I got fired because supplier reverse engineered my board
Posted by Water0Melon@reddit | hardware | View on Reddit | 48 comments
Hey folks, full transparency here—hope someone has feedback or experiences to share:
I was the sole hardware engineer at a small defense/OEM startup. We designed a custom PCB for a sensor and sent it to what we thought was a trusted manufacturer.
A knockoff appeared on the market just a few weeks later—same silkscreen, nearly identical layout and BOM. Turns out, they reverse-engineered our board directly from the files I sent. Because I was the only one sending them those CAD files, I became the scapegoat. The client flagged it as an unauthorized export, and I got fired.
Not sure what to do -- is my EE career over?? What do I tell other people? Lowkey confused how shit like this still happens - company still does nothing for security, how is it my fault?!
hardware-ModTeam@reddit
Thank you for your submission! Unfortunately, your submission has been removed for the following reason:
Please read the the subreddit rules before continuing to post. If you have any questions, please feel free to message the mods.
gfxlonghorn@reddit
If the other company has access to all of the ICs and firmware and you weren't doing cutting edge stuff, the pcbs are a dime a dozen these days and basically anything can be rebuilt for cheap anyways. I don't think this will hurt your future employment opportunities.
BlueGoliath@reddit
If your company is dumb enough to send IP/secrets to an overseas company, you deserve what you get.
Water0Melon@reddit (OP)
Manufacturer says they got hacked, but no idea how that happened.
crab_quiche@reddit
So the manufacturer admitted fault and your company fired you? That makes no sense.
trident_of_rivers@reddit
Get an employment lawyer asap
Due-Order2153@reddit
In the US you can be fired for any or no reason at all, unless you are being fired based on discrimination from a protected class.
From EEOC.gov
Applicants, employees and former employees are protected from employment discrimination based on race, color, religion, sex (including pregnancy, sexual orientation, or transgender status), national origin, age (40 or older), disability and genetic information (including family medical history).
Applicants, employees and former employees are also protected from retaliation (punishment) for filing a charge or complaint of discrimination, participating in a discrimination investigation or lawsuit, or opposing discrimination (for example, threatening to file a charge or complaint of discrimination).
CatsAndCapybaras@reddit
They are still liable even if they got hacked. I assumed your company signed an NDA or similar with them when you sent the files.
recumbent_mike@reddit
Pretty funny that they'd even bother responding.
APGaming_reddit@reddit
they did not get hacked
GenZia@reddit
That's convenient.
Perhaps if you can prove that the 'knock-off' was manufactured by the same company, you might have a case there to prove you innocence and clear your name.
Still, you're the fall guy so I doubt that's going to change much.
Like it or not, it's either you or the entire startup!
BlueGoliath@reddit
Malicious emails is a popular method. Otherwise the typical outdated server software hack.
jmhalder@reddit
Manufacturers are just covering their ass.
GenZia@reddit
Like Apple...
LangyMD@reddit
There can be a difference between consumer electronics and defense electronics, though even consumer electronics can be under export control. Apple products generally aren't under export control to the countries that they manufacture those specific products in.
GenZia@reddit
While I understand your point of view, I think you're underestimating China's tech influence on the U.S defense industry and the extent of their reverse engineering in general:
That rabbit holes goes quite deep.
Source: https://www.americansecurityproject.org/us-defense-supplies-china/
LangyMD@reddit
Oh, I'm entirely aware of China's influence on the defense industry and proclivity with reverse engineering - I was referring to the legal differences. A lot of companies manufacture stuff in China that China then reverse-engineers and makes knockoffs of.
Export control restrictions mean companies aren't supposed to be export new defense technologies - such as whatever circuit board design the OP came up with at his defense startup company - to China or other foreign countries, and certain consumer devices like nVidia graphics cards can't be exported there either. That doesn't mean that whatever they can legally export to China should be exported to China; Apple has probably given China a ton of tech info on smartphone design in order to have them made in China even if the actual chips are made in Taiwan.
gahlo@reddit
For Apple it's the cost of doing business. For the company OP worked at it's losing a client.
GenZia@reddit
You're making it sound like Apple doesn't have a choice.
gahlo@reddit
I'm saying they've done the math and they're fine with it.
recumbent_mike@reddit
They certainly have a choice; it's just that the other choices cost more.
gumol@reddit
lol every single US silicon manufacturer fabs their chips in Korea or Taiwan. Possibly China.
BlueGoliath@reddit
Get your glasses on and read in-between the parentheses. I'm mostly referring to a specific country.
nanonan@reddit
OP didn't mention anyone, so you're being presumptuous. Oh and racist.
nanonan@reddit
Odd that you would intentionally imply this.
bdk1417@reddit
No one has mentioned it yet but it kinda sounds like you broke export compliance laws (on behalf of your company). You said you work for a defense contractor? And your client labeled it a “unauthorized export?” Then the design you had might have been subject to export compliance laws. Emailing export controlled data is not a good thing to do. This is why large companies that have military contracts have training and teams to handle this type of thing.
cannuckgamer@reddit
Have you thought about hiring a lawyer? It sounds like they fired you to make you look like the scapegoat. Something smells fishy here. I’d get a lawyer asap, as you could get compensation or your job back for wrongful dismissal.
hanotak@reddit
Assuming this supplier was agreed upon by your supervisor, and/or is an established company (not some random pop-up manufacturer you found on Alibaba)? If so, it's not your fault at all, and the company should be sueing the manufacturer instead of firing their engineers.
(a) Some people have no business making employment decisions, but still happen to be in positions to do so. It's not your fault when they make stupid decisions.
(b) Your career is not over, just forget about the company and look for a new job. If they ask, just say that your last company decided they didn't need a hardware engineer on staff anymore (since that's essentially what they've done).
GenZia@reddit
OP said it's a "small defense/OEM startup" so I'm assuming an international legal 'battle' is out of the question.
Easier to just slap it on a convenient scapegoat and pretend it never happened.
GNRZMC@reddit
AKA war!!!!!!!
Cognoscope@reddit
That sucks for OP, but I can’t buy part b) without him getting something in writing from his employer holding him harmless - unlikely since they fired him. “He who lies once, must lie always.” You never know when someone at this startup might know someone at a future employer & scuttle this layoff excuse. Better to tell the truth, but with details on who told you to do it & how you did it. THEN immediately break it down as a “lessons learned” experience & talk about how YOU would attempt to protect company IP in the future regardless of how casual your peer/manager instructions might be.
hanotak@reddit
IMO, this will just get you filtered out immediately, especially at larger companies. "Has been fired for cause" is going to be a hard "reject" in a lot of companies, regardless of if that cause was realistically valid or not.
If you're in a truly niche position, where "everyone knows everyone", and the interviewers aren't just filling out a checklist and know what they're talking about, then sure. Explain. In many cases, though, it'll be better to just not communicate something like this, since it's not relevant anyway.
recumbent_mike@reddit
That might work, but i worry about the knee - jerk HR reaction to anyone who's caused legal trouble for their last company.
tomchee@reddit
if you are ideed only an enginer, than the decision making when it comes to manufacturer is not yours. (i asume)
at that point i see no way that it is your fault
ninjagarcia@reddit
This is fake because of it was true your company would have one large lawsuit on their hands. Nice try though.
nanonan@reddit
You know nothing about business in the real world. They are a small startup. The decision was: throw this kid under the bus to please and attempt to keep the client or launch an international lawsuit. The answert was easy. Sucks for the kid, but not much he can really do except get a lawyer of his own which is likely unaffordable or move on from it.
ninjagarcia@reddit
That I do as a former DoD contractor. This is a good face farce of a story but go on.
LangyMD@reddit
So if I understand correctly, you worked for a US defense/OEM startup, designing circuit boards and such. You transmitted files to a trusted manufacturer - I assume also US based. These files appear to have been used by a foreign competitor to create a competing product.
So somehow the files you sent got to this foreign competitor, and since you're the "only" person who sent those files out of your company's network to elsewhere you're the one who was blamed.
Let's assume the board was indeed reverse-engineered from the design files you transmitted. I'd record - however you can - the method you used to transmit the files. Normally when transmitting sensitive data I'd either send an encrypted email, an encrypted DVD/hard drive, or use an encrypted drop-box type service - depending on size of data, mostly - but either way it'd be on your company to know to encrypt the files prior to transmission and then transmit the encryption passphrase using a second, trusted communications channel.
If it turns out you transmitted them "in the clear", use that as a learning opportunity to not do that in the future. If you're asked about that in the future during an interview, be honest about it, say you now have an extreme appreciation for why it's important, and explain that neither your startup, the client, nor the tier 1 defense contractor you were communicating with had provided sufficient training on how to manage secure file transfers (assuming that's accurate). It may not be the end of your career, but I can understand why a small startup would prefer to start again somewhere else.
Importantly, nothing of this is really necessary for you to share with the wider world. You're pissed at being fired, but if you want to work in an area where failures with secure communication got you in trouble then posting about it on Reddit for the whole world to read about isn't likely to help you get a new job in the future either.
If you did everything "right" in the transfer, then it's likely the files got breached some other way, such as a hack of one or the other company's servers. This is distressingly common; famously, almost all the non-classified design information for the F-35 was hacked and stolen, for instance. If that's the case, then if people ask about this incident in the future you can explain what happened from your perspective. It would suck to be the scapegoat in a situation like that, but it's not necessarily the end of your career either.
Leo1_ac@reddit
W/e it is said here, it does not matter since those who employ you and pay you already made up their mind. None of the clowns above and below can or care to hire you.
You lost, pondering on this further is just a waste of time. Move on.
wirefixer@reddit
Go work for the supplier.
zR0B3ry2VAiH@reddit
Honestly this is the best idea here
Water0Melon@reddit (OP)
does this happen often? manufacturer has been a long time partner of the company (it's also not really a random startup..... more of a major T1 defense contracter / supplier)
shouldn't files be encrypted somehow?
willbill642@reddit
Which manufacturer?
recumbent_mike@reddit
Did you encrypt the files?
JigglymoobsMWO@reddit
1) time to look for a new job (obviously) 2) I don't think you look too bad coming out of this situation. Get advice from people in your industry, but I suspect you can just tell the next prospective employer the truth.
Why I think 2: A. You were the sole hardware engineer and you shipped something B. The product was good enough to copy C. Like the people on here, the next employer may not think it's really your fault D. Obviously, you will tell them that you gained valuable experience and lessons from this episode
iboxagox@reddit
You could probably force a nice severance package from them . You would need a lawyer to really make it work. The gist of the letter from the lawyer would be " hey, we're not really sure why the employee was fired since it was one of your trusted suppliers. You and the supplier may be in violation of ITAR. We're sending a letter to the supplier to remove the files they have stolen as it has caused my client financial damage and reminding them they are a defense supplier and should have policies in place to prevent this theft. Anyway, we hope you review the matter so this all goes away and we're looking for a year and a half severance and a good reference"
max1001@reddit
Surprised you haven't been arrested.
BlaiseLabs@reddit
So chatGPT is taking on military contracts, interesting…