top | item 43389489

(no title)

mattzito | 11 months ago

If you have a few minutes, reading the full complaint is worth it - the blog posts and the articles don't really do the whole story justice.

There is extremely damning evidence that this unnamed individual ("D.S.") in Ireland was acting at the behest of Deel senior leadership, including:

- the COO of deel reached out to a rippling payroll manager on linkedin to recruit them. The rippling employee didn't respond. Shortly thereafter, D.S. pulled up that employees personnel record in the HR system that has their unlisted phone number. Shortly after THAT, the COO of deel reached back out to that employee via WhatsApp and that phone number.

- The information was about to publish a story about Deel potentially violating sanctions. New information in the article was that at least one of the customers involved was a company called "tinybird". No one at rippling was aware that this company even existed, but a week BEFORE the article came out, but after the reporter had been asking questions of Deel, D.S. started searching Slack for "tinybird" (and there were no other searches of "tinybird" across the whole company)

- Around the same time, the reporter for the information reached out to rippling and had internal Rippling slack messages about potential similar sanctions violations. A short time before that happened, D.S. was suddenly searching for "russia", "sanctions", "iran", etc.

- There was an email between D.S. and the ceo of Deel, along with an introduction to someone from the family VC fund.

- And then, of course, the honeypot - a fake channel, fake chats from the Rippling CRO, but the chats had real stories that former Deel employees had alleged. Email sent to only the CEO of Deel, his dad/chairman of the board, and their GC. Just a short time later, D.S. was searching for the fake channel, trying to find it, adn trying to find these chat messages.

I'm sure the CEO will try to have plausible deniability, that it was someone else in his org that he delegated investigating these things to, he had no idea, etc. But if they can get D.S. to crack and share the details of what happened, I think it will be tough to toe that line.

discuss

noisy_boy|11 months ago

The honeypot story seems so weird:

> So, to confirm Deel’s involvement, Rippling’s General Counsel sent a legal letter to Deel’s senior leadership identifying a recently established Slack channel called “d-defectors,” in which (the letter implied) Rippling employees were discussing information that Deel would find embarrassing if made public. In reality, the “d-defectors” channel was not used by Rippling employees and contained no discussions at all. ... Yet, just hours after Rippling sent the letter to Deel’s executives and counsel, Deel’s spy searched for and accessed the #d-defectors channel—proving beyond any doubt that Deel’s top leadership, or someone acting on their behalf, had fed the information on the #d-defectors channel to Deel’s spy inside Rippling.

I am sending legal letter to someone warning them that I have dirt on them AND am also mentioning where the dirt is. And that didn't ring any warning bells to Deel's management? Just wow, if true. If they are truly this incompetent, they have no business doing corporate espionage.

pea|11 months ago

This is hilariously similar to the ploy George Smiley gets Ricki Tarr to orchestrate from Paris in Tinker Tailor Soldier Spy

x0x0|11 months ago

They were already doing stuff that's squarely behavior for which the board will fire you (and plausibly criminal), so prudence already departed.

refurb|11 months ago

I don’t think the letter was “warning they have dirt on them”.

Presumably it was a letter on another topic say an accusation about Rippling poaching Deel’s employees.

Rippling’s legal counsel sends a letter back saying “we aren’t poaching, there are plenty of Deel employees are looking to leave based on posts to Twitter and Slack discussions such as those in the “d-defector” channel.”

jobs_throwaway|11 months ago

People who resort to corporate espionage do not have the most sound judgement

makestuff|11 months ago

IMO this is going to create a wave of product offerings from security startups that "monitor for corporate espionage" similar to what Meta was doing tracking copy/paste into whats app, but do it across all apps. Like detect for seldom searched keywords, etc.

swyx|11 months ago

or lets calm down, this much espionage doesnt actually happen that much, and when it does, separating out people on need-to-know basis and introducing honeypots have been routine parts of the process for decades and costs nothing, no startup to be built here

"security startups that "monitor for corporate espionage"" imply introducing yet another third party that literally has access to all the things (or logs thereof) thereby introducing a nice fat pwn factor for everyone

rl1987|11 months ago

This sort of stuff already exists. The term is Data Loss Prevention.

groby_b|11 months ago

"create"?

The keyword you're looking for is "data loss prevention", it's a thriving market.

financetechbro|11 months ago

A flavor of these offerings already exist in the financial compliance world

calmoo|11 months ago

link to complaint: https://rippling2.imgix.net/Complaint.pdf

Really worth the full read.

LoganDark|11 months ago

> Really worth the full read.

Absolutely agree, although it's around an hour's read.

Into the void I say: There's a typo on page 39 (of the PDF; the bottom of the page says 37) line 1. That item should be item 4 since it comes after another item 3.

(page 12 also has "at which the Rippling would be offering those solutions" which should probably be just "Rippling", I suspect it said "the Rippling platform" before being corrected to "Rippling" but forgetting to remove "the")

anf0|11 months ago

Is it known how Rippling obtained information about D.S.' Slack activity? Does Slack provide this information or did Rippling obtain this information by running third party monitoring software on D.S.' machine?

eclipticplane|11 months ago

Slack has a ton of auditing controls built in to the enterprise version: https://api.slack.com/admins/audit-logs-call#channel

heymijo|11 months ago

The complaint goes into a lot of detail. Start at page 16 and read through at least page 23 if you want to understand what Ripling could discern from the spy's Slack usage.

> In part to ensure that the confidential information in Rippling’s Slack channels is used only for authorized purposes, Rippling employees’ Slack activity is “logged,” meaning every time a user views a document through Slack, accesses a Slack channel, sends a message, or conducts searches on Slack, that activity (and the associated user) is recorded in a log file.

r00fus|11 months ago

Enterprise Slack - everything is audited, and searchable with appropriate permissions. Your slacks on company time or with company equipment are not private from said company.

BoredPositron|11 months ago

Both would be fine? It’s a corp machine. If you find the amount of data disturbing don’t look what MS365/Teams is tracking…

ivraatiems|11 months ago

Agree, the entire complaint is fascinating reading. I suspect Deel's responses will mostly be "we deny everything," but any counter-arguments they make will also be very interesting.

I have to say, I think if this was just limited to the Slack previewing behavior, it's unlikely it would have been caught. Previewing Slack channels is not particularly unusual or suspicious behavior and many people, probably most, don't even think of it as being something that'd be logged. (I personally didn't think of it until reading this post, but in retrospect, of course it is. Everything is.)

Crossing the line into dumb things like Deel executives personally contacting the spy's subordinates via their personal phone numbers, which he had no way of knowing is like sending up a massive flare of weirdness. I'm not saying loyalty to one's employer is everything, or even particularly important, but if I was randomly headhunted by a C-level from a direct competitor, who I had never spoken to or expressed interest in, I'd be pretty suspicious, and I'd find it underhanded. I might mention it to someone.

Supposing the allegations are substantially true, I wonder why Deel felt comfortable going that far. Maybe underestimation of competition?

frankfrank13|11 months ago

> I'm sure the CEO will try to have plausible deniability

I'm not so sure, this is very damning

duskwuff|11 months ago

It certainly is damning - but there's no upside to Deel in admitting to their actions, either.