Tesla axes software engineer for allegedly pilfering secret Python scripts after just three days on the job

WARP Drive process automation code said to be 'extremely valuable'

Tesla has fired and sued software engineer Alex Khatilov for alleged trade secret theft and breach of contract. The electric automaker claims its former employee copied thousands of files to his personal Dropbox account just days after being hired.

The complaint [PDF], filed on Friday in US District Court in San Jose, California, claims Khatilov, also known as Sabhir Khatilov and Alex Tilov, was hired as a senior quality assurance engineer on December 28, 2020, and began copying company files without authorization just days later.

"Within three days, he began stealing thousands of highly confidential software files from Tesla’s secure internal network, transferring them to his personal cloud storage account on Dropbox, to which Tesla has no access or visibility," the complaint contends. "The files consist of 'scripts' of proprietary software code that Tesla has spent years of engineering time to build."

Reached by phone on Friday afternoon, Khatilov said he was unaware of the lawsuit and insisted what happened was a mistake, the result of Dropbox automatically copying Python files he installed as part of his onboarding process.

According to the complaint, Khatilov, of San Bruno, California, was hired to write scripts to help automate Tesla's Environmental Health and Safety systems. The company relies on quality assurance engineers to automate various business tasks using Python scripts, which run on a backend system called WARP Drive.

Out of Tesla's approximately 50,000 employees, only the 40 members of the quality assurance engineering team, which included Khatilov, have access to those scripts. And only eight people on the build team can grant access rights.

The carmaker claims its automation scripts represent "200 man-years" of labor and could help competitors copy the company's innovations. The scripts said to have been taken are used for procurement, inventory management, payment, processing, and delivery, among other business functions.

"These scripts would be extremely valuable to a competitor," said Golda Arulappan, senior manager of software quality assurance engineering for Tesla, in a court deposition. "Access to these scripts would enable engineers at other companies to reverse engineer Tesla’s processes to create a similar system in a fraction of the time and with a fraction of the expense it took Tesla to build the system."


Watchdog urges Tesla to recall 158,000 Model S, X cars to fix knackered NAND flash that borks safety features


Khatilov allegedly downloaded files from WARP Drive that were unrelated to his job responsibilities from December 31, 2020 through January 4, 2021, and again on January 6, 2021. That day, Tesla's Information Security Team detected the file transfers and found 26,377 file alerts from its network monitoring software, representing at least 6,300 files.

Upon confirming that the file transfers included proprietary information and violated corporate policies, David Schertzer, a senior security intelligence investigator at Tesla, opened an investigation. Later that day, according to Schertzer's deposition, he and other Tesla personnel conducted a remote interview of Khatilov via Microsoft Teams.

Asked what files he had copied to his Dropbox account, Khatilov is said to have initially insisted the files were personal in nature, a passport scan and a form W-4.

"I prompted Mr. Khatilov to screen share his laptop to confirm that his Dropbox account did not, as he twice claimed, contain any confidential Tesla files," recounts Schertzer in his deposition. "Mr Khatilov delayed accepting the screen share request for over a minute, thus not allowing us to see the screen or to view his Dropbox files."

"During this time, I observed Mr Khatilov on videochat rapidly clicking and typing," Schertzer continues. "Because of these circumstances, I believe he was trying to modify Dropbox or other files to interfere with our inspection."

I believe he was trying to modify Dropbox or other files to interfere with our inspection

When Khatilov finally shared his screen, Schertzer said that the software engineer claimed he had already deleted the Dropbox client app on his laptop. But as noted by another Tesla investigator, deleting the Dropbox client app does not delete files in a Dropbox cloud account.

Further back and forth via video supposedly convinced Khatilov to get rid of additional Tesla files in his Dropbox, a subset of the alleged trove.

Schertzer's account of the incident continues: "After supervising the deletion, I then informed Mr Khatilov that his Dropbox account contained non-administrative content and told him that Information Security had detected that he removed over 26,000 confidential filenames from the Tesla network. Khatilov claimed he didn’t mention these before, despite being asked twice, because he 'forgot.'"

Tesla's legal filing claims that Khatilov was evasive and lied to company investigators and says that the company cannot confirm its files have all been deleted. Moreover, the company says it believes Khatilov may have disseminated the files. It is seeking an injunction to force its former employee to turn over any copies of Tesla's files and to disclose the identities of anyone with whom he may have shared the data.

Khatilov in his conversation with The Register described his firing as "a weird situation." He said he'd been hired as a tester and a few days later received a computer with an onboarding document that directed him to install some software, which includes some Python files and modules.

He also installed Dropbox and said the software somehow started backing up those files. Later that day, he said, he got a call from Tesla security and was asked to meet and share his screen, briefly recounting the meeting described in the Tesla court filing.

He insisted the incident was a mistake and asked if we could send him a copy of the lawsuit, which we did. ®

Broader topics

Other stories you might like

  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading

Biting the hand that feeds IT © 1998–2022