Federal prosecutors say a family team inside Big Tech quietly siphoned sensitive chip-security files—and those secrets later showed up on a device in Iran.
Quick Take
- Three Iranian nationals living in San Jose were indicted in federal court for alleged trade-secret theft tied to Google and other major chip firms.
- Investigators allege the defendants moved hundreds of confidential files off corporate systems, including cryptography and Google Pixel “Tensor” processor materials.
- Authorities say the trio used personal devices, third-party platforms, and even screen photos to evade typical company controls.
- Google reported it detected suspicious activity in 2023, revoked access, and contacted law enforcement, according to public statements.
- The case underscores an insider-threat problem with national-security stakes as the U.S. confronts hostile regimes and tightened tech controls.
Indictment targets alleged insider theft across Google, Qualcomm, and Intel
Federal authorities in the Northern District of California charged Samaneh Ghandali, Mohammadjavad Khosravi, and Soroor Ghandali with conspiracy and offenses related to theft and attempted theft of trade secrets, plus obstruction of justice. According to the charging allegations reported publicly, the defendants were engineers employed in Silicon Valley roles that gave access to highly sensitive processor and security work. Arrests were reported in San Jose on February 19, 2026, with court proceedings continuing the following day.
The allegations describe a cross-company pattern that matters because it spans multiple industry leaders rather than one isolated workplace. Samaneh and Soroor Ghandali previously worked at Google, while Khosravi worked at Qualcomm; Soroor later worked at Intel, according to reporting. That spread of access is what makes insider cases harder to contain: one person’s authorized access can become another person’s leverage, especially when sharing accounts, devices, or channels outside official corporate systems.
What prosecutors say was taken: Tensor, cryptography, and processor security
Public reporting on the indictment says the alleged stolen materials included confidential files tied to processor security, cryptography, and Google’s Tensor technology used in Pixel phones. In plain English, that category of information is the kind that protects devices and data, and it can also be “dual-use”—valuable for commercial advantage and potentially useful to adversaries looking to harden systems or exploit weaknesses. The government has not, in the cited reporting, publicly identified a specific Iranian state recipient.
Investigators also allege the theft involved “hundreds” of files and included material from multiple companies. That scale is significant because it suggests more than a one-off rules violation or a single document mistakenly moved to a personal drive. The indictment narrative described in media reports focuses on systematic collection and transfer methods, including copying to personal devices and third-party platforms. The alleged objective, as described in coverage, was transmitting or making the data accessible in Iran.
How the alleged exfiltration worked: third-party channels, device sharing, and screen photos
Authorities say the defendants used a mix of digital transfers and low-tech tactics to avoid detection. Reporting describes files being moved to personal devices and third-party platforms, plus the use of messaging channels—some reportedly named after the defendants. When companies build defenses around file transfers, screenshots and photos can become a workaround. The allegations include photographing computer screens, a method that can bypass standard file-monitoring systems that track downloads or attachments.
After Google detected suspicious activity in August 2023, reporting says Samaneh Ghandali’s access was revoked and she signed an affidavit denying disclosure of proprietary information. Subsequent allegations say the defendants looked up methods for deleting data and researching how long phone messages are retained—facts prosecutors typically cite to support an obstruction theory. Those claims are allegations at this stage; the cited reports did not include defense-side explanations or a detailed rebuttal.
The Iran trip detail raises the national-security temperature
One of the most consequential factual claims in the reporting is the December 2023 trip to Iran. Authorities allege Samaneh Ghandali photographed roughly two dozen images of Khosravi’s Qualcomm screen the night before travel, and that a device later accessed those photos and other sensitive materials while in Iran. Even without a named end user, that detail is central because it links the alleged theft to overseas access in a sanctioned, adversarial jurisdiction—exactly the scenario export-control and counterintelligence teams worry about.
Three Iranian Nationals Indicted For Attempting to Sell Google Secrets to Home Country
https://t.co/XD6CC8xkht— Townhall Updates (@TownhallUpdates) February 21, 2026
Google’s public posture, as reported, is that it strengthened protections and promptly informed law enforcement once it detected the activity. That is the right sequence for any company handling sensitive tech, but it also highlights the uncomfortable truth: the first line of defense is still internal monitoring after hiring, not perfect screening before hiring. For Americans tired of globalist assumptions that “everyone plays by the rules,” the case illustrates why strong enforcement and clear consequences remain essential.
Sources:
3 indicted stealing Google trade secrets, transmitting them to Iran (UPI)
Iran International coverage of the indictment (Iran International)
Three former Google engineers indicted in trade secret theft case (The Hacker News)
US charges engineers with sending Google trade secrets to Iran (The Times of Israel)
