Arrest of Ex-Goldman Sachs VP for Alleged Code Theft Shows Vigilance, Not Laxity, Experts Say
July 8, 2009
The fact that a former Goldman Sachs vice president was arrested for allegedly copying the banking firm’s proprietary trading codes potentially worth “many millions of dollars of profits per year,” according to court documents, could be a sign of vigilance, rather than laxity, on Goldman’s part, two security experts said this week.
The fact that Goldman may have identified a data breach and potential theft of intellectual property is “a tribute to the fact that Goldman Sachs has its act together when it comes to monitoring outbound email,” Mike Rothman, an executive with eIQnetworks, an Acton, Mass.-based security technology company that works with financial service firms. At many firms, the employee leaves and only after the employee starts using the intellectual property elsewhere does the firm realize the loss and starts to investigate.
In this case, Goldman Sachs declined to provide any specific information about how it had come to its conclusions about the activities of Sergey Aleynikov, a former Goldman Sachs vice president for equity strategy and computer programmer, whose arrest on July 3 was first reported by the Reuters news service. One industry executive familiar with the matter, however, did say the firm detected the data theft through its regular monitoring of emails and promptly notified the proper authorities – in this case, the FBI.
Aleynikov was charged with theft of Goldman trade secrets, transporting them abroad – specifically to a server located in Germany -- and then to his home computer, a laptop and a memory device . He was arrested upon returning from his first few days on the job at Teza Technologies llc, a Chicago-based, high frequency trading firm founded by a former trader at hedge fund Citadel Investment Group llc.
What is surprising, experts noted, is that the firm may have actually caught someone in the act of stealing proprietary information, before it was put to use. The experts said that this is the exception, not the rule, and a testament – potentially -- to the firm’s vigilance in monitoring employee activities and traffic on its computer communication networks.
Alan D. Grody, president of the New York-based a risk management consultancy Financial InterGroup and a former professor of risk management at NYU’s Stern School of Business, said that theft of intellectual property and computer codes is “something that is probably common place at many firms; We know this because there are pronouncements daily about organizations trying to get their arms around data security issues. After all, it is easy to walk out with a code book under your arm and through the door in the form of a paper document.’’
Also not difficult is to walk out with digital information, in one’s pocket.
“It’s easy to copy proprietary code, particularly if you have access to the source code on a regular basis through your job,” said Rothman. “Employees can copy and store an awful lot of stuff on a personal iPod or iPhone or on any kind of thumb drive or on any kind of personal device that gets hooked up to a company network. You can even go to an electronics store and get 8 to 10 gigabytes of storage for less than $100. Let’s just say that it’s very easy to bring a significant amount of storage to the office for a very low price and that gives employees the ability to steal information.”
