A Chinese engineer in US was arrested a day before he departure to China, where he applied for a job with an autonomous car company. He was charged with stealing secrets from the Apple self-driving vehicle project
Similarly in July 2018, an ex-Apple engineer was charged with stealing secrets days before he quit to join another chinese startup.
Insider threats are nothing new, even big corporations who has the budget for Data Leak Protection, streamline processes in place to prevent theft, it still can happen.
These projects will likely create new patent technology and trade secrets of their product, and is clearly a “valuable assets” class, which some may consider worth the risk stealing.
“Job posting” sites offering good salary remuneration with just a few hours of work requirement a week is starting to show up on the dark web. These job offers a secondary income for people working in “high value” industry like financial institution. They either help to copy data, or install malicious programs allowing external connectivity to the Command Center, where further infiltration into the network is executed. This type of insider attacks can easily avoid detection by security devices.
Owners of any IT infrastructure should re-look into the process and procedures. Always start with a zero-trust mentality when dealing with people responsible for critical infrastructure or data.