Three Silicon Valley engineers charged with stealing Google trade secrets and sending data to Iran

Key Takeaways

• A federal grand jury charged three San Jose engineers with stealing trade secrets from Google and other tech firms
• Prosecutors say the defendants transferred sensitive processor security and cryptography data to Iran
• The case highlights ongoing concerns about insider access risks within advanced semiconductor development

Federal prosecutors have charged three engineers based in San Jose with stealing proprietary information from leading Silicon Valley technology companies after Google’s internal monitoring flagged suspicious activity. The indictment, announced by the U.S. attorney's office for the Northern District of California, outlines a multi-year scheme that allegedly moved confidential processor and cryptography data to Iran.

The defendants are Samaneh Ghandali, 41, her sister Soroor Ghandali, 32, and Samaneh’s husband, Mohammadjavad Khosravi, 40. All three appeared in federal district court after being arrested on the same day the charges were made public. While the case is still in early stages, the set of accusations already reflects how sensitive the semiconductor ecosystem has become.

Their backgrounds vary in ways that matter. Soroor was in the United States on a nonimmigrant student visa, according to the indictment. Samaneh later obtained U.S. citizenship, and Khosravi is a U.S. permanent resident with previous service in the Iranian army. Prosecutors say the combination of their technical roles and access to restricted materials created an opportunity to extract hundreds of confidential files.

At the center of the allegations is their work inside several major chip design environments. Samaneh and Soroor were employed at Google before moving to another unnamed company referred to as Company 3. Khosravi worked at what prosecutors identify as Company 2, a firm that develops system-on-chip platforms used widely in smartphones and other mobile devices. For anyone outside engineering circles, SoC components combine processing, graphics, memory controllers, and other critical functions into a single semiconductor package. They are the core technology that powers both mass market mobile devices and more specialized embedded systems.

The indictment focuses heavily on materials related to processor security and cryptography. That is not surprising, since SoC makers have spent the past decade tightening hardware-level protections as mobile threats grew more sophisticated. Hardware security modules, encryption accelerators, and trusted execution environments are now foundational to modern chip architectures. Losing internal documentation or design references could weaken a company against competitors or expose vulnerabilities that are supposed to remain private.

Google said in a statement to CNBC that it identified the suspected theft during routine monitoring and then notified law enforcement. The company highlighted controls already in place, including restricted access to sensitive repositories, two-factor authentication for corporate accounts, and logging of file transfers to external platforms such as Telegram. These are baseline measures in most large tech organizations, although the situation raises a question that many security teams worry about: how do you meaningfully restrict insider misuse without slowing down engineers who rely on fast access to tools and documentation?

Here is where things get tricky for the broader industry. Insider risk programs have matured in recent years, but semiconductor development still depends on close collaboration across design, testing, and verification domains. These workflows often involve huge volumes of confidential files and complex permissions. As a result, companies sometimes struggle to strike a balance between operational speed and security. And because chip designs are deeply interdependent, a single engineer can legitimately require access to thousands of documents to do their job effectively. That reality creates attack surfaces that no amount of perimeter security can eliminate entirely.

Another angle worth noting is the geopolitical dimension. Research and development in advanced chips is already a focal point in U.S. export controls, particularly regarding Iran and other nations under technology restrictions. While the indictment does not accuse the defendants of broader espionage activity beyond the alleged data transfer, it will almost certainly reinforce federal pressure on companies to tighten internal monitoring. Whether that ultimately helps or hinders engineering productivity is an open question.

The case also surfaces the ongoing sensitivity around cryptographic technology. Even components considered routine in modern processors can involve complex intellectual property protections and tightly controlled algorithms. Cryptographic acceleration modules and secure boot processes are especially protected, given their role in preventing device tampering. If proprietary implementation details were indeed transferred abroad, prosecutors will likely argue that the risk to both commercial competitiveness and national security is meaningful.

For enterprises watching this unfold, the situation serves as a reminder that data exfiltration is rarely detected through a single major event. More often, it is a pattern of small anomalies. Google’s comment that the breach was discovered through routine monitoring fits a trend in which machine learning and behavioral analytics play a growing role in identifying suspicious access patterns. Still, organizations often underestimate how much cultural factors influence insider risk. Engineers tend to be highly mobile, frequently changing teams, companies, and even device platforms. That mobility sometimes increases the likelihood of data following them unintentionally or, in cases like this, allegedly by design.

The next phase of the case will likely involve more detailed examinations of the files in question and how they were moved. Prosecutors say the defendants conspired to steal trade secrets and obstructed justice, charges that carry serious penalties if proven. For now, the indictment reinforces a theme that has been building for years. The semiconductor supply chain is becoming both more strategic and more fragile, and insider access is one of the hardest variables for companies to control.