Former Google Engineers Indicted for Exfiltrating Tensor Processor Trade Secrets to Iran
These articles are AI-generated summaries. Please check the original sources for full details.
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
The U.S. Department of Justice indicted ex-Google engineers Samaneh and Soroor Ghandali, along with Mohammadjavad Khosravi, for trade secret theft. The defendants allegedly exfiltrated hundreds of files containing sensitive processor security and cryptography data to unauthorized locations in Iran.
Why This Matters
This case highlights the gap between ideal internal security models and the technical reality of insider threats, where employees with legitimate access bypass safeguards via manual methods like photographing screens. Despite Google’s enhanced safeguards, the exfiltration involved highly sensitive hardware IP, specifically the Tensor processor used in Pixel phones, demonstrating that technical access controls often fail against determined actors using non-digital capture methods.
Key Insights
- In 2023, Google’s internal security systems detected unauthorized activity by Samaneh Ghandali, leading to immediate access revocation.
- The exfiltration involved trade secrets for mobile computer processors, specifically the Tensor chip used by Google for Pixel devices.
- To bypass digital monitoring, defendants used manual screen photography to capture hundreds of documents before traveling to Iran in December 2023.
- The indictment follows the 2024 conviction of Linwei Ding, another ex-Google engineer who stole thousands of AI-related documents for a Chinese startup.
Practical Applications
- Use case: Google internal security monitoring detected anomalous file access in August 2023. Pitfall: Relying solely on digital transfer blocks fails when insiders use mobile devices to photograph physical screens.
- Use case: Companies like Intel and Qualcomm (referred to as Company 2 and 3) were targeted for ASIC design and hardware engineering secrets. Pitfall: Lack of cross-company coordination on insider threat indicators allows actors to move secrets between major industry competitors.
References:
Continue reading
Next article
Adding Photos to PDFs with macOS Preview: A Step-by-Step Guide
Related Content
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The SEC dismissed its case against SolarWinds after court rulings questioned allegations related to the 2020 APT29 supply chain attack.
LeakBase Admin Arrested: Russian Law Enforcement Dismantles Major Stolen Credential Marketplace
Russian authorities arrested the alleged administrator of LeakBase, a cybercrime forum hosting hundreds of millions of stolen credentials and bank details.
DOJ Charges 54 in $40.73M ATM Jackpotting Scheme Using Ploutus Malware
The DOJ indicted 54 individuals linked to the Tren de Aragua gang for ATM jackpotting attacks using Ploutus malware, resulting in $40.73 million in U.S. losses since 2021.