In a prime example of insider threat, becomes insider theft, we saw the FBI arrest and the Department of Justice file a criminal complaint against Ralph Mandil, an employee of an unidentified distributor of “As Seen on TV” products (we believe to be Corvex Cookware). Mandil faces two federal charges: Theft of Trade Secrets and Wire Fraud.

A Ralph Mandil’s, LinkedIn Profile identifies him as the President of Corvex Cookware since May 2011.  Corvex’s “As Seen on TV” cookware fits the description found in the criminal complaint.

The crime

Mandil contacted an individual in early August 2016(soon after to become the confidential source (CS) of the FBI) and offered to sell the confidential trade secrets of his employer.  At the direction (and under the supervision) of law enforcement, the CS corresponded with Mandil. Mandil offered to the CS the log-in credentials of his employer’s DropBox account in which the CS would find the confidential market information on future products. This materials included:  sales sheets, product sheets, videos, inventory lists, account lists, etc. Mandil requested that in exchange for providing the CS with covert access to the employer’s DropBox  account he wished to be paid $197,500.

For complete details on how CS introduced Mandil to the FBI undercover special agent and the mechanics of the exchange of money and stolen information, please refer to the criminal complaint, which can be downloaded below).

NOTE: The criminal complaint explains that Mandil’s employer’s Dropbox account was accessible by a limited number of employees, who use userid and password authentication to access the DropBox account. It is unclear if the employer enabled two-factor authentication which is offered by DropBox, though it is possible that such was the case, and Mandril was prepared to offer the CS ten offline backup codes which he had purloined and preserved.

According to Mandil’s employer, the proprietary information Mandil was offering to sell to CS had a value of between $30-125 million in revenue to the employer and his competitors (the market opportunity)

Insider Threat

Insider threat programs are a necessary evil for every company. The large the entity, the more robust the need. At a minimum, we recommend all companies take a moment and ensure that they know the state of their data. What’s that?  If you can’t answer yes to all of the following questions, you don’t know the state of your data, and should put it on your to-do list. You will be in a far better position to address unauthorized access and you will also be able to explain, with precision to your customers how their data is protected within your infrastructure.

1. Can you trace the flow of your data from its arrival to storage?
2. Do you know when your data is encrypted and when it is not?
3. If your data is encrypted, how is the key protected?
4. Do you know, precisely, who has access to your data?
5. Are you logging each access to your data, with IP addresses, device, OS, etc.
6. What are the various means to access your data?
7. What credentials are required to access your data?  Are the credentials shared?
8. When employees depart, can you confirm their access to your data has been curtailed?
9. Do you have a process to train your employees on protecting trade secrets and intellectual property?

Additional Reading

Department of Justice’s Press Release: New Jersey Man Charged With Stealing Employer’s ‘As Seen On TV’ Trade Secrets And Attempting To Sell Them To Competition | USAO-NJ | Department of Justice

Department of Justice’s Criminal Complaint  US v. Ralph Mandil (October 12, 2016)

NOTE:  This post updates on 19 October to include information identifying Ralph Mandil, his LinkedIn profile, photo and employer.