Last Christmas Eve, a man broke into Adara Networks’ San Jose headquarters, using copies of both physical and electronic keys. He seemed to know exactly what he was looking for. The thief left rows of desks untouched as he cruised toward the lab holding the source code for Adara’s proprietary data-center networking software. Fortunately for Adara, he triggered an alarm on the lab door and fled.
“Snatch and grab” crimes, in which crooks enter an office and carts off a few loose laptops, happen occasionally in Silicon Valley. Chief Executive Officer Eric Johnson sensed that his case was more serious, though. Adara’s next-generation networking technology could be attractive to nations hoping to capture more of the global telecommunications market. So Johnson brought in contractors to sweep the offices for bugs, in case a foreign government was listening. Adara executives sent an e-mail to staff that detailed the break-in and urged vigilance: Everyone at the company was ordered to be on lockdown, say several current and former employees who wouldn’t speak on the record for fear of upsetting the CEO. Through intermediaries, Johnson declined to comment.
Silicon Valley has a long history of thievery and espionage. A year before the Adara break-in, a burglar cracked open the door at networking-software company Nicira, an Adara rival, in a matter of seconds. That thief went straight to a top engineer’s desk and stole a computer carrying the source code for some of the most promising software in Silicon Valley. (Nicira was later acquired by software maker VMware (VMW) for $1.2 billion.) Given the target company and the skill of the crime, federal investigators suspected that Russia or China was behind the attack.
In decades past, KGB spies lurked at bars such as Walker’s Wagon Wheel in Mountain View, Calif., where semiconductor engineers hung out and talked shop. From 1994 to 1998, the FBI maintained a team codenamed Valley Bear, whose mission was to protect computing innovations deemed critical to America’s future, according to Terry Turchie, a former FBI counterintelligence agent. During that time, he says, Russia, China, India, Israel, and others had spies working in the Valley. The 12 counterintelligence specialists who now staff the FBI’s Palo Alto office mostly focus on China, says a person familiar with its operations who wasn’t authorized to discuss them.
The other big change since the days of Valley Bear, says FBI Supervisory Special Agent Kevin Phelan, who heads the Palo Alto unit, is that foreign spies are focusing as much on small startups as on established computing companies. They’ve even set up venture capital firms to scout prospects. Once they identify intellectual property worth stealing, the actual operation is often easy, given that the typical startup faces budget limitations and prioritizes Nerf guns, food deliveries, and all-hours access to the office over robust security.
To make it harder for the thieves, some companies are paying for “penetration testing,” hiring security consultants to probe their defenses. Tests include walking through company premises without a visitor’s badge, leaving malware-laden USB sticks in the parking lot for unsuspecting employees to pop into their computers, even delivering a giant fake FedEx box that contains a person equipped with breathing apparatus and a periscope. (That last one is risky; in one case, the box got locked up in the target’s overheated mailroom.) “We’ve had 12-person companies, right on up to the largest out there, ask for this type of work,” says Steve Stasiukonis, an executive at Secure Network Technologies, a consultancy. “It’s usually the companies with the really good intellectual property that care the most.”
After the Adara break-in, the building’s cleaning crew was fired and replaced, while the security detail was doubled and asked to carry guns, say the Adara staffers. CEO Johnson hired private investigators to pore over video surveillance footage and talk to neighbors. At a loading dock across the street, workers had told the driver of a suspicious car to move along that night, after taking a photo of its license plate, says Lieutenant Michael Sterner of the Rapid Enforcement Allied Computer Team, a state task force that investigates tech-related crimes. Sterner says the license plate helped tie his suspect to the crime.
Police have charged Andrew Madrid, Silicon Valley’s version of a cat burglar, in connection with the Adara break-in. Madrid, a former IT consultant, served two years in prison starting in 2009 for a string of high-tech burglaries in which he hacked corporate computers and stole personal data such as credit card numbers. He proved adept at defeating the security of the Valley’s small corporate office complexes, says Sterner. From August 2012 to April 2013, Madrid broke into more than three dozen businesses throughout the Valley, including Adara, state prosecutors allege. “Everyone needs a hobby. He’s found one he enjoys,” says Tom Flattery, deputy district attorney for the County of Santa Clara.
Madrid has been charged with 45 new felony counts, including 31 for commercial burglaries. Like China’s spies, Madrid focused on small proprietors who hadn’t invested much in protecting their stuff, says Sterner. Police estimate he stole $400,000 worth of goods and spent thousands more using stolen credit cards during his last spree. Madrid is being held on $1 million bail while awaiting a pretrial hearing later this month; his lawyer declined to comment. It’s not espionage, but he faces more than 29 years in prison. The FBI’s Phelan continues to warn startups that security should be their first priority.