search menu icon-carat-right cmu-wordmark

An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases

February 2011 Technical Note
Michael Hanley, Tyler Dean, Will Schroeder, Matt Houy, Randall F. Trzeciak, Joji Montelibano

In this report, the authors provide an overview of techniques used by malicious insiders to steal intellectual property.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


Since 2001, the Insider Threat team at the Software Engineering Institute's CERT program has built an extensive library and comprehensive database containing more than 550 cases of insider crimes. More than 80 of those crimes involved theft of an organization's intellectual property by a malicious insider. These crimes can be particularly damaging to an organization because it is often difficult or impossible to recover from a loss of confidentiality. This report provides an overview of techniques employed by malicious insiders to steal intellectual property, including the types of assets targeted and the methods used to remove the information from a victim organization's control. The report closes with a brief discussion of mitigating factors and strategic items that an organization should consider when defending against insider attacks on intellectual property.