Slashdot Mirror

← Back to Stories (view on slashdot.org)

Goldman Sachs Trading Source Code In the Wild?

Posted by ScuttleMonkey on from the bunny-ball-ball dept.

Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?

15 of 324 comments (clear)

  1. Even More Interesting by eldavojohn · · Score: 5, Interesting

    Even more interesting is in the second article that notifies us that Goldman Sachs has been removed from the NYSE 15 Most Active Members Firms Weekly Report. GS had been #1 the week before and now they're not even on it. These fifteen firms alone represent about 98% of all trades with the NYSE. So what happened?

    The author mentions some things but gives no clear motivation for GS hiding their stats. I would speculate that if one of your developers copied your code and uploaded it to a server discretely, you could have that in your logs and not notice it for days or weeks. But if he then did something to your system to ensure his new employer's ownership of that code you wuold notice that pretty damn fast I imagine. Sergey Aleynikov sounds like a brilliant coder but maybe he's not so smart on legal issues, is it possible he completely hobbled GS to please his new employer? Are they keeping their transaction report hush hush so investers don't worry? Was Sergey Aleynikov thinking he could sell the code and the rights to the code? After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?

    If GS remained #1, they would have left themselves on the list. I presume that something else related to this has gone wrong with their operation, the news just hasn't broke yet.

    --
    My work here is dung.
    1. Re:Even More Interesting by dr.newton · · Score: 3, Interesting

      It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

      Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

      --
      Just another proletarian malcontent.
    2. Re:Even More Interesting by Ciaran+Power · · Score: 3, Interesting

      A brilliant coder...

      who's never heard of "history -c"???

      TFS says that his history file was backed up while he was Hacking The Gibson. He might have cleared his .history afterwards but presumably didn't know about/didn't have access to/didn't bother clearing the backup. TFA doesn't mention anything about his history btw, but slashdot wouldn't lie to me.

    3. Re:Even More Interesting by Richard+W.M.+Jones · · Score: 3, Interesting

      Seems more likely he was caught by auditing through the audit daemon in Red Hat Enterprise Linux. It records both high level "actions" taken on the machine, and (in some cases) commands typed at the shell. Unless you have root (in some cases, even if you have root), it's hard to erase those logs.

      Rich.

      --
      libguestfs - tools for accessing and modifying virtual machine disk images
    4. Re:Even More Interesting by morgan_greywolf · · Score: 4, Interesting

      I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption.

      Knowing the algorithms that Goldman Sachs uses to do realtime trades could possibly give you insider information you wouldn't have otherwise had. When doing realtime transactions, if you know the ORDER Goldman Sachs will use to do the transactions, for instance, you could buy certain stocks a minute or two before Goldman Sachs does...since the act of GS (or anyone) buying a stock will increase its trading price some, and you've just automatically made money and hurt GS at the same time.

      This type of insider trading information will likely result in criminal prosecution by the SEC, however, so don't try this at home, kiddies.

      --
      My blog
  2. Re:Surely not? by Richard_at_work · · Score: 5, Interesting

    What if having the code allowed you to analyse it for ways to game the system? Knowing precisely how the system will react in certain circumstances could give you a serious leg up when attacking the system on the markets (trade limitations, trend spotting for error codes or edge cases et al).

    This code could be worth significant amounts of money on the international fraud market.

  3. Proving theft.. by MosesJones · · Score: 5, Interesting

    Its hardly surprising that this sort of code is highly valuable but the challenge is surely going to be proving that it was actually stolen. If they have a bash history that doesn't include the IP addresses but just shows that he created a tar ball then where is the proof that he actually stole anything at all?

    The original is of course still there, what he took is a copy, so you can't show something is missing.

    They currently don't know where it has gone, so they can't prove that a copy was moved outside the firewall successfully

    If he hasn't yet sold the stuff on they can't prove there was a financial benefit linked to the theft

    So how will they prove beyond a reasonable doubt that some actual theft has gone on?

    Its not like he has just lobbed it on Bit-torrent or posted it to Wikileaks. What he has done is taken a copy of the code, which means its Intellectual Property and copyright issues rather than "simple" theft and therefore they really need to prove (surely) that he has done something with the code.

    Should be interesting to see how the police "generate" and prove the evidence on this one.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:Proving theft.. by fuzzyfuzzyfungus · · Score: 3, Interesting

      Whenever I run into a tough time proving a case, I fall back on due process of law...

  4. Re:nationalism vs. anti-corporatism by fuzzyfuzzyfungus · · Score: 5, Interesting

    That, my friend, is what having your self interest 0wn3d by your primate instincts feels like.

    Don't worry, multinationals have no such weaknesses, and won't bat an eye when you are on the hook.

  5. Re:Non-story by Anonymous Coward · · Score: 3, Interesting

    Well done, sir. I was thinking about just the same (slang/secdb).

    Of course, it wont be easy to install the whole system and then put those bits of code he stole on it and run it. But it is entirely possible those algos were not his, but coming from some of the very important core modules. It can still carry a large value.

  6. Re:Surely not? by Richard_at_work · · Score: 5, Interesting

    I'm not talking about exploits or bugs, I'm talking about knowing *precisely* how the code will react in given circumstances, *precisely* which edge cases are handled in code, *precisely* what results in an error state and how that error state is handled.

    Knowing such things will allow you to tailor your fraudulant trades so as to not raise suspicion, or to make more money within a set amount of time. If you know precisely how far to push your actions, and then push no further, then you could continue with the same fraud for longer than you would otherwise without being discovered. If you know how often the trend analysis reports are run, and how they do what they do, then you can tailor your trades so as to not appear on those reports - just enough, no more.

    All of which means you can make more money without being detected - and you haven't attacked the software itself, you haven't changed how the code works, you have stayed within the boundaries that the software creates. All because you knew *precisely* how the code works.

  7. Re:Surely not? by infolation · · Score: 3, Interesting

    The online gambling industry analyzes the games made on their system against games played by known gambling software to identify players cheating.

    Perhaps GS haven't immediately stopped real-time trading using their existing system because they're able to analyze trades made by other brokerages to identify patterns that would indicate whether their own trading system is being used by others.

  8. Their source code is useless by bartwol · · Score: 4, Interesting

    I worked for a financial services company that had similar types of systems. The legal department and security people were always concerned about people stealing our source code.

    But their fears were unfounded. Why? Because the source code is highly customized code that not only implements thoroughly non-standards-based algorithms, but is also tightly coupled to underlying hardware/software platforms (and the non-standardized APIs of their peer systems). The result: you can't run it anywhere but on the infrastructure of the company for which it was built. Sure, you could pull out a subroutine here or there. But overall, it's pretty worthless stuff.

    Humorously, we had a large, difficult, multi-year project to port our code to a newer hardware platform (same O.S. and language tools). I joked that we should post all our source code on the web for free unencumbered download, and if somebody could get it to run on the newer (or any other) platform, we could pay them $2 million for their effort and still come out way ahead in the deal. Everybody laughed and agreed that that would be a dream come true.

  9. Re:Non-story by anothy · · Score: 4, Interesting

    i have a somewhat-better-than-passing knowledge of how these systems work. i'm very unconvinced by your explanation.

    you seem to be assuming the intent would be to out-compete Goldman by re-implementing this system, perhaps with some changes/optimizations. for that, sure, you'd need the rest of the environment. but a good understanding of the algorithm and implementation could be obtained without the rest of the environment (like i can read C# code and extract the algorithms without having the rest of the environment). that seems like it would be enough to game Goldman's system (which is a sizable part of the system overall).

    note that i am not asserting that this is a catastrophe for Goldman, just that your explanation isn't convincing. i will, however, agree with a previous poster that Goldman's sudden absence from NYSE's 15 most active members, rather than being #1 as they had for a good while, is very suspicious.

    --

    i speak for myself and those who like what i say.
  10. Re:Surely not? by Maxo-Texas · · Score: 3, Interesting

    Yes, but the root password list consists of having large numbers of government positions filled with former (and future) GS employees.

    Hard to put that in a suitcase.

    A lot of money was funneled to GS by Paulsen (a GS alumni) and some of their major competitors were crippled.

    Recently close to 40% of NYSE volume was GS which gives them enormous power to manipulate prices.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.