Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wall Street IT Engineer Hacks Employer To See If He'll Be Fired (bleepingcomputer.com)

Posted by EditorDavid on from the that's-what-they-all-say dept.

An anonymous reader writes: A Wall Street engineer was arrested for planting credentials-logging malware on his company's servers. According to an FBI affidavit, the engineer used these credentials to log into fellow employees' accounts. The engineer claims he did so only because he heard rumors of an acquisition and wanted to make sure he wouldn't be let go. In reality, the employee did look at archived email inboxes, but he also stole encryption keys needed to access the protected source code of his employer's trading platform and trading algorithms.

Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code. The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.

8 of 198 comments (clear)

  1. Idiot. by YukariHirai · · Score: 5, Interesting

    It didn't seem to occur to him that if he hacked them, it would make the answer to the question of "will he be fired?" a very definite "yes".

    Of course, that's if we take his claims at face value; he was clearly looking to get a lot of other stuff, and that's the best excuse he could find. But he's still an idiot for thinking he wouldn't get caught and admitting in an email that he did it.

  2. What about the last guy... by __aaclcg7560 · · Score: 4, Interesting

    Meanwhile, the last guy who stole code from Wall Street, Sergey Aleynikov, who inspired the book, "Flash Boys: A Wall Street Revolt" by Michael Lewis, is still in the legal system after eight year.

    http://nypost.com/2017/02/23/ex-goldman-programmer-appeals-court-conviction/

  3. @Sergey Aleynikov by Anonymous Coward · · Score: 4, Interesting

    "Aleynikov worked as a programmer for Goldman’s high-frequency trading operation until 2009, when he left to take a similar job at a Chicago firm, Teza Technologies....Aleynikov made a copy of the bank’s source code. Goldman complained to the FBI, which arrested Aleynikov at Newark airport.....Aleynikov doesn’t dispute he took the code, but claims he wanted to study it. His lawyer says that he didn’t break any criminal laws, and the matter should be a civil dispute."

    Sort of reminds me of a certain Uber employee who took 19000 documents from Google on their self driving car, and insists he never read them and in no way have they been used by Uber, which bought his 'skills' when they aquired his self driving company.

    Once upon of time this was corporate espionage, now it seems to be common place.

  4. Re:Wow. by mysidia · · Score: 4, Interesting

    No, he didn't. He had some credentials, both his own and some stolen. Nothing was "hacked".

    It wasn't hacking. It was abuse of privileges. The crime would be possible attempts to falsify access logs (By rerouting through backup system and fraudulently using a co-worker's account) and expropriate proprietary company information.

  5. Re:Now he'll have a job. by Opportunist · · Score: 3, Interesting

    At least the outcome will be far more useful to the average person.

    And less damaging, too.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. Re:Rookie by Anonymous Coward · · Score: 2, Interesting

    > Likely KCGs algorithms are better at tracking insider trading than the SECs hence the desperate need for secrecy

    You think you're kidding. I've actually seen spam filters tuned to detect outgoing "insider information" for review before letting the mail pass. The critical email they were filtering was actually about criminal activity, so it made extra sense to keep it secret. The filter tools were kept on a *very* locked down system, the nature of the inappropriate content was never disclosed in the alert messages, and the backup of the filters was kept in a separate vault with an auto-destruct on it.

    I was shocked, amused, and impressed all at the same time.

  7. Fear by luis_a_espinal · · Score: 3, Interesting

    Wall Street IT Engineer Hacks Employer To See If He'll Be Fired

    What is it with people in this industry who fear getting laid off (or fired, which is distinct)? You should expect a turnover every 4-5 years and plan accordingly. Unless you live in the middle of nowhere where employers are scarce (NYC certainly does not fit that label), all you need to do is brush up your skills, be proactive and cultivate a professional network to survive turn-overs.

    If you are passive and lackadaisical with your career, however, I can see why you'd shit bricks every so often enough to think hacking your employer this way is a good idea :/

    1. Re:Fear by HornWumpus · · Score: 4, Interesting

      HR checks typically have _nothing_ to do with competence.

      The best employees come in via the 'side door', bypassing HR. Those people usually know enough other people that they are the quickest to get hired, bypassing the HR morons saves time.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'