Slashdot Mirror

← Back to Stories (view on slashdot.org)

Goldman Sachs Trading Source Code In the Wild?

Posted by ScuttleMonkey on from the bunny-ball-ball dept.

Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?

12 of 324 comments (clear)

  1. Surely not? by fuzzyfuzzyfungus · · Score: 4, Insightful

    I can't believe that Goldman's algorithmic trading code is more valuable than its list of root passwords to governments all over the world...

    1. Re:Surely not? by mysidia · · Score: 4, Insightful

      Passwords can be easily changed by any old sysadmin, with minimal damage, as long as the passwords are changed quickly, or remote access is locked out, the damage can easily be mitigated very rapidly.

      Changing source code (to allay use of it by the thief to attack its owners, beat GS at their own game, or sell to competitors), is time-consuming, and requires the assistance of many software experts (programmers).

      The damage can only be mitigated by shutting down the system, and waiting a long time for changes to get made, or for the software to get rewritten, to protect against evil third parties knowing the trading system's flaws.

    2. Re:Surely not? by Anonymous Coward · · Score: 5, Insightful

      Exactly. Analyzing the source code will tell you how Goldman Sachs trades its stuff. It's not valuable because it was so expensive to develop this stuff, it's expensive because it shows how they play the game with what kind of strategy, and the stakes of the game is extremely high. It's like knowing how your opponent plays poker when the stakes are on the magnitude of billions of dollars.

      If the source code is in the wild, Goldman Sachs is forced to stop all related real-time trades, because their strategy is completely exposed, and once somebody exploits it, they will lose money really quickly. (Just imagine how many transactions they can make per second, and imagine every one of those transactions lose some money in average.) That means they get forced to leave the market until they develop a new trading system, or at least, re-develop their strategy. That costs a lot of money because they have to stop doing investments and leave the money some place safe.

    3. Re:Surely not? by A+beautiful+mind · · Score: 4, Insightful

      Excellent! If knowing the source code for _financial trading mechanisms_ allows for gaming the system, then it's a very good thing that the code was exposed. If anything, I'd expect banking code to resist outside intrusion.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    4. Re:Surely not? by dkleinsc · · Score: 4, Insightful

      Be fair: Goldman Sachs has way more control over government policies than a mere root password would give them. They don't just have root passwords, they have root passwords, physical access, and insider support.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    5. Re:Surely not? by captainpanic · · Score: 5, Insightful

      The fact that one can compare the strategy in big business with poker shows clearly why I think we're all better off when this whole banking business is downscaled a bit.

      While in the good old days the banking business was simply a place to store and borrow money, it has now become a mess so complicated that nobody really understands it anymore.

      It can be interesting to see what happens next... although I also realize that this accident can cause some innocent people to lose their jobs.

  2. nationalism vs. anti-corporatism by DoofusOfDeath · · Score: 5, Insightful

    It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

    But then, when I see industrial espionage by Russians, Chinese, Israelis, etc. against those very same corporations, a sense of nationalist anger makes me forget my anti-corporatist anger. Somehow I completely fail to have a sense of schadenfreude for the corporations that I normally hate, and I don't know why.

    Being human is strange.

    1. Re:nationalism vs. anti-corporatism by Gilmoure · · Score: 4, Insightful

      That us-and-them geographical, language or ethnicity identification is pretty weird. Try to cultivate the "scared bunny" / "everyone's out to get me" attitude and you won't feel sorry when a local coyote or mountain lion gets run over by a foreign truck.

      The whole us/them left/right axis is just part of the circuses to distract the crowd. If you really want to see the us/them divide, it's the upper crust Kleptocrats against everyone else. We're all just cattle and cat food to them. The only way they can make the tens of thousands of dollars a minute they do is by harnessing the earning power of lots of ants and skimming off a bit of everyone else's productive power.

      After WWII, the traditional pyramid shape of society (large number or poor, smaller number of middle class and very small number of upper class) changed towards more of a diamond shape. Ever since then, a lot of folks have been trying to revert that, driving down real wage gains while increasing productivity. All that benefit of efficiency has to go somewhere and it's not going down to the poor and it's not showing up in the paychecks of the works so it must be flowing up towards the top.

      --
      I drank what? -- Socrates
  3. Re:Even More Interesting by eldavojohn · · Score: 4, Insightful

    It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

    Ah, the double edged sword of secrecy. Keep the location of your secrets solitary so that you don't have to keep track of multiple copies. With every new location it is stored, the odds of corporate espionage double. Had they ascribed to keep it in one place, this would be all too possible. And let's face it, if you're shelling out $400k to one or two developers, you do checks on them and make sure they can handle the keys to the palace.

    Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

    I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption. Again, if you're shelling out $400k to a developer, you're probably laying fiber straight to the NYSE's servers from yours or at least including a level of encryption that is so high it would take the NSA days to decrypt it -- rendering the data worthless as it's public by then.

    Still if they don't understand how it works, I could see them doing that. I could not, however, see them sacrificing a week's worth of trading for these fears without first researching them. Do you know how much money and customers that would cost them?

    --
    My work here is dung.
  4. What's the exit strategy? by Sits · · Score: 5, Insightful

    If I were a rival to Goldman Sachs I would be terrified of someone offering me Goldman's source code. If I use it and Goldman find out then I'm in a world of trouble. If I use it but Goldman don't know for a bit AND the person who offered it knows I used it, then they can blackmail me. Even if I don't use it there could be expensive legal battles to prove my innocence ("Exhibit A shows the same loop variable counter is used in these two different source code bases." "?!"). How do I know it's not a trap? It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do? Use the secret? What if they like their product more?

    Obviously there must be another angle if this situation is true to drive someone to actually do it. I just can't figure it out at the moment.

  5. Re:Non-story by MadFarmAnimalz · · Score: 4, Insightful
    It will be largely useless without the slang and secdb components

    If you didn't have a python/java/$LANGUAGE interpreter and no python/java/$LANGUAGE documentation you'd probably still be able to glean the logic and algorithms from the code. The trade secret is the algorithms not the computer instructions representing them.

    --
    Blearf. Blearf, I say.
  6. The bankers certainly knew there would be a crash. by Futurepower(R) · · Score: 5, Insightful

    "The rolling stone article is conspiracy drivel..."

    Thoughts:

    1) The linked article is not the article published on paper in Rolling Stone, although confusingly it has the same name.

    2) A Slashdot comment is not meant to be a complete discussion of anything. A Slashdot comment can alert you to the need to do further research.

    3) The actual Rolling Stone article in the paper edition only says things that have been reported elsewhere.

    4) The bankers certainly knew there would be a crash, and that they would profit from the crash, and that the crash would be very destructive to everyone else.

    5) Matt Taibbi's article, The 52 Funniest Things About The Upcoming Death of The Pope lacks any humor. It's just stupid. In number 26, he guesses that the pope lives, and he dies. The point of the article seems to be that the pope gets less respect now; a big difference from 50 years ago. But it's a terrible article.

    6) What is important is not what someone said, but the facts.