sb-eu logo
Story image

Tesla's suit against ex-employee a strong case for IP security

16 Jul 2019

A former Tesla employee has reportedly admitted that he stole trade secrets belonging to the company and uploaded them to his own account.

Former engineering employee Guangzhi Cao admitted to uploading .zip files containing the source code to Tesla’s Autopilot software to his personal iCloud account.

What’s more, he is accused of then sharing that code and 300,000 files with his current employer, Alibaba-backed China competitor Xiaopeng Motors (also known as Xmotors and XPeng).

Xiaopeng Motors is reportedly developing technologies similar to Tesla’s Autopilot, Tesla claims.

A court document states:

“Mr. Cao admits that at the time of his separation from employment with Tesla he did not disclose that he had previously made copies of Tesla files during his employment, but Mr. Cao alleges that Tesla never inquired about these materials, or any other confidential or trade secret information, during his separation from employment with the Company, and further alleges that he made extensive efforts to delete and/or remove any such Tesla files prior to his separation from Tesla.”

This isn’t the first time Tesla has been put in a difficult situation following a dispute with an ex-employee. In 2018, Tesla took former US employee Martin Tripp to court for sharing the company’s confidential information.

The entire saga could have been prevented if Tesla had used data loss prevention (DLP) products, according to Digital Guardian cloud services security architect, Naaman Hart.  

“There was no need for this employee to be using their own iCloud for data storage even if the original intent was non-malicious,” says Hart.  

“This should've been detected and blocked, either by identifying the important files and selectively blocking them or by a blanket ban on iCloud.  Simply allowing this to happen has exposed Tesla to potential data loss.  Closing the doors to private cloud hosted services is a proactive approach to preventing data loss.”

“Yes, it's great that Tesla can get information from Apple to help their case, but the data is gone and now it's in the wild for Tesla's competitors to use.  Implementing DLP visibility solutions are also a great reactive measure to retrospectively identify and confirm a specific employee's malicious intent.  This information can enhance any court proceedings and get a positive outcome for the victim.”

“Prevention is better than reaction however, so focusing on forcing employees to use approved and secure channels is the preferred approach.  You don't have to make yourself ineffective, just provide a sufficient set of tools that you can control, rather than allowing people to use services completely outside of your control.”

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More