RealTime IT News

Ex-Intel Worker Charged With Stealing Secrets

A former Intel (NASDAQ: INTC) engineer is facing charges of stealing trade secrets from his former employer after taking a new job at archrival Advanced Micro Devices (NYSE: AMD).

The FBI unsealed a criminal complaint Tuesday alleging that Biswahoman Pani, of Worcester, Mass., had copied confidential Intel documents -- including 13 designated top-secret and containing highly sensitive design plans for future processors, The Boston Globe reported.

After accepting a position at AMD but prior to leaving Intel, he allegedly downloaded the documents using his corporate laptop while on vacation, according to the Globe report. The charges were filed in the U.S. District Court for the District of Massachusetts in Boston.

"We're aware of the charges facing this individual," Intel spokeswoman Claudine Mangano told InternetNews.com. "Upon learning about potential issues involving this individual, Intel asked the Department of Justice and the FBI to investigate." Apart from adding that Intel believes in protecting its intellectual property, she declined further comment because the investigation is pending.

R. Bradford Bailey, Pani's attorney and a partner at law firm Denner Pellegrino, told InternetNews.com that his client "maintains his innocence and plans on vigorously defending the charges in this case."

Bailey said a probable cause hearing has been scheduled for Sept. 22 in U.S. District Court, but thinks the prosecution will try to proceed by grand jury and try to get an indictment prior to the probable cause hearing. Otherwise, the attorneys would be expected to publicly share some of the information they have against Pani.

According to The Boston Globe, FBI Special Agent Timothy Russell of the bureau's Boston computer crime squad filed an affidavit saying more than 100 pages of sensitive Intel documents and 19 computer aided design (CAD) drawings were found when Pani's house was searched July 1.

According to the affidavit, Pani told his supervisor in May that he was unhappy because he missed his wife, Vandana Padhi, who worked at an Intel facility in California. On May 29, Intel agreed to transfer Padhi to its Hudson, Mass., plant.

But a few hours later, Pani handed in his resignation, saying he was interested in taking a job with a hedge fund. Pani said he would leave the company on June 11, and would be on vacation until that date, but that his wife would continue to work at Intel, according to the Globe report.

The FBI's Russell said in his affidavit that Pani had already approached AMD about working there, and began working at AMD on June 2, while he was still on vacation from Intel, The Boston Globe continued. Intel called in the FBI after an employee learned about Pani's having joined AMD. It also ordered a check of the computer system to see if Pani had accessed confidential documents.

The incident illustrates how many security breaches often happen on the inside of corporations.

San Francisco learned this the hard way recently when system administrator Terry Childs allegedly held the city network hostage by assuming control over all the passwords and user names. Childs is in jail awaiting trial, but actions he took that the city confirmed continue to haunt its IT department.

It also shows that, just because a business is in compliance with regulations, that does not mean it is safe. "Intel has probably passed its SOX (Sarbanes-Oxley) regulatory compliance tests for years, but if the scope of the regulation isn't broad enough, that doesn't mean you're safe, Brian Cleary, vice president of marketing at enterprise access governance vendor Aveksa told InternetNews.com.

"Companies must think about what is the right way to deprovision an employee who has left," Cleary added. Deprovisioning is the process of removing someone's access to corporate computer systems and the network and to offices and other equipment. Accounts that have not been deprovisioned, or orphaned accounts, can cause a huge problem in the enterprise.

"Companies need a roles management capability that enables to determine certain types of employees at certain job functions who can access highly confidential data," Cleary said. "If someone has clearance to access certain data, companies should know what corporate IT should do when that person gives notice. They could remove access to everything except corporate e-mail."