Insider Threats

Qualcomm: ‘We’d Like Our IP Back, Please’

It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of engineers each month. Except, well, not quite.

The difference between Kathuria and any given rank-and-file engineer is that Kathuria stands accused by his former employer, Qualcomm, of stealing “confidential documents, processes, schematics, and diagrams related to the chips and software Qualcomm was designing” on his way out the door.

On March 15, 2022, Qualcomm filed a complaint with the United States District Court, Southern District of California, San Diego Division that sought to bar Kathuria (and those with whom he shared the company’s secrets) from using those trade secrets.

Kathuria Discovered by Qualcomm

On December 9, 2021, Qualcomm’s security personnel detected that Kathuria “transferred to his personal email account a zip file containing confidential and proprietary information related to the design of Qualcomm’s chipsets.” When confronted, he acknowledged what he did was wrong; that it fell outside acceptable practices and attested that he deleted the files.

On its face, it seemed the problem was solved.

The insider threat management processes worked. An employee acting outside the approved processes was detected and engaged. The employee’s explanation was apparently accepted, and in-the-moment schooling addressed the behavior.

In a perfect world, such would be the case—but wait, there’s more.

Kathuria waited a few weeks before doubling down; during the month of January 2022, he copied and exfiltrated dozens of files to his personal accounts. On February 1, 2022, Kathuria was formally interviewed as part of the investigation into his behavior. He admitted to copying hundreds of files but claimed he wasn’t stealing them and that they were for his own personal reference.

As the February 1 interview continued, Kathuria was pressed harder by investigators. It seemed he was unaware that his corporate email revealed he’d accepted a job offer with one of Qualcomm’s direct competitors (who was not further identified), and he finally admitted that he had, in fact, accepted a job offer from that competitor.

Kathuria’s Methodology

Kathuria was a trusted insider. His position as a lead engineer within the company provided him with unrestricted access to certain trade secrets. The company’s insider threat management program detected that he was uploading information to his personal email account and flagged the subsequent transfer of hundreds of files to other personal accounts. And at first, it seemed the information and the breach was contained.

But perhaps not; the complaint tells us that Kathuria deliberately circumvented the insider threat control processes designed to protect the company’s confidential information by screenshotting the information and then “transferring image files.”

Insider Threat Management

From the certainty of 20/20 hindsight, we see that while the Qualcomm insider threat playbook succeeded initially, it would appear that in the end, the playbook failed the company.

The original exfiltration of confidential information in December 2021 was apparently explained away in such a manner that the company did not immediately initiate a deeper investigation into this employee with more than 12 years of tenure. Nor, apparently, was Kathuria’s access to sensitive data restricted, leaving him free to try again.

The fact that the Qualcomm complaint revealed that the second instance of successful information exfiltration and theft to have occurred over the course of multiple days between January 8 and January 27 is indicative of an after-action damage assessment rather than an in-the-moment discovery.

The lack of in-the-moment action now has Qualcomm chasing their intellectual property via the legal system.

As of March 22, Kathuria has not yet been served the summons, nor responded within the legal system to the allegations made by Qualcomm.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

Recent Posts

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray…

8 mins ago

Using Generative AI to Understand How an Obfuscated Script Works

Tackling Code Obfuscation When facing a new technical challenge, I’m someone who often feels "in over my head," I tackle…

33 mins ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Jerusalem, Israel, March 28th, 2024, Cyberwire In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security,…

40 mins ago

How a Security Data Fabric Approach Can Transform the GRC Function

Creating a security data fabric protects an organization’s investment in its security and other IT controls by identifying performance issues…

1 hour ago

Zero Trust Meets Insider Risk Management

What do Jack Teixeira, Joshua Schulte, and Korbein Schultz have in common? All three worked for the federal government in…

5 hours ago

Unleashing the Power of AI in Data Security and Compliance Through Advanced Data Discovery

Data protection is the bedrock of good cybersecurity posture. But the foundation of data protection is discovery and classification. As…

11 hours ago