Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

To Catch a Trade Secrets Thief – The Computer Forensics Way

On January 13th, the FBI arrested a former medical director of a pharmaceutical company in New Jersey for allegedly stealing trade secrets.

Essentially, the accused transmitted proprietary information either to his personal email address, onto a USB drive, or to his new employer (another company that is a direct competitor of his former employer.)

This post will focus on the forensic computer investigation that uncovered the alleged illegal transfer of trade secrets.

INSTRUCTIVE FOR INVESTIGATORS

The sixteen (16) page criminal complaint presents not just the details of the crime, but the fundamentals of the computer forensic investigation, which I think would be useful for investigators to have some familiarity with.

The New Jersey pharmaceutical company discovered the theft and notified the FBI after the accused left the company and went to work for a direct competitor.

Data Loss Prevention Basics

The company had in place an internal computer monitoring system, otherwise known as “Data Loss Prevention” (DLP),

Data Loss Prevention includes two (2) tools:

  1. Network Data Loss Prevention (NDLP), that tracks employee email activity, and
  2. Host Data Loss Prevention (HDLP), embedded in all company work computers.

As the complaint details, “The [accused’] company computers prompted a Security Group (SG) alert on both the NDLP and HDLP monitoring tools.”

The DLP Tool had identified 106 company documents transferred from the accused’ computer through a “web post” to his personal accounts.

A “web post” describes a process in which an employee transfers company information to a private email address which is subsequently transmitted to a cloud service.

Examination of Work Issued Laptop

An examination of the accused’ laptop uncovered the transfer of almost 1600 files onto at least seven (7) USB devices, besides transferring some proprietary information onto his new computer issued by his new employer.

After the FBI reviewed the company’s internal computer forensic investigation, it executed a search warrant at the accused’ home, and uncovered two (2) of the USB drives, and a box containing other proprietary documents.

CASE REVIEW2016 – PHARMA TRADE SECRETS THEFT

Just to bring some context to the importance of what the New Jersey pharma security team did in this recent case, I want to draw your attention to another pharma-case post I published in July 2019 titled, Composition of a Chinese Trade Secrets Theft Enterprise: A Family Affair–UPDATE

The 2019 post was an update to a 5-part series I’d written about the theft of trade secrets from another pharmaceutical firm (GlaxoSmithKline (GSK).)

Briefly, in the GSK case, the conspirators transmitted trade secrets information to their personal email accounts and/or downloaded it onto USB drives too, except, computer monitoring did not uncover the unauthorized transmission of the trade secrets, another employee brought it to GSKs attention after overhearing one conspirator brag about the big money that would come her way.

Here are the two last points I made in that post.

This case reminds us of two fundamental trade secrets protection strategies:

  1.  Establish and maintain a vigorous company email monitoring program; and
  2.  Conduct periodic background checks of employees who have access to complex and valuable trade secrets.

When you consider the potential impact these two basic IP protection strategies could’ve had had in disrupting this trade secrets theft enterprise sooner, similar companies–going forward–should zealously implement those actions.

Instead, the thieves were able to disseminate countless trade secrets from 2012 until on or about November 3, 2015.

Terminating this scheme should not have depended on one informant (as important as informant development is) overhearing or being bragged to. That was an exceptional opportunity (in this case) that companies cannot rely on.

FINAL THOUGHT

Again, in this digital age, it is critical that companies embrace computer monitoring as one (of several) strategies required to keep its intellectual property fenced in.

Disclaimer: IPPIBlog.com is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in IPPIBlog.com. We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP Investigations / Protection writer and licensed private investigator in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has published a number of articles on various investigative topics for PI Magazine. Ron is certified by the Interpol-International IP Crime Investigators College (IIPCIC.) as a "Transnational and Organized Crime Intellectual Property (IP) Investigator."

2 comments on “To Catch a Trade Secrets Thief – The Computer Forensics Way

  1. Tech forensics is becoming an interesting field, I have done consulting for medical malpractice and finance cases, and recently I think tracing crypto currency transactions will be next.

  2. THOMAS MANLEY

    Thank You for this edition of the Blog
    I agree with your final point analysis
    These companies must develop more effective employee monitoring techniques
    in order to protect themselves from tis sore of crime
    Good Work
    Tom Manley
    Special Agent FBI- Retired

Leave a Reply to Ahmad Alokush Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: