: the Cigna Health database containing 17 billion records ended up in the public domain.
How it happened: Cyber expert Jeremiah Fowler discovered a 6.35TB unsecured database, available online. It turned out that the data belonged to the major player in the health insurance market, Cigna Health. The database in question contained:
- Hospital and doctor names
- Location addresses
- Contact numbers
- Various identification numbers such as the National Provider Identifier (NPI).
The experts also found information about rates for medical procedures among the records.
The company officials admitted the leak and claimed blocking access to the vulnerable database. What’s more, Cigna Health representatives cited that the published information was intended for public access in accordance with regulatory requirements. However, experts believe that this incident indicates security problems at Cigna Health.
Comments