July 7 (Bloomberg) — Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said.
Sergey Aleynikov, a 39-year-old ex-Goldman Sachs computer programmer, was arrested July 3 after arriving at Liberty International Airport in Newark, New Jersey, U.S. officials said. Aleynikov, a citizen of America and Russia who joined the bank in 2007, is charged in a criminal complaint with stealing thetrading software. Teza Technologies LLC, a Chicago-based firm co-founded by a former Citadel Investment Group LLC trader, said it suspended Aleynikov, who started there on July 2.
What a pity! A russian programmer has walked away with a top Trading Software that is the backbone of Goldman Sachs! I want to tell the CEO of Goldman – YOUR IT Security Sucks!!
What are those IT Auditors and Security Pros doing at GS? Sucking thier thumbs?
Read this:
“If Goldman Sachs cannot possibly protect this kind of proprietary information that the government wants you to think is worth the entire United States market, one has to question how they plan to accommodate every other breach,” Defense lawyer said. Very sensible question indeed!
How can a Rusky Mathematics Geek carry the top secret Code – just like that – download in to his laptop & walk out? Why some of the very basic security controls are not in place at Goldman?
What is the Impact?
Reverse Engineering
The more sophisticated market makers — and Goldman is one of them — spend significant amounts of money developing software that’s extremely fast and can analyze different execution strategies so they can be the first one to make a decision.
1. Someone could use the code “to implement the same strategies and maybe on certain stocks they can be faster and, in effect, take away money that would normally be Goldman’s,”
2. The second thing that they can do is actually analyze the code so that they know what Goldman’s going to do before Goldman does it and kind of reverse-engineer Goldman’s strategies and make money basically at the expense of Goldman.
Wake-Up Call’
“This is a wake-up call to all financial institutions to review their security systems, not just with respect to trading codes, but with respect to all proprietary information,” said Pitt, now chief executive officer of consulting firm Kalorama Partners LLC in Washington.
Read the full Bloomberg story here:
http://www.bloomberg.com/apps/news?pid=newsarchive&sid=a3HBMf4CN6ok
July 7 (Bloomberg) — Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said.
Sergey Aleynikov, a 39-year-old ex-Goldman Sachs computer programmer, was arrested July 3 after arriving at Liberty International Airport in Newark, New Jersey, U.S. officials said. Aleynikov, a citizen of America and Russia who joined the bank in 2007, is charged in a criminal complaint with stealing thetrading software. Teza Technologies LLC, a Chicago-based firm co-founded by a former Citadel Investment Group LLC trader, said it suspended Aleynikov, who started there on July 2.
At a court appearance July 4 in Manhattan, Assistant U.S. Attorney Joseph Facciponti told a federal judge that Aleynikov’s alleged theft — the largest breach at Goldman Sachs — poses a risk to U.S. markets. Aleynikov transferred the code, worth millions of dollars, to a computer server in Germany, and others may have had access to it, Facciponti said, adding that New York-basedGoldman Sachs may be harmed if the software is disseminated.
“The bank has raised the possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways,” Facciponti said, according to a recording of the hearing made public yesterday. “The copy in Germany is still out there, and we at this time do not know who else has access to it.”
Rapid-Fire Trading
About 28 percent of the shares traded in the U.S. during the fourth quarter were handled by automated brokerages using algorithms to generate rapid-fire trading strategies, according to estimates from NYSE Euronext, the world’s largest operator of stock exchanges. That’s up from 17 percent a year earlier, and almost three times larger than the portion of volume generated by individual investors, according to NYSE Euronext.
Goldman Sachs stands to lose if its trading technology leaks out, Facciponti told the judge.
“Once it is out there, anybody will be able to use this, and their market share will be adversely affected,” he said.
Michael DuVally, a spokesman for Goldman in New York, declined to comment. A person close to the bank said yesterday that the alleged theft wouldn’t hurt its business or customers.
The proprietary code lets the firm do “sophisticated, high-speed and high-volume trades on various stock and commodities markets,” prosecutors said in court papers. The trades generate “many millions of dollars” each year.
‘Preposterous’
Goldman Sachs’s computerized systems have helped the firm extract more revenue from trading equities than its Wall Street competitors. The current and former chief executives of the New York Stock Exchange, Duncan Niederauerand John Thain, both worked at the bank before joining the stock exchange.
The equities business produced $2 billion of revenue for Goldman in the first three months of this year, down 20 percent from the first quarter of 2008, the company reported in April. Second-quarter results are scheduled to be reported next week.
By comparison, Morgan Stanley made $900 million in revenue from equities in the first quarter; JPMorgan Chase & Co. generated $1.8 billion; and Citigroup Inc. reaped $1.9 billion, according to company reports.
Aleynikov’s attorney, Sabrina Shroff, said in court that the government’s allegations are “preposterous.” The firm was aware that Aleynikov, who is the father of three young girls, was downloading programs to his personal computer to work at home and hasn’t disseminated the code, the lawyer said.
Moscow Mathematics
“If Goldman Sachs cannot possibly protect this kind of proprietary information that the government wants you to think is worth the entire United States market, one has to question how they plan to accommodate every other breach,” she said.
U.S. Magistrate Judge Mark Fox ordered Aleynikov, a onetime student of applied mathematics in Moscow who earned $400,000 a year at Goldman, to be held on $750,000 bail, after prosecutors claimed he posed a threat to the community. He posted bail yesterday and was released. Aleynikov planned to earn three times his salary by joining an unidentified startup company and engaging in high-volume automated trading, prosecutors said.
Aleynikov didn’t speak at the hearing, except to say that he understood the conditions of his bail.
Teza Technologies, co-founded by former Citadel trader Misha Malyshev, said in an e-mailed statement that it first learned of the alleged theft on July 5 and suspended Aleynikov without pay following an investigation.
Malyshev’s Teza
The firm, named for a river in western Russia, “was not aware of the alleged misconduct” and offered to cooperate with the government, according to the statement. Teza said Aleynikov passed background checks before he was hired and indicated he wasn’t violating anyone’s intellectual property rights.
Before he left Citadel in February, Malyshev oversaw high- frequency trading at the fund, which is run by Kenneth Griffin.
Teza described itself as a “formative” firm that is neither trading nor investing. The company said its co-founders also include Jace Kohlmeier and Matt Hinerfeld. Teza Technologies is listed in Illinois state records as a unit of Teza Group LLC.
U.S. investigators haven’t gathered any evidence showing that Teza insiders knew of Aleynikov’s alleged theft, according to a person with knowledge of the matter. James Margolin, a spokesman for the FBI’s New York Office, said the investigation is continuing.
“Someone stealing that code is basically stealing the way that Goldman Sachs makes money in the equity marketplace,” said Larry Tabb, founder of TABB Group, a financial-market research and advisory firm.
Reverse Engineering
“The more sophisticated market makers — and Goldman is one of them — spend significant amounts of money developing software that’s extremely fast and can analyze different execution strategies so they can be the first one to make a decision,” Tabb said.
Someone could use the code “to implement the same strategies and maybe on certain stocks they can be faster and, in effect, take away money that would normally be Goldman’s,” Tabb said in a phone interview. “The second thing that they can do is actually analyze the code so that they know what Goldman’s going to do before Goldman does it and kind of reverse-engineer Goldman’s strategies and make money basically at the expense of Goldman.”
Harvey Pitt, former chairman of the U.S. Securities and Exchange Commission, said proprietary electronic data poses significant risks for all financial firms.
‘Wake-Up Call’
“This is a wake-up call to all financial institutions to review their security systems, not just with respect to trading codes, but with respect to all proprietary information,” said Pitt, now chief executive officer of consulting firm Kalorama Partners LLC in Washington.
Goldman appeared to have taken some steps to prevent the theft of its code, Pitt said. “The real question is whether, in light of this outrageous conduct on the part of one of its employees, it should have taken more steps.”
Aleynikov spent four hours with a Federal Bureau of Investigation agent after his July 3 arrest, Shroff said. He told the agent that he’d done nothing wrong, authorized prosecutors to seize his personal computers, and said he hadn’t known the server he was using was in Germany, she said.
Only 32 of 1,024 megabits of the software code were transferred, Shroff said.
“It is not disseminated,” she said of the code.
Facciponti said at the hearing that Aleynikov could disseminate the code “in 10 minutes” using a cell phone.
German Link
Once the government obtains access to the German server, prosecutors will see if Aleynikov transferred other confidential data as well, he said. It’s logical to conclude that Aleynikov planned to use the code at his new company, the prosecutor said.
“This is the most substantial theft that the bank can remember ever happening to it, in the sense the entire platform has been taken from it,” Facciponti said. “There has been no breaches anywhere on this magnitude at the bank.”
Aleynikov worked at Goldman from 2007 until June, the government said in the complaint. He was part of a team of workers responsible for improving the computer platform. His alleged transfer of computer codes ran from June 1 to June 5, according to prosecutors.
Aleynikov studied applied mathematics at the Moscow Institute of Transportation Engineering before transferring to Rutgers University, where he received a bachelor’s degree in computer science in 1993 and a master’s of science degree, specializing in medical image processing and neural networks, in 1996, according to his profile on the social-networking site LinkedIn.
From IDT to Goldman
Before joining Goldman Sachs, he worked for about eight years at IDT Corp., the U.S. vendor of prepaid calling cards, where he led the team responsible for developing routing systems, according to the profile.
His profile on LinkedIn describes him as a vice president in equity strategy at Goldman Sachs and includes two recommendations from colleagues at the firm.
Goldman was the world’s biggest and most profitable securities firm until it converted to a bank in September following the bankruptcy of smaller rival Lehman Brothers Holdings Inc. Goldman earned $2.3 billion last year, down from a record $11.6 billion in 2007, as market turmoil caused it to report a fourth-quarter loss, its first in a decade as a public company.
Goldman fell $3.92 today, or 2.7 percent, to $142.54 in New York Stock Exchange composite trading.
The case is U.S. v. Aleynikov, U.S. District Court, Southern District of New York (Manhattan).
To contact the reporters on this story: David Glovin in New York federal court at dglovin@bloomberg.net; Christine Harper in New York atcharper@bloomberg.net; Saijel Kishan in New York atskishan@bloomberg.net.
Last Updated: July 7, 2009 17:35 EDT
Vaman on IT Security 