Cybersecurity

A Preview of the CFAA Arguments in United States v. Nosal, Part II: Could “Phishing” be a Factor?

Denise M. Mingrone and Justin GiovannettonePosted on August 21, 2015

Oral arguments for the next round in United States v. Nosal have been set for October 20, 2015 at the Ninth Circuit in San Francisco. So we figured it may be a good time to review both sides’ arguments related to the Computer Fraud and Abuse Act. After doing so, it seems to us that one topic not given any consideration in the briefs, but that may play a role during oral argument is the phenomenon known as phishing schemes, and how such schemes might be compared and contrasted with the scheme alleged in this case. READ MORE →

Hacking Your Rivals – Corporate Espionage in Major League Baseball

Roland ChangPosted on July 10, 2015

As we approach the dog days of summer, baseball season is again in full bloom. We previously discussed old-fashioned sign stealing in the context of teams trying to gain a competitive advantage during an actual game. But it appears these hijinks have evolved in today’s electronic world. As the New York Times first reported, the FBI and Department of Justice prosecutors are investigating front-office personnel for the St. Louis Cardinals, one of Major League Baseball’s most beloved franchises, for allegedly infiltrating the internal network of the Houston Astros. READ MORE →

Will Your Cyber Insurance Respond When You Need It Most?

Russell Cohen, Mark Mermelstein and Nancy E. HarrisPosted on May 22, 2015

As many companies are considering purchasing cyber insurance, they often wonder: “Will my insurer be there when I have a data breach?” Cyber insurers have generally been good in paying claims. But the recent lawsuit featured in this Orrick Client Alert demonstrates that as the landscape evolves, insurers may refuse to cover breach costs by arguing that insureds failed to meet “minimum requirements” for cybersecurity. Tending to cybersecurity policies and procedures before breaches occur is more important than ever. READ MORE →

First Foreign Hacker Is Convicted In The United States Of Hacking Crimes Involving Theft Of Trade Secrets From American Companies

Denise M. MingronePosted on April 30, 2015

A 22-year-old Canadian hacker has been sentenced to federal prison by a Delaware court for engaging in a conspiracy to break into the computer networks of several large gaming companies, to steal trade secret and other information related to unreleased products, and to commit criminal copyright infringement. According to the Government’s Sentencing Memorandum, David Pokora of Ontario, sentenced last Thursday was “a leading member in an international computer hacking ring . . . that committed numerous unlawful intrusions into the computer networks of various technology companies involved in the $22 billion-dollar video gaming industry.” The conspiracy’s victims included Microsoft, Epic Games (which develops the highly popular “Gears of War” series), and Activision Blizzard (which published, among many other successful games, “Call of Duty: Modern Warfare 3”). READ MORE →

Back in a Flash: Sergey “Flash Boy” Aleynikov Returns to Court for New Trial

James McQuadePosted on April 16, 2015

Sergey Aleynikov’s six-year odyssey through the U.S. judicial systems—both federal and state—continues. Last week, Aleynikov stepped into a New York State courtroom to defend himself at trial against a pair of criminal charges stemming from his 2009 arrest for allegedly stealing source code for one of Goldman Sachs high-frequency trading platforms. If convicted on the two counts – unlawful use of secret scientific material and unlawful duplication of computer-related material – Aleynikov could face a return trip to prison for up to eight years. READ MORE →

POTUS Declares Cybercrime a National Emergency, Announces New Penalties for Trade Secrets Theft

Editorial BoardPosted on April 1, 2015

Declaring cybercrime a “national emergency,” President Obama today empowered Treasury to freeze assets that are the fruits of cybercrime, according to an Executive Order issued this afternoon. The agency can block money or property in the United States or in the control of any United States person determined to have engaged in “cyber-enabled activities” originating or directed from outside the United States. Targeted activities include harming computer networks in critical infrastructure sectors; significantly disrupting a computer network; or causing significant misappropriation of trade secrets and other protected information. The EO also enables seizure of money or property of any persons involved in misappropriating trade secrets by “cyber-enabled means” that impact the national security, foreign policy, or economic health or financial stability of the United States.

TSW is tracking the EO and will report further developments.

China’s New Cybersecurity Policies: Is the Price of Compliance Worth the Risk of Disclosure?

Editorial BoardPosted on March 26, 2015

Tensions recently escalated in the United States and China’s ongoing exchange over online security and technology policies, as China adopted the first in a series of policies it previously approved at the end of last year. Among other things, the newly adopted regulations require foreign technology companies that sell computer equipment to Chinese banks to submit to obtrusive audits, set up research and development centers in the country, build “back doors” into their hardware and software, and, perhaps most disconcerting, disclose intellectual property to the Chinese government, including proprietary source code. READ MORE →

Five Minutes With … National Security and Cybercrime Professor Ahmed Ghappour

Editorial BoardPosted on March 20, 2015

This marks the inaugural “Five Minutes With” feature that Trade Secrets Watch will run occasionally. These will be question-and-answers with notable figures in the trade secrets world.

TSW got a chance to sit down with UC Hastings College of the Law professor and Liberty, Security & Technology Clinic founder Ahmed Ghappour. He had a lot to say about trade secrets, cybersecurity, and encrypting “all the things.”

TSW: Ahmed, TSW is dying to know what you’ve been up to lately in the world of economic espionage. What’s the inside scoop? READ MORE →

Remote Controlled: Keeping Trade Secrets Safe While Employees Work Remotely

tradesecretwatchPosted on February 26, 2015

One of the biggest challenges the cyber-security field faces today—aside from outright hacking—is the fact that employees’ data is increasingly portable. Data portability can be a major boon for employers. For instance, it may allow an employer to offer its employees the ability to work remotely (something that can improve employees’ work/life balance, or could be a reasonable accommodation for an employee’s disability). However, data portability can also present major risks for an employer, particularly if an employee stands to profit from misuse of that information. READ MORE →

Russian Perspective: Can Sending Confidential Information to Your Personal Email Address Constitute a Disclosure of a Trade Secret?

Olga AnisimovaPosted on February 17, 2015

Imagine that you are the General Director of a company (the Russian equivalent of an American CEO), and your information security department finds out that an employee, who you have long suspected of industrial espionage, has sent important confidential information belonging to the company to his personal email address. In that situation, what would you do? Would you (a) do nothing for the moment and wait until you have more definite proof of industrial espionage; (b) make the employee tell you why he sent the information to his personal email address; or (c) dismiss the employee? Clearly, you need to find out who the information is being sent to and maintain your reputation for enforcing the rules.