Data Theft still alive and well in F1

[PlatinumZealot]

To be honest - I'm not convinced that Mercedes AMG HPP has shown due diligence in protecting its data. As a minimum, access rights for material of such confidentiality (compressor performance, race data, dencryption codes etc.) should be on a user ID/ 'need to know' basis, controlled by the information owner/ program engineering manager/ line manager etc.

They have changed this guy's email, wiped out his laptop and moved his workstream to DTM, but he still has access rights to F1 program data?! C'mmon, in this day and age of internet security, surveillance and hacking - that's laughable.

It depends on Hoyle's authority level. As the engine performance engineer he would have had unfettered access to the engine logs.

I can tell you that most engineers who leave a company carry some information away on their USB keys. Sometimes some of the information is work that is original to you, but because of your contract all of your work belongs to the company. So Whatever you want to carry with you, make sure you remember it well! lol

[mrluke]

Assuming the man is guilty, what would his punishment be in England? A month in prison?

This is a civil lawsuit not a criminal lawsuit. So the punishment will be some sorts of compensation to Mercedes HPP. However, in these cases, Claimant must produce evidence beyond the balance of probabilities.

That line has been very much blurred with recent criminal convictions for IP "crimes"

[Jersey Tom]

I'd be pretty certain Ferrari didn't ask / tell him to do it. It's actually quite possible someone at Ferrari tipped them off about this.

If someone comes to your team saying "Hey! Look at all this data I nabbed!" then what they've basically told you is, "If / when we eventually part ways I'll be walking out the door with your IP too."

The irony of it is - it's dumb any way you slice it. "Data" in racing is obsolete so fast. If that's what you're trying to bring to the table your value plummets in probably a week after the novelty wears off or any nuggets of information have been gleaned.

Knowledge of process is far more valuable IMO, and something that you can't unlearn - you take it wherever you go. Or if you're the author or creator of some process or source code or whatever - if you've done it once at the old place, why bring that crap along with you when you can probably do much better starting afresh at the new place?

[giantfan10]

even if Ferrari has the data their easy defense is we didnt know he stole it and have no idea how he aquired it

No one would believe something like that.

thats not my point...
knowing the truth and proving the truth in court are 2 entirely different things.... i was reffering to the latter

[giantfan10]

update on that:
https://twitter.com/PatrickGower/status ... 8840289281

EDIT: oh, just realized that GoranF1 already gave us the update

"Mr. Hoyle and potentially Ferrari have gained an unlawful advantage."
well the chance mercedes had to involve ferrari just got a bit smaller......he never signed a contract for future employment and all they did was talk to him.... hmmmmm
so did he steal the data to pad his resume in hopes of being employed in the near future?
unless Mercedes can prove Ferrari has any of said data this is much ado about nothing

[SoCalWJS]

Well, at least we know why Ferrari closed the gap midseason.

[giantfan10]

Well, at least we know why Ferrari closed the gap midseason.

SMH

[SiLo]

Well, at least we know why Ferrari closed the gap midseason.

SMH

I'm surprised the media hasn't jumped to such conclusions.

[R_GoWin]

To be honest - I'm not convinced that Mercedes AMG HPP has shown due diligence in protecting its data. As a minimum, access rights for material of such confidentiality (compressor performance, race data, dencryption codes etc.) should be on a user ID/ 'need to know' basis, controlled by the information owner/ program engineering manager/ line manager etc.

They have changed this guy's email, wiped out his laptop and moved his workstream to DTM, but he still has access rights to F1 program data?! C'mmon, in this day and age of internet security, surveillance and hacking - that's laughable.

How do we know that it wasn't a hack?

If he still had access with username etc, it would not require forensic computer specialists to ascertain the data had been been taken.

A bog standard server log would show the date, time, and files accessed as well as the type of media used to save the information, be that phone, laptop, pendrive or smart phone.
And that's just a small business with no real data protection issues running a 3rd party server.

You need forensics to follow the data trail and determine where the data has ended up upon leaving the perimeter of the office IT systems. You also need forensics to establish the devices, determine the method used to cover your actions - as it adds weight to your legal case and determine the motive of the crime and the instrument used to search and prosecute. If this does come to litigation, all Mercedes is asking for - among other things - is return of data, for which they should ascertain what copies have been made. Again you need forensics for that.

If this was a hack - its a potential criminal conviction and not just 'blocking of employemnt by a rival for 12 month period' offence, as Mercedes is pressing for.

Server logs are at best only a passive monitoring system and cannot prevent the crime from taking palce.

We do not know it was a hack and I was almost going to type it when I wrote the comment. Except that, chances of an insider threat is far more than that of someone breaking through the cyber security system.

Did you miss the part where they gave him new hardware, a new email address, and a new login?

You did not get the point I was making. I have acknowledged taht he was given new IDs and hardware and whatever. Everything about this guy must have rung the alarm bells - engineer with acceess to sensitive data, serving his notice period, due to join a rival. It is the very definition of a potential breach/ at risk employee of being an inside threat. So how is it that he has had access to F1 data despite his workstream being DTM?

I can tell you that most engineers who leave a company carry some information away on their USB keys. Sometimes some of the information is work that is original to you, but because of your contract all of your work belongs to the company. So Whatever you want to carry with you, make sure you remember it well! lol

I totally agree with this. Which is I say he shouldn't have had the unfettered access to F1 network drives.

[Phil]

Assuming the guy was smart enough not to upload it to a Ferrari owned website, would it be hard to find out who accessed the site he did upload it to ?

No one with any form of brain would do that. Lets assume it was uploaded to some file hoster or webserver. What happens is that if they figure that out due to logs, they might be able to get a warrant to the companies servers to view the access files as to who (= which IP addresses) downloaded the file. You then follow that trail.

Easy when the trail leads you into countries that are cooperative. Pretty impossible if the trail leads you through countries that are not. At the very least, this process can take weeks/months/forever depending on the level of cooperation you get. At the very latest, you might fail in pinpointing who is behind a IP address, either by the provider protecting the user of that IPs identity (due to privacy laws) or it leads to some anonymous cafe that does not keep track which computer was accessed by which individual (some countries actually require some form of ID if you use their device to access the web).

I guess the big question is how paranoid and how knowledgeable is said user. I suspect the data that was stolen is huge, so perhaps sending that data on a USB or harddrive via post or direct exchange might be the easiest and safest. Uploading takes time and without knowing if we are talking MB, GB or TBs of data...

You did not get the point I was making. I have acknowledged taht he was given new IDs and hardware and whatever. Everything about this guy must have rung the alarm bells - engineer with acceess to sensitive data, serving his notice period, due to join a rival. It is the very definition of a potential breach/ at risk employee of being an inside threat. So how is it that he has had access to F1 data despite his workstream being DTM?

I assume for the simple reason that most employees of most companies, irregardless if we are talking about simple employee or higher up in the chain of command, are quite ignorant to what the IT division sees or doesn't see. Especially also because most companies focus on protecting data towards the outside, but having an adequate system towards the inside is always tricky, especially when you are dealing with employees that are working on exactly that area. I.e. An IT administrator who has built the security system will probably always have access to most data, even unencrypted stuff. If he ever leaves, how can you be sure he doesn't take any data with him? On some level, you are always vulnerable toward insiders, especially those within the "inner circle". How this applies to this situation is anyone's guess.

[SoCalWJS]

Well, at least we know why Ferrari closed the gap midseason.

SMH

Note the big smiley thing? I was making a joke. Ah well, I tried to at any rate. Somebody is bound to bring it up at some point. This is F1, right? There have been scandals before where things like this were alleged to have happened or did in fact occur.
Still learning my way around this forum. I enjoy learning from people who have far more knowledge and insight in F1 than I do, but I am still feeling my way around as to what it is OK to joke around about. Sorry if I ruffled any feathers.

[turbof1]

Well, at least we know why Ferrari closed the gap midseason.

SMH

Note the big smiley thing? I was making a joke. Ah well, I tried to at any rate. Somebody is bound to bring it up at some point. This is F1, right? There have been scandals before where things like this were alleged to have happened or did in fact occur.
Still learning my way around this forum. I enjoy learning from people who have far more knowledge and insight in F1 than I do, but I am still feeling my way around as to what it is OK to joke around about. Sorry if I ruffled any feathers.

Be careful with things like sarcasm on the internet. More often then not, the context is not clear and people will misunderstand it.

Anyway, no issues from me. A bit of joking around creates good grounds for discussion.

[turbof1]

Great article by the ever awesome Adam Cooper, a must to read:
http://www.motorsport.com/f1/news/analy ... ygate/?s=1

It explains in detail the timelines and the policies.

Also, he very last paragraph might be the most interesting bit:

The concern for Mercedes is that the matter only came to light by chance – when someone happened to see what was on his colleague's laptop screen.

So it was not the IT depertment that detected this. It was actually dumb luck he got caught. The IT department and external forensic companies afterwards discovered how deep it went.

It raises some questions though:
-He was supposed to be cut off from any new information/data at April 16th, yet was able to look at a detailed Hungarian report, with the race taking place on July 26. How was he able not only to gain access to this, but also do this undetected?
-How was he actually able to save the data on the external devices other then the assigned HPP usb stick, without the IT department not noticing?
-How stupid can one be to look at a race report he was forbidden to look, during work hours at the office, where everybody can see what you are looking at?

Obviously, Hoyle was in the wrong on this. It's a clear breach of contract. However, one cannot go around the fact that the safety measures at HPP failed. If he was not caught that day watching the report, nobody would have ever noticed.

Further, it might be worth investigating if he did not got help from somebody who still was at the F1 department. His swipe card and login denied access to physical and virtual data concerning F1, yet was able to take both physical as virtual documents afterwards.

[PlatinumZealot]

I'd be pretty certain Ferrari didn't ask / tell him to do it. It's actually quite possible someone at Ferrari tipped them off about this.

If someone comes to your team saying "Hey! Look at all this data I nabbed!" then what they've basically told you is, "If / when we eventually part ways I'll be walking out the door with your IP too."

The irony of it is - it's dumb any way you slice it. "Data" in racing is obsolete so fast. If that's what you're trying to bring to the table your value plummets in probably a week after the novelty wears off or any nuggets of information have been gleaned.

Knowledge of process is far more valuable IMO, and something that you can't unlearn - you take it wherever you go. Or if you're the author or creator of some process or source code or whatever - if you've done it once at the old place, why bring that crap along with you when you can probably do much better starting afresh at the new place?

I am split on your opinion because some data is the knowledge. For example... in the industry I work in.. I have some heat transfer data on different formulations.. This is good data If I go and try to build a heat exchanger for someone else. That particular data you can only know by experimentation and even if you are a expert heat exchanger designer you won't know what to design around. In other cases with the data you also have design targets too and many other more uses. So I would say data in combination with the know-how is better than know-how and no data.

[SectorOne]

So it was not the IT depertment that detected this. It was actually dumb luck he got caught. The IT department and external forensic companies afterwards discovered how deep it went.

It raises some questions though:
-He was supposed to be cut off from any new information/data at April 16th, yet was able to look at a detailed Hungarian report, with the race taking place on July 26. How was he able not only to gain access to this, but also do this undetected?
-How was he actually able to save the data on the external devices other then the assigned HPP usb stick, without the IT department not noticing?
-How stupid can one be to look at a race report he was forbidden to look, during work hours at the office, where everybody can see what you are looking at?

Obviously, Hoyle was in the wrong on this. It's a clear breach of contract. However, one cannot go around the fact that the safety measures at HPP failed. If he was not caught that day watching the report, nobody would have ever noticed.

Further, it might be worth investigating if he did not got help from somebody who still was at the F1 department. His swipe card and login denied access to physical and virtual data concerning F1, yet was able to take both physical as virtual documents afterwards.

Sounds like they should be looking for suspect number 2.