Exploits of Enterprise Espionage

Exploits of Enterprise Espionage

On January 22, Tesla filed a lawsuit against a former employee, Alex Khatilov, a software engineer who was previously part of its Quality Assurance team. The QA team was responsible for developing software to automate business processes and tasks for Tesla’s production and sales operations.

The US car manufacturer has accused Khatilov of theft of trade secrets and breach of contract. In the filing, Tesla claims the employee copied code and files from its back-end system, WARP Drive. When Tesla’s internal security team approached Khatilov about violating their strict regulations, the former staff member apparently deleted the files.

Khatilov’s employment was short-lived. He only joined the EV company on December 28 last month but as soon as he had his foot in the door, he started to upload scripts and file written in the programming language, Python to his personal Dropbox account. Just over a week later, Tesla’s security team approach him.

Tesla takes its internal operations very seriously to safeguard its intellectual property. The code in question is a serious concern as it could disclose to competitors important and valuable systems that Tesla has spent years developing. When Khatilov was questioned on his suspicious activity, he claimed the files were copied to Dropbox by accident as he was simply trying to create a backup folder on his computer, which got transferred to Dropbox unintentionally.

Unfortunately, even past lawsuits are not a deterrent for dubious employees. In 2018, Guangzhi Cao was sued by the EV manufacturer for duplicating its Autopilot source code to personal devices and accounts before moving to a new job at Xiaopeng Motors (Xpeng), the Chinese electric automaker.

Tesla learned that Cao had abruptly resigned then suddenly took a job with XPeng causing them to investigate the employee’s activities leading to the discovery of copied code to his personal iCloud account. He allegedly transferred over 300,000 files and directories that were directly related to Autopilot. Then after getting his new job at XPeng, Cao had tried to log into Tesla’s network in an attempt to clear his browser history. Unfortunately, Cao came off second best and Tesla took him to court.

XPeng also seems to have a habit of trying to get former employees to divulge secrets. The Chinese EV manufacturer reportedly attempted to hire a former Apple employee involved in a covert self-driving project. This got the FBI involved and the company was charged with trade secret theft. However, the Chinese car maker sent a statement to news outlets saying, it “fully respects any third-party’s intellectual property rights and confidential information,” and they insisted they would start their own internal investigation into the matter.

In 2019, there were multiple legal cases against employees removing confidential information and then taking up jobs at Rivian and Zoox. In fact, one of the cases included former Tesla technician, Martin Tripp who actually did admit to passing on confidential information to a reporter.

In the case of Zoox, a self-driving startup, four ex-employees of Tesla who took up employment with Zoox, also admitted to being in possession of documents from Tesla. These documents had specific information that Tesla claims helped Zoox catapult itself by learning how Tesla developed and managed its logistics, warehousing, inventory control, and distribution.

The four employees were named as Sydney Cooper, Scott Turner, Craigh Emigh and Christian Dement. Tesla stated they “absconded with select proprietary Tesla documents useful to their new employer,” and the group’s theft was “blatant and intentional.”

Scott Turner who was a former manager at a Tesla distribution center sent documents that contained internal procedures, and internal schematics of Tesla warehouses to a personal email account that included the words, “you sly dog you...”  In another incident involving Turner, he also gave Zoox personal information on certain Tesla employees and their salary structures.

After Craig Emigh had joined Zoox, he apparently sent an email to Sydney Cooper’s old Tesla email address, with a adapted version of one of Tesla’s documents but on a Zoox letterhead. Tesla said it was clearly obvious they were using the information they had stolen.

While the case against against the Zoox group was eventually settled in April 2019, the lawsuit with Alex Khatilov is just getting started.