March 1, 2011 21:29
Profit isn’t always the motive underlying trade secret theft. Sometimes people simply want revenge or to wreak havoc.
Last month, a group of hackers self-denominated as “Anonymous” set out to do just that against federal contractor HBGary. Until recently, Anonymous was best known for launching attacks on Visa and MasterCard in retaliation for the companies’ perceived hostility towards WikiLeaks. In those attacks, Anonymous used a method known as DDos to direct its ire at Visa.com and MasterCard.com, knocking the sites offline with seemingly little effort. Illustrating the power of social media, the group rallied its members to the cause via Twitter.
In February, however, Anonymous turned its attention to HBGary, a computer security firm enlisted by the FBI to help investigate the cyber attacks. Departing from its previous mode of DDos attacks, Anonymous hacked into HBGary’s computer systems and publicized its success on HBGary’s own website. Seizing the website, Anonymous explained that it had hacked into HBGary's computers systems and reviewed thousands of emails. HBGary had boasted that it had discovered the identities of Anonymous' leaders. Anonymous taunted HBGary in response: "Your recent claims of 'infiltrating' Anonymous amuse us.... You think you've gathered the full names and home addresses of the 'higher-ups' of Anonymous? You haven't.... We've seen your internal documents, all of them, and do you know what we did? We laughed." That's not all Anonymous did. It also posted over 60,000 HBGary emails on the web for anyone to read.
Among the many lessons for companies is that threats to your trade secrets do not always emanate from within. You need to think about more than the risk that your employees may resign to join a competitor. If you want to claim you have a trade secret, you need to take steps that are reasonable under the circumstances to protect your secrets. This means doing more than simply requiring your employees to sign confidentiality agreements. It means taking steps to secure your company's computer system and network. If you fail to do so, you just may log on to your website and see a message similar to the following message left by Anonymous:
Michael R. Greco is a partner in the Employee Defection & Trade Secrets Practice Group at Fisher & Phillips LLP. To receive notice of future blog posts either follow Michael R. Greco on Twitter or on LinkedIn or subscribe to this blog's RSS feed.