alt.hn

2/20/2026 at 10:50:58 AM

Silicon Valley engineers were indicted for allegedly sending secrets to Iran

 https://www.cnbc.com/2026/02/20/three-engineers-charged-stealing-google-trade-secrets-data-iran-soc-snapdragon.html

by giuliomagnifico

2/20/2026 at 2:19:26 PM

> The couple also allegedly photographed hundreds of computer screens containing confidential information from Google and Company 2, in what appeared to be an attempt at circumventing digital monitoring tools.

I guess all the MDM and document restrictions in the world can't help you against photos of screens. Is it even possible to protect against this, short of only allowing access to confidential files in secure no-cell-phone zones?

by parliament32

2/20/2026 at 2:53:52 PM

There's not much you can do about it, as sibling comment mentions it's a known gap. There is some work [0] in this space on the investigative side to trace the leak's source, but again the only way it would work is if you can obtain a leaked copy post hoc (leaked to press, discovered through some other means, etc.).

0: https://www.echomark.com/post/goodbye-to-analog-how-to-use-a...

by jihadjihad

2/20/2026 at 3:08:27 PM

> There's not much you can do about it, as sibling comment mentions it's a known gap. There is some work [0] in this space on the investigative side to trace the leak's source, but again the only way it would work is if you can obtain a leaked copy post hoc (leaked to press, discovered through some other means, etc.).

Those kinds of watermarks seem like they'd fail to a sophisticated actor. For instance, if that echomark-type of watermark becomes widespread. I supposed groups like the New York Times would update their procedures to not publish leaked documents verbatim or develop technology to scramble the watermark (e.g. reposition things subtly (again) and fix kerning issues).

With generative AI, the value of a photograph or document as proof is probably going to go down, so it probably won't be that big of an issue.

by palmotea

2/20/2026 at 9:43:30 PM

> I supposed groups like the New York Times would update their procedures to not publish leaked documents verbatim or develop technology to scramble the watermark

Like knuckleheads, The Intercept provided the Pentagon a copy of a scanned document they received from a whistleblower, which directly led to Reality Winner's identity being discovered.

by overfeed

2/20/2026 at 3:12:19 PM

You could do really sneaky things like alter the space between words or other formatting tricks.

by gosub100

2/20/2026 at 3:28:07 PM

Print it out, scan it back in, and OCR that.

Then have an AI or intern paraphrase it.

by ceejayoz

2/20/2026 at 4:25:48 PM

I think that's exactly what will happen.

When a competent journalist gets a leaked document, they'll learn to only summarize it, but won't quote it verbatim or duplicate it. That'll circumvent and kind of passive leak-detection system that could reveal their source.

Then the only thing that would reveal the source is if the authority starts telling suspected leakers entirely different things, to see what gets out.

by palmotea

2/20/2026 at 4:42:55 PM

> Then the only thing that would reveal the source is if the authority starts telling suspected leakers entirely different things, to see what gets out.

This is called a canary trap [0], a well-trodden technique in the real world and fiction alike.

0: https://en.wikipedia.org/wiki/Canary_trap

by jihadjihad

2/20/2026 at 4:40:14 PM

Then you fix that loophole by subtlety altering the phrasing or formatting that you send everyone

by kube-system

2/20/2026 at 4:54:27 PM

That's why I said you paraphrase, rather than using the exact phrasing and formatting of the original doc.

by ceejayoz

2/20/2026 at 4:59:39 PM

Include slightly different details in each version. Then if the paraphrase mentions one of them, you've identified the source.

by SoftTalker

2/20/2026 at 5:46:29 PM

Yes, I'm aware of that approach.

It's likely tougher than it seems; the big important bits that the news will care about have to match up when checked, and anyone with high-level access to this stuff likely has a significantly sized staff who also has access to it. Paraphrasing reduces the chance of some minute detail tweak being included in the reporting at all.

You also have to actively expect and plan to do it in advance, which takes a lot of labor, time, and chances of people comparing notes and saying "what the fuck, we're being tested". You can't canary trap after the leak.

by ceejayoz

2/20/2026 at 3:49:46 PM

Keep in mind that many secure no-cell-phone zones, even those that host classified data are still relatively physically open. The personnel allowed inside them are strictly vetted and trained to be self-policing, but it's only the threat of discovery and harsh punishment stopping someone with the right badge/code from physically bringing in a phone. There generally aren't TSA-style checkpoints or patdowns. Happens accidentally all the time, especially in the winter with jackets.

by scottLobster

2/20/2026 at 4:23:13 PM

This is misunderstanding the purpose of the restriction.

The main reason not to bring a phone into the room is that the phone could be compromised. If the person is compromised then a device isn't your problem, because they could view the documents and copy them on paper or just remember the contents to write down later.

by AnthonyMouse

2/20/2026 at 4:52:43 PM

In a corporate environment no-camera/no-phone policies are sometimes also used for DLP reasons, out of expediency. Oftentimes it is more profitable to hire less trustworthy people (read: cheap labor) and simply make it inconvenient to steal data. This usually works good enough when you're trying to protect widget designs and not human lives.

by kube-system

2/20/2026 at 4:17:54 PM

Can't you have one or more x-ray tunnels or other scanners? They don't even need to be actively monitored, just treated like CCTV.

by pphysch

2/20/2026 at 7:15:40 PM

Receving a full body x-ray every day just for a week would exceed the yearly federal occupational dose for radiation workers. You would add an additional 26% lifetime chance of getting cancer doing this for a year.

The yearly limit for rad workers is 5000 mrem with most receiving none. Receiving any dose is usually a cause for concern at most facilities that handle radioactive materials. A full body x-ray would dose you with about 1000 mrem. For about every 10000 mrem you receive, you gain an additional 1% chance of lifetime cancer risk. There's a reason why you wear a lead apron when getting X-rays at the doctor's office and why the technician leaves the room.

Metal detectors would be a much more reasonable method. People that work at airports, courts, jails, some schools, and even some manufacturing facilities walk through metal detectors daily.

by wildzzz

2/20/2026 at 9:43:08 PM

Great points. Do metal detectors provide imaging capabilities? Would want to confidently move beyond belt buckle false positives...

by pphysch

2/20/2026 at 2:33:31 PM

No you can’t. It’s formally called “the analog hole” when security folks yap about it. Usually it’s used to end DLP discussions after too many what-ifs

by matthewaveryusa

2/20/2026 at 2:50:04 PM

Unless your employer is Google and all those photos are uploaded to its servers

by breppp

2/20/2026 at 5:21:31 PM

Does Google force all their employees to use and Android phone provided by them?

You could use an Apple or an alternative to Android like Fairphone or even load GrapheneOS on that Google Pixel phone. Even better would be a Linux phone that uses an Android VM so it looks like a bare metal installation.

Could go old school and just get a digital only camera that is not even part of a smartphone. An hidden camera in a pen or shirt button would work too.

Has anyone hacked the Meta glasses so they don't communicate with Meta and allow for communication to your own designated servers?

by yndoendo

2/20/2026 at 4:30:27 PM

What if you use a film camera?

by 1024core

2/20/2026 at 2:52:56 PM

Especially when you consider that a phone can record hd video, so you can make a player that scrolls through pages and pages of pdfs very fast for example, you record the screen in hd video on a phone and then write a decoder that takes video back to a pdf of the images. Literally the only thing you lose is the ability to cut and paste the text of the pdf and you can even get that back if you trouble yourself to put the images through ocr.

Similarly you could hypothetically exfil binary data by visually encoding it (think like a qr code) and video recording it in the same way.

by seanhunter

2/20/2026 at 2:50:55 PM

Just remember that it's significantly more time consuming to photograph a screen than steal large group of files. Thus, even though it's not preventable, it adds enough friction to be effective.

by gwbas1c

2/20/2026 at 2:57:50 PM

As sibling comment mentions, with OCR and video tooling these days I'd imagine you could whip up something pretty easily that can comb through several minutes of video footage and convert it to text/PDF/etc.

A leaker with a smartphone on a tripod capturing video while they scroll through files etc. could probably deal significant damage without much effort.

by jihadjihad

2/20/2026 at 4:47:45 PM

Yeah, this is why any high security information facility has physical security controls. Give someone infinite time and physical access and they could copy it off with clay tablets and chisels.

by kube-system

2/20/2026 at 3:58:55 PM

> Is it even possible to protect against this, short of only allowing access to confidential files in secure no-cell-phone zones?

Isn't that how congressmen and senators view them in the US? At least, that's how I've understood it to be. If so, what's good for the goose...

by stronglikedan

2/20/2026 at 4:06:51 PM

"Google said it had detected the alleged theft through routine security monitoring", so it seems it is possible.

by BurningFrog

2/20/2026 at 4:12:05 PM

Note the "also" in the first sentence. I'm understanding the timeline as them trying normal exfiltration, getting caught by DLP, then moving on to the cell phone method. But the first catch was enough to trigger an investigation.

by parliament32

2/20/2026 at 3:08:38 PM

[flagged]

by PKop

2/20/2026 at 3:13:53 PM

So, non-immigrants can't take pics of screens? I think you answered the wrong question (on purpose).

by Ylpertnodi

2/20/2026 at 3:24:25 PM

[flagged]

by PKop

2/20/2026 at 4:17:14 PM

> the loyalty an American will have for this or that foreign adversary will trend to 0

Yeah. National loyalty is not the only motivating force why someone would leak something. The common reasons why someone becomes an insider treat is MICE: Money, Ideology, Compromise, and Ego. It is not specific to immigrants.

by krisoft

2/20/2026 at 3:34:49 PM

It doesn't have to be loyalty even, it could just be authoritarian leverage.

by franktankbank

2/20/2026 at 3:48:06 PM

I would argue the word loyalty can encompass external pressures like that or internal affinity, ethnic tribalism and everything in between but yes, agreed.

by PKop

2/20/2026 at 1:30:43 PM

“Company 2” has to be Qualcomm. Or am I misreading this? The only reason I think I’m misreading is because it’s so obviously Qualcomm that it seems silly for the article to call it “company 2”.

by onionisafruit

2/20/2026 at 1:47:46 PM

> Company 2, which develops system-on-chip (SoC) platforms such as the Snapdragon series

Only a lawyer could write this with a straight face

by mherkender

2/20/2026 at 1:53:11 PM

> On the night before the pair traveled to Iran in December 2023, Samaneh allegedly took about 24 photos of Khosravi’s work computer screen containing Company 2′s trade secrets, including *its* Snapdragon SoCs.

Keep reading.

by akazantsev

2/20/2026 at 2:09:03 PM

That’s the point where I realized how thin the curtain is. Earlier the article talked about “Qualcomm’s Snapdragon” as an example of an SoC, but that could have been just to give the reader an idea of what an SoC is. But this line made it clear it wasn’t just an example.

by onionisafruit

2/20/2026 at 1:55:36 PM

Yup. It’s like saying Company X which develops the iPhone smartphone.

It’s either extreme incompetence or cheeky disclosure while also technically not naming the company.

by rdtsc

2/20/2026 at 5:46:00 PM

Good morning, class. A certain… agitator—for privacy's sake, let's call her Lisa S. No, that's too obvious. Uh, let's say L. Simpson—has raised questions about certain school policies…

by tomjakubowski

2/20/2026 at 4:33:59 PM

> so obviously Qualcomm that it seems silly for the article to call it “company 2”

Redactions / aliases are sometimes quite transparent. When policy dictates that it must happen they do it even when it is not hard to puzzle out who the redaction / alias hides.

There is the famous interview where the NTSB was interviewing an expert in relation to the Oceangate tragedy. The expert's name was redacted, but he was described as "Co-Designer / Pilot of the Deepsea Challenger" which is already quite a specific thing. Not a lot of people can claim that. And then the interview started like this:

Q: So how did you get yourself started into submersible operations? <redacted>: Well, I'm sure you are familiar with my film Titanic.

I'm leaving the solution as an exercise for the reader. But it is a real world "Lisa S. No, that's too obvious. Uh, let's say L. Simpson." situation.

by krisoft

2/20/2026 at 4:55:59 PM

"Soroor was in the U.S. on a nonimmigrant student visa."

At age 32? That's a bit old for a student, though possible I guess. But also working at Google? Student visas severely restrict employment options, as far as I understand it.

by SoftTalker

2/20/2026 at 5:16:13 PM

Linkedin says she obtained a Master's between 2020 and 2022 at Santa Clara University.

by forinti

2/20/2026 at 6:39:48 PM

OK so she was a student 4 years ago? But still here on a student visa, and employed at Google? Some of that information is either wrong or Google wasn't verifying work eligibility.

by SoftTalker

2/20/2026 at 6:44:01 PM

The article describes events that were discovered in 2023.

by kps

2/20/2026 at 2:38:21 PM

> If convicted, each defendant faces up to 10 years in prison for each trade secret charge and up to 20 years for obstruction of justice, along with fines of up to $250,000 per count.

This is part of why we are where we are as a country. We have this whole web of charging instruments in our legal system that dance around the main thrust of what investigations are about. It makes people who would think of doing these things think that they could get off easy if they were caught.

They're handing over sensitive info (we have sanctions and embargoes on Iran) to an enemy power. If you're an anal-retentive lawyer, you call it "stealing trade secrets". If you're a person with any amount of common sense, you call it espionage. One is something that should be applied when a company steals info from its competitor; the other should be applied when people are handing over sensitive info to an enemy power. One would be punishable by a decade in prison, the other punishable by life in prison or worse.

by lenerdenator

2/20/2026 at 2:55:48 PM

Corporate espionage. Stealing secrets from a company and sanctions-busting are of course bad things to do, but the legal consequences are not the same as stealing confidential information from the government.

by seanhunter

2/20/2026 at 3:12:51 PM

I imagine the receiving party is an Iranian intelligence agency, due to the interest in sigint adjacent technology (Mobile cryptography).

That probably makes it espionage, not of the corporate kind

by breppp

2/20/2026 at 3:54:30 PM

> Corporate espionage. Stealing secrets from a company and sanctions-busting are of course bad things to do, but the legal consequences are not the same as stealing confidential information from the government.

Sort of.

But if the government is hosting its email with Joe, and Joe hires an intern who installs a backdoor for Russia: that would be treason.

Despite the fact that it's a quaint allegory, it's actually a closer one to the reality of the situation.

by dijit

2/20/2026 at 4:13:25 PM

Treason is very narrowly defined in the US constitution, and has not been prosecuted since WW2.

As long as the US is not at war with Russia, spying for Russia can't be treason.

> "Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort."

by BurningFrog

2/20/2026 at 4:27:35 PM

Note however that it could still be a violation of other laws.

by AnthonyMouse

2/20/2026 at 4:28:13 PM

They're reporting the statutory maxima, which have practically nothing to do with what the sentences will actually be.

by tptacek

2/20/2026 at 6:43:59 PM

I would be surprised if it was less than 10 years, revocation of naturalization and deportation after serving though.

by tracker1

2/20/2026 at 6:46:02 PM

Yeah, it's probably going to be a steep sentence! It won't have much to do with the theoretical maximum though.

by tptacek

2/20/2026 at 3:20:26 PM

Should be charged under treason with penalty of death

by bushbaba

2/20/2026 at 4:31:49 PM

How can it be treason if they’re not even US citizens?

by ginko

2/20/2026 at 4:06:54 PM

Iran is not our enemy. We are the aggressor.

by tehjoker

2/20/2026 at 7:11:21 PM

[dead]

by wetpaws

2/20/2026 at 5:14:22 PM

[dead]

by farceSpherule

2/20/2026 at 3:06:54 PM

[flagged]

by PKop

2/20/2026 at 2:25:41 PM

[flagged]

by codeddesign

2/20/2026 at 3:09:44 PM

We have cases where people grow up in the US, are natural born Americans, and they are taking paychecks to go compete against America in the Olympics. Americans are excusing this as "at least she got her bag". The effects of post-modernism, and this idea that there is no objective truth nor morality is slowly destroying society. When someone immigrates to the US it should be clear to them that their loyalty belongs to the US.

by ecshafer

2/20/2026 at 3:49:23 PM

The Olympics are games. No one is hurt by someone playing for another team. Are people disloyal to America if they vacation in a foreign country? They are siphoning American money off to a foreign country instead of patriotically traveling inside the US of A. Don’t watch the Great British Bake Off! You are giving your American attention to a foreign show over the great Home Grown American TV!

by 542354234235

2/20/2026 at 6:30:33 PM

> When someone immigrates to the US it should be clear to them that their loyalty belongs to the US.

An immigrant who hasn't at least applied for citizenship definitely doesn't owe loyalty to their country of residence.

by CodesInChaos

2/20/2026 at 3:23:10 PM

> When someone immigrates to the US it should be clear to them that their loyalty belongs to the US.

But your example cites a "natural born American", not an immigrant?

by ceejayoz

2/20/2026 at 5:16:30 PM

From your perspective I feel like you have not spoken to many immigrants. Loyalty over ones own home country because you get a paycheck through some semi-exploitative H1B scheme cannot reasonably be expected.

by koe123

2/20/2026 at 4:39:55 PM

And in your mind moral objectivism fixes this how? You equate these things to post-modernism, do you believe disloyalty came to exist in the world for the first time during 1950s?

by ux266478

2/20/2026 at 3:15:19 PM

This is satire right? You're comparing stealing intelligence for Iran to... playing sports in the Olympics?

by raincole

2/20/2026 at 3:29:23 PM

Its all part of the same idea. The idea that you can be in America, and not be loyal to America, that America is fundamentally evil and not worth loyalty. That things like money are more important than your country.

by ecshafer

2/20/2026 at 7:37:35 PM

When Albert Einstein fled germany to help the USA build nukes to destroy germany, was that good or bad?

by mrguyorama

2/20/2026 at 4:21:07 PM

I'm guessing this doesn't cut the other way? Like US doesn't have to give back all its foreign-born scientists and engineers (and some athletes).

by pphysch

2/20/2026 at 5:06:32 PM

Eileen Gu, who you are talking about here, is a prime example of the strange issue of misplaced loyalty to a country that is far more abusive than USA

by laughingcurve

2/20/2026 at 3:44:16 PM

If immigrants were loyal to their country, they wouldn't do this. The problem is immigrants who don't make it their country.

by mminer237

2/20/2026 at 3:58:25 PM

Hey man, the US is just an economic zone, not a country

by profdevloper

2/20/2026 at 3:57:48 PM

You know what, I'm going to defend this, because despite how off-colour and bad faith it comes across there's a definite nugget of truth that we have to sit with.

If your hiring program is built around increasing diversity, and you have an enemy state who would count as diverse by default then you have quite literally opened the door for exploitation.

All the handwringing in the sibling comments are not even trying to contend with this.

Also, it seems to be second generation migrants with greater affinity for extremism and patriotism for their parents country - despite never living there (this is the case in Sweden at least), and those are usually full citizens: this is very difficult to contend with for security services who use citizenship as a proxy for weeding out potential disloyalty).

by dijit

2/20/2026 at 3:16:44 PM

But hey, they work for 20% off, so there's that.

by gosub100

2/20/2026 at 2:36:44 PM

Unless you’re claiming all immigrants are spies, your logic doesn’t make sense. People loyal to their country tend to stay there.

by codechicago277

2/20/2026 at 2:59:18 PM

>People loyal to their country tend to stay there.

You'd be surprised. If I were to emigrate because of economic reasons (which is by far the most popular reason to emigrate) my loyalty would stay with my paychecks. I don’t see how it could be otherwise. What binds me to my new country? My history, my character, my race, my religion…? Guess not.

by blell

2/20/2026 at 3:29:33 PM

Many modern immigrants to America are purely economic. The rich are fine with this because they profit, but the labor class suffers.

by sushshs

2/20/2026 at 2:47:21 PM

> People loyal to their country tend to stay there.

Not necessarily true. Source: I have friends and family who came to the US from Russia and are still loyal to Russia. When the topic comes up, they tell me they would fight for Russia in a hypothetical US/Russia war.

It's entirely possible to love your country and still seek out a better life elsewhere for practical reasons.

Edit: To clarify, this isn't universal. Some folks who came over absolutely hate the country of their birth, some still love it, while others are ambivalent. But you can't make a blanket statement like "people loyal to their country tend to stay there" when there are stark financial and quality of life advantages to moving from one place to another.

by AlexandrB

2/20/2026 at 3:19:52 PM

Some immigrants are loyal to their country.

A company hires immigrants.

It's possible the company has hired immigrants loyal to their country.

Logically, it works like that.

by booleandilemma