• United States



Christopher Burgess
Contributing Writer

Greed drives malevolent insider to steal former employer’s IP

News Analysis
Aug 15, 20174 mins
Data and Information SecurityDLP SoftwareIdentity Management Solutions

An insider leaves to set up his own competitive company, and he accesses his former employer's systems to steal intellectual property and marketing plans — for two years.

Credit: Thinkstock

We’ve written about the insider who wreaked havoc on a company after he resigned. We’ve also written about the executive who is recruited away by a competitor and is alleged to have taken his employers intellectual property (IP) with him on the way out the door. 

But we haven’t discussed the former employee who resigns to create a company that  competes against you and uses continued access to remain competitive — until now. 

Jason Needham used to work at Allen & Hoshall, a design and engineering company located in Memphis, Tennessee. Needham resigned and co-founded a competing company, HNA-Engineering, but he didn’t leave Allen & Hoshall’s presence. No, he helped himself to the labors of his former employer, and he did it from afar.

According to the Department of Justice:

Needham admitted to repeatedly accessing, over a nearly two-year period, Allen & Hoshall’s servers to download digitally rendered engineering schematics and more than 100 PDF documents containing project proposals and budgetary documents. 

Needham also admitted to accessing, on hundreds of occasions, the email account of a former colleague at Allen & Hoshall, which provided Needham access to the firm’s marketing plans, project proposals, company fee structures and the rotating account credentials for the company’s internal document-sharing system. 

Needham used his unauthorized access to view, download and copy proprietary business information worth over $500,000.  

That’s a mouthful. According to court documents, Needham left Allen & Hoshall in 2013 and co-founded HNA Engineering (HNA) in Arlington, Tennessee. The GovTribe listing for HNA identifies Needham as the point of contact for “government business.”  It’s important to note from the outset, that Needham’s business partner at HNA warned Needham against taking these actions.

Needham had normal, authorized access to Allen & Hoshall’s FTP servers during his period of employment. When he left Allen & Hoshall, his access credentials were revoked and terminated (2013). It is not explained in the court documents how, with his access credentials revoked, Needham managed to continually access the FTP servers from 2014 to 2016. According to Allen & Hoshall, those who had access were limited to people within Allen & Hoshall who had a need to know and the client. What is known is Needham downloaded a boatload of data (as detailed above).

Needham also accessed the email of a former Allen & Hoshall colleague. Again, the court documents do not reveal how Needham came to have the log-in credentials for the employee’s email. What is known is that via this individual’s email account, Needham had access to the business side of Allen & Hoshall (as detailed above).

Strong off-boarding process needed

What could Allen & Hoshall have done better during the off-boarding of Needham to obviate the risk of his access? The court documents show us that Allen & Hoshall changed their FTP password credentials and that the defendant circumvented the change. One may speculate this access was made possible through his having compromised the email of his former colleague.

We don’t know if Allen & Hoshall had data loss protection technologies in place that would have highlighted Needham’s IP address as both unexpected and unauthorized. We do know that when the IP logs were inspected, Needham’s IP address was noted as having accessed the email of his former colleague, thus there were logs present.

If the FTP servers and email access required multifactor authentication, would Needham been thwarted? And though malevolent in intent, would he have been denied access from the outset?  

The bottom line: Your trusted insider is trustworthy — until they aren’t. When an employee leaves, make sure the off-boarding process is comprehensive. And let colleagues and customers know the employee has departed and that access control lists are being adjusted and credentials reissued. Greed is a primary motivator for individuals to bend the rules and purloin the IP of others for their own benefit

And yes, Needham was sentenced to 18 months in prison, with two years of supervised release, and ordered to repay Allen & Hoshall $173,393.71. 

Christopher Burgess
Contributing Writer

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

More from this author