Levandowski Admits to Stealing Waymo’s IP

The prosecution of former Google engineer Anthony Levandowski ended March 20 when he agreed to plead guilty to one count of theft and attempted theft of trade secrets from Alphabet’s Waymo after pilfering Waymo’s intellectual property (IP).

In early 2018, as a result of Levandowski’s theft, Waymo and Uber settled their lawsuit with a transference of Uber stock to Waymo valued at $245 million. Some 18 months later, the U.S. Department of Justice (DoJ) unsealed a federal grand jury 33-count indictment against Levandowski that detailed the handiwork of the Waymo insider’s theft of Waymo’s trade secrets.

The indictment showed that Levandowski had downloaded and stolen more than 14,000 Waymo documents prior to his departure in January 2016. This information was used to form his own company, Ottomotto. When Uber purchased Ottomotto in 2016 for $610 million, the technologies stolen by Levandowski made their way over to Uber.

While Levandowski initially pleaded not guilty to the 33-count indictment, it would appear that the forensic evidence against him was overwhelming. This included the Uber-funded 34-page due diligence report conducted by Stroz Friedberg, which revealed that Waymo’s files were indeed in the possession of Levandowski well after he had departed the employment of Waymo. Furthermore, Waymo’s internal forensic experts could document the pilfering of the thousands of documents from their infrastructure when they conducted their historical review of network logs.

The single-count plea focused on Waymo’s “Project Chauffeur” and the manner in which Levandowski stole the IP from Waymo and used them for his personal benefit. Specifically, it highlighted how he had downloaded the documents to his personal laptop and then used them some months following his departure from Waymo.

Levandowski may be sentenced to as many as 10 years in prison with a three-year supervised release, fined up to $250,000 and was ordered to make restitution. A specific portion of restitution Levandowski agreed to pay included $756,499.22, which represents costs incurred by Waymo and/or Google in the course of assisting the government’s investigation. In addition, the agreement called for a special condition with respect to permitting any property under Levandowski’s control to be available to be searched during his future supervised release.

This case serves as a textbook example of the insider threat becoming a reality.

The theft of Waymo’s IP was not detected when it occurred. The apparent lack of internal controls and data management schemes allowed the wholesale theft—detection occurred only after Waymo’s technology showed up at Uber.

The key takeaway is that every insider threat program must also include those who are entrusted with the creation or protection of intellectual property.

Christopher Burgess

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 118 posts and counting.See all posts by burgesschristopher