Protocol Source Code
What matters in tech, in your inbox every morning.
Image: Protocol

How to catch a Silicon Valley spy

How to catch a Silicon Valley spy

Good morning! This Thursday, the FBI is warning Silicon Valley companies of insider threats of economic espionage, T-Mobile confirms the cyberattacks and Facebook launches a metaverse meeting tool.

(Was this email forwarded to you? Sign up here to get Source Code every day.)

The Big Story

This isn't a James Bond film

When FBI special agent Nick Shenkin starts talking about spies in Silicon Valley, he's not describing a James Bond movie or even what people have seen on "The Americans." Instead, he's there to warn the tech sector about something less dramatic, but perhaps more insidious: insider threats of economic espionage and intellectual property theft.

The risk to tech companies is employees being persuaded, or more typically, coerced by foreign autocratic governments into purloining information.

  • In one case Shenkin worked on, the Chinese government was denying the employee's mother dialysis back in China if he didn't steal intellectual property.
  • "This is a quotidian activity," Shenkin told Protocol in an interview. "This is a massive fundamental activity that bolsters and is one of the mainstays of many autocratic countries and their governments."

The FBI has been quietly briefing tech about the threat. It has spent a few years withventure firms, startups, academics and tech industry groups that might be of interest to foreign actors. After Protocol heard about the briefings from multiple sources, the FBI agreed to an interview about the content of the briefings and shared its framework, called the "Delta Protocol" (no relation to COVID-19 or this publication), that the agency developed to distribute to startups so they can learn to protect themselves.

  • There are four main vulnerabilities covered in the briefings: someone being a citizen of an autocracy, doing business with one, having assets in the country, or having family members/employees living or working in the autocracy. But it's the family vulnerability in particular that Shenkin says he sees "exploited over and over and over again."
  • "A lot of what the briefings cover is the idea that this is not about the ethnicity of the individual. This is about: What is any individual's or entity's vulnerability to the jurisdiction of an autocracy? Because what we see overwhelmingly is people who end up stealing intellectual property, very often, they have no desire to be stealing intellectual property," he said.

It's not your HR department's job to catch a spy. Instead, one way to fight economic espionage is to treat it like a phishing email: Train your employees to spot it, learn their vulnerabilities and install backup security systems to limit the damage if it does happen.

  • Established companies have their own security teams to screen for insider threats, but for startups, the FBI is handing out the Delta Protocol, its own framework to help startups in particular think about their security in the "delta" between starting out and growing large enough to have a security team.
  • What isn't a solution is being suspicious of Chinese or Russian co-workers and treating them like a threat. Shenkin is adamant that it's not about someone's ethnicity, but about whether anyone may have vulnerabilities that could make them a target to an autocratic state, and if they do, how companies should be protecting them.
  • "The briefings are like, please American companies, raise your shields, protect yourselves, make it more expensive for the thieves to rob you, and the country is stronger, and you're stronger," Shenkin said.

Some companies may be more valuable than others, but at the end of the day, any vulnerability can make a company a target. "If you're a quantum computing company, or a biotech company, or a green tech company, you are a juicier zebra on the Serengeti," Shenkin said. "But they're also going for just the slowest zebra on the Serengeti."

Biz Carson (email | twitter)

A version of this story appeared today on


Ransomware victims paid over $416 million worth of cryptocurrency to attackers in 2020, more than quadrupling 2019 totals. As of July 2021, we know that ransomware attackers have taken in at least $210 million worth of cryptocurrency from victims. Shouldn't we just ban crypto? The answer is no. Cryptocurrency is actually instrumental in fighting ransomware.

Learn More

People Are Talking

Huawei is hurting from U.S. sanctions, but chair Guo Ping hasn't lost hope:

  • "I expect that as the capability in chip manufacturing increases, [Huawei] will return to the smartphone throne."

Geely's Gan Jiayue can't say when the global chip shortage will subside:

  • "Short supply of chips is still a big uncertainty. You want me to give you a promise of when it will be resolved, but I can't tell you when."

The metaverse only works if it works for everybody, Roblox's Dave Baszucki said, and that's a tall order:

  • "It must be a civil and safe platform that welcomes 6-year-olds and at the same time welcomes 30-year-olds who are working together."

On Protocol | Workplace: A company's "head of remote" will eventually be much more focused on the evolving workplace, GitLab's Darren Murph says:

  • "There are only a limited number of years where we'll even refer to the word 'remote' before work. At some point, this will become so proliferated that it's just work."

Making Moves

GlobalFoundries is planning to go public. The chipmaker confidentially filed for an IPO that could value the company at around $25 billion.

Ken Kurson is facing cybercrime charges (again). New York state prosecutors charged the former Trump ally with eavesdropping and computer trespass.

In Other News

  • On Protocol: Facebook's building a metaverse for work. The company launched Horizon Workrooms, a VR-based meeting tool, in open beta this morning. You can meet with up to 15 other people in a virtual office with virtual whiteboards and shared screens. And Facebook thinks this is going to be big.
  • T-Mobile's cyberattack affected tens of millions of people. Personal information including Social Security numbers, birth dates and driver's license numbers were stolen from nearly 8 million current users and over 40 million past or prospective customers.
  • How does the Taliban manage to stay on social media? By following the rules, The Washington Post reported. The Taliban, likely with the help of a PR firm, strikes a gentler tone on social media, allowing it to dance around policies and test Big Tech leaders.
  • On Protocol: Facebook's most widely viewed content is pretty much harmless, the company said, countering criticism that the platform is a breeding ground for far-right pages and accounts. Still, the newly released data only offers a slice of all content on the platform.
  • Don't miss this story about Andrey Shumeyko, who lived a double life in the Apple world. Online, he was a go-to for leaked Apple apps and manuals. But he worked for the company the whole time, and would often tip Apple on people who worked against it.
  • On Protocol: Going green is harder than it looks. Companies like Amazon and Google have made some strides in sustainability, but at the end of the day, they need to start completely rethinking their gadgets — and the way they market those gadgets to consumers.
  • Dump your clunky vaccination card. Apple, Samsung and Google are creating a tool that will pull up a QR code that can be scanned to confirm your COVID-19 vaccination status.
  • Ubisoft Singapore is under investigation for alleged misconduct. The review comes after current and former employees brought up claims of a toxic workplace, with issues ranging from sexual harassment of female workers to racial disparities in pay.

One More Thing

Make the metaverse make sense!

It seems like the more people talk about the metaverse, the more puzzling it gets. How can going to a concert online really feel like it would in person? How can an avatar of ourselves try on clothes just like we would at a store?

Sure, there are nonfiction books about all this. But to make it make sense, look to the science-fiction novels that painted a picture of this world before Silicon Valley tried to make it a reality. Goodreads lists over a 100 books about the topic, from "Otaku" by Chris Kluwe to "The Private Eye" by Brian Vaughan, that take you into every possible corner of the metaverse, and, hopefully, help you see the future of tech more clearly.


The key to tackling ransomware is disrupting the ransomware supply chain — developers, affiliates, infrastructure services providers, launderers and cashout points — and the blockchain is the only data source that ties these actors together. So while it may seem counterintuitive at first, ransomware groups' use of cryptocurrency for ransom payments is actually beneficial to ransomware investigations.

Learn More

Refer Five Friends, Get A Mug

Are you tired of explaining the tech news of the day to your co-workers every morning? Let us do the heavy lifting and refer them to Source Code.

Send them your referral link via Slack, text, email or carrier pigeon and we'll send you your very own Protocol mug after you refer five friends!

Your referral link:*|RH_REFLINK|*

Share on TwitterShare on LinkedInShare via email

Thoughts, questions, tips? Send them to, or our tips line, Enjoy your day, see you tomorrow.

Correction: We made an update in yesterday's newsletter to reflect changes in Bloomberg's reporting about Palantir accepting gold as payment.

Recent Issues

The best of Protocol

The confessions of SBF

Your holiday book list

A tale of two FTXs