Slashdot Mirror
Goldman Sachs Trading Source Code In the Wild?
Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?
I can't believe that Goldman's algorithmic trading code is more valuable than its list of root passwords to governments all over the world...
Even more interesting is in the second article that notifies us that Goldman Sachs has been removed from the NYSE 15 Most Active Members Firms Weekly Report. GS had been #1 the week before and now they're not even on it. These fifteen firms alone represent about 98% of all trades with the NYSE. So what happened?
The author mentions some things but gives no clear motivation for GS hiding their stats. I would speculate that if one of your developers copied your code and uploaded it to a server discretely, you could have that in your logs and not notice it for days or weeks. But if he then did something to your system to ensure his new employer's ownership of that code you wuold notice that pretty damn fast I imagine. Sergey Aleynikov sounds like a brilliant coder but maybe he's not so smart on legal issues, is it possible he completely hobbled GS to please his new employer? Are they keeping their transaction report hush hush so investers don't worry? Was Sergey Aleynikov thinking he could sell the code and the rights to the code? After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?
If GS remained #1, they would have left themselves on the list. I presume that something else related to this has gone wrong with their operation, the news just hasn't broke yet.
My work here is dung.
It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.
But then, when I see industrial espionage by Russians, Chinese, Israelis, etc. against those very same corporations, a sense of nationalist anger makes me forget my anti-corporatist anger. Somehow I completely fail to have a sense of schadenfreude for the corporations that I normally hate, and I don't know why.
Being human is strange.
Pure evil partnered with Linux?
I'm pretty sure that can't happen. I'm going to pray to Linus for guidance.
I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?
Its hardly surprising that this sort of code is highly valuable but the challenge is surely going to be proving that it was actually stolen. If they have a bash history that doesn't include the IP addresses but just shows that he created a tar ball then where is the proof that he actually stole anything at all?
The original is of course still there, what he took is a copy, so you can't show something is missing.
They currently don't know where it has gone, so they can't prove that a copy was moved outside the firewall successfully
If he hasn't yet sold the stuff on they can't prove there was a financial benefit linked to the theft
So how will they prove beyond a reasonable doubt that some actual theft has gone on?
Its not like he has just lobbed it on Bit-torrent or posted it to Wikileaks. What he has done is taken a copy of the code, which means its Intellectual Property and copyright issues rather than "simple" theft and therefore they really need to prove (surely) that he has done something with the code.
Should be interesting to see how the police "generate" and prove the evidence on this one.
An Eye for an Eye will make the whole world blind - Gandhi
...or, perhaps last week was a short trading week which cut into the already-low trading volume. Did you by chance compare the overall volume levels when you came up with your theory?
I am betting you didn't because if you had, you'd see that the volume last week was way lower than the norm.
More likely, lots of GS traders just took the week off and went on vacation.
Probably people that would do something similar, will never touch that code, for fear of be "tainted".
And anyway.. most code create new stuff that is worthy a patent. But not because most programmers are genius, but because the patent system is crap. No one sould care about what is on that code, because any professional can recreate the code anyway with the same features. There are not "sacred" code in this world. More the other stuff... Is really hard to make other people look at your code. The bussines type of guys dont want to look at your code. The users don't want to look at your code. Often, others programmers don't want to look at your code. Maybe is more valuable and interesting the features, and the documentation, the analysys of the problem, than the fucking source code. I do like to read source code, but I am one in a million (of programmers) and theres probably around 7 million programmers, so probably theres only another 7 dudes like me :-I
-Woof woof woof!
GS's code for program trading is all written in a proprietary programming language called slang and relies on a proprietary database (secdb).
The install for that is a hell of a lot bigger than 32 MB, so this is probably just a few trading algorithms that a pissed-off developer has copied away.
It will be largely useless without the slang and secdb components and will be totally unsafe to trade off without a sufficient source of historic data and reference data, correctly formatted and loaded into secdb.
The idea that this leak is likely to be in any way materially damaging to GS is frankly a joke to anyone with even a passing knowledge of how these systems really operate.
But don't let that get in the way of your paranoia about how the world works.
Without the login codes to https://www.illuminati-hq.org/financialserver/tomorrows-stockprices.php
"The world's most valuable source code could be in the wild."
Duke Nukem Forever? Oh joy.
If I were a rival to Goldman Sachs I would be terrified of someone offering me Goldman's source code. If I use it and Goldman find out then I'm in a world of trouble. If I use it but Goldman don't know for a bit AND the person who offered it knows I used it, then they can blackmail me. Even if I don't use it there could be expensive legal battles to prove my innocence ("Exhibit A shows the same loop variable counter is used in these two different source code bases." "?!"). How do I know it's not a trap? It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do? Use the secret? What if they like their product more?
Obviously there must be another angle if this situation is true to drive someone to actually do it. I just can't figure it out at the moment.
I worked for a financial services company that had similar types of systems. The legal department and security people were always concerned about people stealing our source code.
But their fears were unfounded. Why? Because the source code is highly customized code that not only implements thoroughly non-standards-based algorithms, but is also tightly coupled to underlying hardware/software platforms (and the non-standardized APIs of their peer systems). The result: you can't run it anywhere but on the infrastructure of the company for which it was built. Sure, you could pull out a subroutine here or there. But overall, it's pretty worthless stuff.
Humorously, we had a large, difficult, multi-year project to port our code to a newer hardware platform (same O.S. and language tools). I joked that we should post all our source code on the web for free unencumbered download, and if somebody could get it to run on the newer (or any other) platform, we could pay them $2 million for their effort and still come out way ahead in the deal. Everybody laughed and agreed that that would be a dream come true.
So the question, where are the 32MB of encrypted files that Sergey uploaded to a German server?
Rapidshare?
I think it's wonderful that the code has been reintroduced to the wild. Looks like their captive breeding program has been quite a success!
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Based on the Rolling Stones article I was able to reverse engineer the core Goldman Sachs trading algorithm:
#include
int main( int argc, const char* argv[] )
{
pump();
dump();
}
Here is a copy of the code in it's entirety -
Buy Low
Sell High
"But this one goes to 11!"
There is a long article in Rolling Stone magazine this month, The Great American Bubble Machine, alleging that banks control the U.S. government and that Goldman Sachs is one of the leaders of the corruption. Anyone wanting to know more about how the financial corruption of the U.S. government is operated should read the article. The article alleges that Goldman Sachs will use any manipulation whatsoever to get money.
This Slashdot comment, The Investment Banking cohorts JPMorgan Chase and Goldman Sachs are the **huge** winners, discusses some of the issues. The Slashdot comment links to the Rolling Stone article, but that copy of the article has been removed.
According to the Rolling Stone article, Goldman Sachs makes money mostly through corruption, not investment insight. Your tax money may be their profit: Goldman Sachs takes $12B Bailout, Hands out $14B Bonuses. (The article lists British pounds, the Digg article lists dollars.)
The corruption is not new. For example, see the May 13, 2002 article in Business Week, How Corrupt Is Wall Street? New revelations have investors baying for blood, and the scandal is widening Quote: "Consider Enron, which has paid $323 million to Wall Street in underwriting fees since 1986, according to Thomson. Goldman, Sachs & Co. (GS ) pocketed $69 million of that..." Enron, of course, went bankrupt when it was discovered the company was dishonest.
Beginning in 2002, Warren Buffett began very publicly calling derivatives "financial weapons of mass destruction". That particular part of the corruption was caused by the removal of laws designed to prevent fraud, at the beginning of George W. Bush's first term. Nothing was done to reinstate the laws, and that's why we are suffering now. Why was nothing done? Numerous articles say the corruption was allowed to happen because Goldman Sachs people control the U.S. government's Federal Reserve Bank. To give a small indication of the level of corruption, the "Federal Reserve Bank" is not federal, there is nothing in reserve, and it is not a bank.
"The rolling stone article is conspiracy drivel..."
Thoughts:
1) The linked article is not the article published on paper in Rolling Stone, although confusingly it has the same name.
2) A Slashdot comment is not meant to be a complete discussion of anything. A Slashdot comment can alert you to the need to do further research.
3) The actual Rolling Stone article in the paper edition only says things that have been reported elsewhere.
4) The bankers certainly knew there would be a crash, and that they would profit from the crash, and that the crash would be very destructive to everyone else.
5) Matt Taibbi's article, The 52 Funniest Things About The Upcoming Death of The Pope lacks any humor. It's just stupid. In number 26, he guesses that the pope lives, and he dies. The point of the article seems to be that the pope gets less respect now; a big difference from 50 years ago. But it's a terrible article.
6) What is important is not what someone said, but the facts.
Listen I am going to drop a huge bombshell on how GS makes their money and it has nothing to do with source code or trading. Ready?
... wait for it ... nothing. Call it Cap 'n Trade, make people think it will help environment, knowing that in truth it will not cut back on global pollution, that it will ship manufacturing to other countries along with jobs. Tell people it doesn't tax them and will create jobs (I mean with all the money GS execs will be making they can higher more gophers to get them coffee and they will be going out in NYC to eat expensive meals and that will employ aspiring actors ... I mean waiters). Don't tax/charge people directly just tax companies, services and products the people cannot do without. When prices go up on those things blame the very companies that GS and US federal government are robbing with a pen (guns are so small time) and say it is their ... wait for it ... "selfish greed". Have system in place so the shares of nothing you are trading become more and more rare over time to ensure you get larger and larger pay outs and hope US public is to stupid to vote out every paid politician you had in your pocket to vote for it. Rememeber avoid and deflect, blame the other side. ... wait for it ... "the children". If person is using slashdot then mod them -1 TROLL.
Step 1: Buy Republicans
Step 2: Hedge investment and buy Democrats
Step 3: Create illusion that there is a difference between above to avoid discovery that you own both. Get people to vote for their party each election, one thing you don't want is for people catch on and vote against all incumbents which you are heavily invested into and who have been there long enough to feel comfortable bending rules or outright breaking law.
Step 4: Make money trading stocks, bonds and commodities using leverage from 1,2,3 and 5.
Step 5: If nobody to buy, have former GS executives run. See Corzine - D - NJ Governor and Paulson - R - Former Treasury Secretary.
Step 6: If GS fails to make money on step 4, get politicians to bail you out indirectly to avoid blame. For example get them to bailout your failing investment AIG, then have AIG kick you back the $20 billion you gave them. Sure take direct bailout money, but give it back should public try to regulate GS salaries or demand transparency.
Step 7: Act like you are better at making money because you are really really smart and it has nothing to do with the fact that you are in a position to change the rules. Look down on little people and small businesses trying to compete while playing by rules.
Step 8: As if making money trading actual items by influencing markets/politicians isn't profitable enough, kick it up a notch and make money trading
Step 9: If questioned or called out, act as if there is no way the person pointing out truth could possibly understand the complexities of the system and therefore and unqualified to comment. If person is in energy production label them greedy capitalistic ways". If somebody from any other sector of economy comes forward to detail insanity of scam, I mean legislation, label them a racist or proclaim they don't care about
Step 10: Goto Step 1.
Respect the Constitution