Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Goldman Sachs Trading Source Code In the Wild?

ScuttleMonkey posted more than 5 years ago | from the bunny-ball-ball dept.

Businesses 324

Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?

cancel ×

324 comments

Sorry! There are no comments related to the filter you selected.

huh (2, Funny)

amnezick (1253408) | more than 5 years ago | (#28593153)

Oh look: now they check FBIs intel on LinkedIn to see if they got it right.

Operation mayhem? (1)

TapeCutter (624760) | more than 5 years ago | (#28593317)

"Oh look: now they check FBIs intel on LinkedIn to see if they got it right."

Aleynikov (pronounced Aley-nick-off) stole the code and Tyler Durden was all over the story a week ago.

Re:huh (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28593495)

Eric felt his scrotum contract in its latest desperate attempt to keep his testicles warm. This hospital, wherever it was, was damned drafty.

It didn't help that the nurses on his floor, who had been treating Eric like a complete bitch, liked to keep the air conditioning cranked up. Or was it just his room? He noticed they pulled their cardigans and sweaters around them only when they came to see him.

"Nurse! Nurse!" Eric shouted. "Excuse me, nurse?!"

Eric heard a chair creak, followed by footsteps coming down the hall. They were quick around here, one of the only good things Eric had yet noticed. Perhaps it was because of his celebrity status.

"Yes?" the nurse said, crossing her goose-pimpled arms.

"Nurse, it's damn cold in here," Eric said. "And I think my pain medication is wearing off. Can I have some more pills?"

Her beady eyes, set atop wrinkled, puffy cheeks, lasered him in his bed. This was the sixth time Eric had shouted for her since her shift began. She didn't know him well but she was definitely starting to hate him.

"Oh! And my urinal needs emptied!" Eric added.

The nurse pursed her lips and folded her arms without breaking eye contact, "get fucked" in body language.

Eric smiled a crooked, leering grin at her and winked in a bid to charm her into emptying his piss. The nurse wondered if he was about to have another seizure.

She picked up Eric's chart, flipped through it, and replaced it.

"Mr. Raymond," the nurse said, "you're not due for more pain medication for two more hours."

Eric's mustache, orange and drooping, twitched.

"Do you need your bandages looked at?"

Eric shifted in his bed, stiff and uncomfortable. He slowly, awkwardly, stretched his hospital gown down over his knees.

"Nooo, no, no I don't," Eric said. "My bandages are just fine."

"Fine then," the nurse said. "I'll get your urinal. Do you need anything else?"

Eric watched as the nurse lifted his urinal carefully off of his lunch tray. It was completely full1,000 cubic centimeters, one full quart of piss and mounding at the top.

The nurse stifled a gag as she slowly made her way into the restroom.

"This damn IV has me swimming!" Eric called after her with a quick laugh.

He heard her pouring his urine into the toilet and felt the urge to go again. It had been dark brown, viscous, and smelled to high heaven like sick wet bad meat. He really hoped whatever they had him on was working.

She returned from the restroom and replaced Eric's urinal.

"I'll be back when it's time for your medication," she said. "Dinner is in an hour."

With that she left until, she knew too well, the next time Eric grew bored or irritated.

Feeling as anxious as ever, Eric reached for billywig [catb.org] , his blueberry iBook [apple.com] , which had finally charged. He hit the start button and watched Yellow Dog Linux [fixstars.com] slowly crawl off of the hard drive into RAM.

Thank god this hospital had wifi. Thank god he had an Airport card in his iBook.

http://www.google.com/search?q=brown+piss [google.com]

"Nope."

http://www.google.com/search?q=my+piss+is+brown [google.com]

"Hmm Nope."

http://www.google.com/search?q=my+piss+is+brown+std [google.com]

"Nope."

http://www.google.com/search?q=my+piss+is+brown+and+smells+like+rotting+meat+std [google.com]

Eric was having no luck. The more he optimized his Google searches, he noted with alarm, the less relevant his search hits became.

foul smelling like decay meat and at times like grated yam. this odor ... and fifth day i see dirth brown dischargeAbnormal discharge from the nipple .... the air asking what that rotten meat smell was...and the consequent search ... So, my UA (urine analysis) came back abnormal

"Jesus Christ!" Eric muttered to himself as he squinted at his iBook's 12" screen. "I don't think I have anything coming out of my nipples!"

Making sure his iBook was steady, he gingerly squeezed his left pectoral.

"Nope."

Eric command-tabbed back to TextEdit [applicationstexteditapp] , where he was typing "RFI on brown piss that smells like rotting meat" to post to his blog [ibiblio.org] , when there was a knock at the door.

"Mr. Raymond?"

It was the nurse.

"There's someone here to see you."

Finally, company! A hacker mind like Eric's was not used to boredom. He needed plenty of Iranian hackers [trollaxor.com] to chat with, a cave full of LARP buddies, or, optimally, a Linux party [trollaxor.com] . Not the sanitation of lonely, well-lit hospital.

A second later the door opened again and in walked not Eric's LARP troop or Linux party, but something far less arousing: a New Jersey state police officer.

"Eric Raymond?" the officer asked. He was 6'2" and built like the Mack trucks he probably ticketed on a daily basis.

"Yes, sir, that's me, officer," Eric stammered. He hated being dominated.

"You're under arrest for lewd conduct, public indecency, and conspiracy to solicit," the officer said. The tone in his voice told Eric not to interrupt. "You have the right to remain silent. Anything you say"

Eric's mind wandered. He had to call his wife. She was his attorney and had dealt with this sort of thing before. He had to keep this quiet.

Eric decided then and there to be as cooperative as possible.

"Do you understand these rights, Mr. Raymond?"

"Yeah, sure," Eric said. "But I'd like to share info about the other party involved in this incident."

"Go ahead?" the officer said, not expecting Eric's offer.

"The other party," Eric said, "is a man named Emad, an Iranian hacker, quite possible in this country illegally. His email address is emad.opensores@gmail.com [mailto] and his AIM handle is iran2hax0rc0ck [aim] ."

"Any idea who the other parties involved were?" the trooper asked, taking his notepad out.

"Other parties? There were no other parties. Just Emad and I."

"Mr Raymond," the trooper said, "you were the victim of sexual assault last night."

Eric's left eye twitched. It was usually him, with his Glock and Jägermeister, in charge of the proceedings. Not the other way around. He felt so powerless.

"You'll be arraigned upon your release from the hospital. Do you understand that?"

"Sure," Eric said, "but why do you think there were other parties? It was just Emad and I the entire time."

"Mr. Raymond," the trooper said while replacing his notebook, "our crime lab extracted the DNA of two other people from your wounds."

Eric sweated, cold and salty, and his world spun. Who else had been there?

"Also," the trooper said, producing a plastic bag, "do you know what this is?"

He handed the object to Eric, who turned it back and forth. It reflected the room's lights weakly through the baggie.

"It's Ubuntu," Eric said softly.

"Ubuntu? What's that?" the trooper said.

"It's a Linux distribution," Eric said unhelpfully. "Where did you get it?"

Eric noticed the version number on the CD face as he passed it back to the trooper. 9.04Karmic Koala.

The trooper looked away before he spoke.

"The doctors removed it from deep inside your ass."

Re:huh (0)

Anonymous Coward | more than 5 years ago | (#28593587)

ror, +5 Informative

Surely not? (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28593155)

I can't believe that Goldman's algorithmic trading code is more valuable than its list of root passwords to governments all over the world...

Re:Surely not? (2, Informative)

McGiraf (196030) | more than 5 years ago | (#28593165)

A root password list is no source code...

Re:Surely not? (4, Funny)

Opportunist (166417) | more than 5 years ago | (#28593843)

No, but you know the old saying. Give a man source code and he'll review for a day. Give a man the right passwords and he'll review source code until he gets locked away.

Re:Surely not? (5, Interesting)

Richard_at_work (517087) | more than 5 years ago | (#28593211)

What if having the code allowed you to analyse it for ways to game the system? Knowing precisely how the system will react in certain circumstances could give you a serious leg up when attacking the system on the markets (trade limitations, trend spotting for error codes or edge cases et al).

This code could be worth significant amounts of money on the international fraud market.

Re:Surely not? (5, Insightful)

Anonymous Coward | more than 5 years ago | (#28593385)

Exactly. Analyzing the source code will tell you how Goldman Sachs trades its stuff. It's not valuable because it was so expensive to develop this stuff, it's expensive because it shows how they play the game with what kind of strategy, and the stakes of the game is extremely high. It's like knowing how your opponent plays poker when the stakes are on the magnitude of billions of dollars.

If the source code is in the wild, Goldman Sachs is forced to stop all related real-time trades, because their strategy is completely exposed, and once somebody exploits it, they will lose money really quickly. (Just imagine how many transactions they can make per second, and imagine every one of those transactions lose some money in average.) That means they get forced to leave the market until they develop a new trading system, or at least, re-develop their strategy. That costs a lot of money because they have to stop doing investments and leave the money some place safe.

What if? (1)

gbutler69 (910166) | more than 5 years ago | (#28593869)

What if this is all a ruse? What if the source code released isn't the real source? What if, when people start making trades based on it, they find that the advantage goes to GS because it was specifically designed and released to mislead?

Re:Surely not? (5, Insightful)

captainpanic (1173915) | more than 5 years ago | (#28593963)

The fact that one can compare the strategy in big business with poker shows clearly why I think we're all better off when this whole banking business is downscaled a bit.

While in the good old days the banking business was simply a place to store and borrow money, it has now become a mess so complicated that nobody really understands it anymore.

It can be interesting to see what happens next... although I also realize that this accident can cause some innocent people to lose their jobs.

Re:Surely not? (4, Insightful)

A beautiful mind (821714) | more than 5 years ago | (#28593387)

Excellent! If knowing the source code for _financial trading mechanisms_ allows for gaming the system, then it's a very good thing that the code was exposed. If anything, I'd expect banking code to resist outside intrusion.

Re:Surely not? (5, Interesting)

Richard_at_work (517087) | more than 5 years ago | (#28593459)

I'm not talking about exploits or bugs, I'm talking about knowing *precisely* how the code will react in given circumstances, *precisely* which edge cases are handled in code, *precisely* what results in an error state and how that error state is handled.

Knowing such things will allow you to tailor your fraudulant trades so as to not raise suspicion, or to make more money within a set amount of time. If you know precisely how far to push your actions, and then push no further, then you could continue with the same fraud for longer than you would otherwise without being discovered. If you know how often the trend analysis reports are run, and how they do what they do, then you can tailor your trades so as to not appear on those reports - just enough, no more.

All of which means you can make more money without being detected - and you haven't attacked the software itself, you haven't changed how the code works, you have stayed within the boundaries that the software creates. All because you knew *precisely* how the code works.

Re:Surely not? (3, Insightful)

WindowlessView (703773) | more than 5 years ago | (#28593779)

I'm talking about knowing *precisely* how the code will react in given circumstances,

It's an advantage for sure, but maybe not a slam dunk. It's likely that those systems are highly parameter driven. Without knowing the values of whatever tables they have set up for the day/hour/minute your trades could get smacked pretty hard before figuring it out.

as you suggest (1)

Presto Vivace (882157) | more than 5 years ago | (#28593851)

it would be the insider trading from hell.

Re:Surely not? (5, Funny)

192939495969798999 (58312) | more than 5 years ago | (#28593453)

Based on what the markets have been up to, I'd say this code has been out there and has been actively exploited for at least 18 months.

Re:Surely not? (1)

mcgrew (92797) | more than 5 years ago | (#28593985)

Well, SOMEBODY got rich off the economic meltdown.

Re:Surely not? (3, Interesting)

infolation (840436) | more than 5 years ago | (#28593529)

The online gambling industry analyzes the games made on their system against games played by known gambling software to identify players cheating.

Perhaps GS haven't immediately stopped real-time trading using their existing system because they're able to analyze trades made by other brokerages to identify patterns that would indicate whether their own trading system is being used by others.

Re:Surely not? (1)

funkatron (912521) | more than 5 years ago | (#28593605)

What if having the code allowed you to analyse it for ways to game the system?

Then you'd just be another trader in the market. The whole point is to game the system to your advantage

:

Re:Surely not? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28593727)

Maybe Goldman is worried that if someone reviews the code, they might be able to discover that Goldman is gaming the system and the source code is just the smoking gun.

Surely that would be a much bigger problem for Goldman Sachs than an individual or small groups trying (probably unsuccessfully) to game the market.

Re:Surely not? (1)

mcgrew (92797) | more than 5 years ago | (#28593943)

Someone already HAD the source code - the people who wrote it. It would have been just as easy for them to abuse it. If you want to talk to me about how ethical these people are, two words: Bernie Madhoff.

The code should be open source. That way nobody has an edge.

Re:Surely not? (0, Troll)

GigaHurtsMyRobot (1143329) | more than 5 years ago | (#28593231)

I'm trying to figure out the value in it at all, by itself or to another trading platform...

Re:Surely not? (2, Informative)

GigaHurtsMyRobot (1143329) | more than 5 years ago | (#28593265)

It would help if I RTFA:

The platform is one of the things that apparently gives Goldman a leg-up over the competition when it comes to rapid-fire trading of stocks and commodities. Federal authorities say the platform quickly processes rapid developments in the markets and uses top secret mathematical formulas to allow the firm to make highly-profitable automated trades.

--

sounds like cheating to me...

Cheating (2, Interesting)

hummassa (157160) | more than 5 years ago | (#28593451)

Down here in Brasil, there is an interesting card game called Truco ("trick me"/"triple up" portmanteau in Portuguese) -- every college student in my State plays it :-D One of the most interesting rules is: "you can cheat as long as nobody catches you in the act". The financial market is based exactly on the same rule.

Re:Cheating (0)

Anonymous Coward | more than 5 years ago | (#28593687)

Possibly the same game exists in the UK, simply known as "cheat". If someone accuses you of cheating i.e. picking up multiple cards when you haven't they are penalised. The core rules are very simple, so deciding to risk cheating or not (and developing the sleight of hand to do it) pretty much is the game.

Re:Cheating (1)

fmobus (831767) | more than 5 years ago | (#28593879)

The brazilian game mentioned by the GP is quite more complicated, and has some regional variations. But it is quite entertaining and somewhat hard to master. Wikipedia [wikipedia.org]

Re:Surely not? (0)

Anonymous Coward | more than 5 years ago | (#28593627)

So G&S were using a glider this whole time? fuckin noobs..

Re:Surely not? (4, Insightful)

mysidia (191772) | more than 5 years ago | (#28593377)

Passwords can be easily changed by any old sysadmin, with minimal damage, as long as the passwords are changed quickly, or remote access is locked out, the damage can easily be mitigated very rapidly.

Changing source code (to allay use of it by the thief to attack its owners, beat GS at their own game, or sell to competitors), is time-consuming, and requires the assistance of many software experts (programmers).

The damage can only be mitigated by shutting down the system, and waiting a long time for changes to get made, or for the software to get rewritten, to protect against evil third parties knowing the trading system's flaws.

Re:Surely not? (1)

Steauengeglase (512315) | more than 5 years ago | (#28593393)

This may end up being pretty damned interesting. GS has a long history of market manipulation from insider trading to installing plants in the media through subsidiaries who appear and disappear over-night to gaming IPOs to make sure the right people get a payday (ie. Yang and Yahoo). Though I wouldn't hold my breath, stacking the deck against suckers is generally "nothing to see here" issue.

Re:Surely not? (4, Insightful)

dkleinsc (563838) | more than 5 years ago | (#28593555)

Be fair: Goldman Sachs has way more control over government policies than a mere root password would give them. They don't just have root passwords, they have root passwords, physical access, and insider support.

Even More Interesting (5, Interesting)

eldavojohn (898314) | more than 5 years ago | (#28593163)

Even more interesting is in the second article that notifies us that Goldman Sachs has been removed from the NYSE 15 Most Active Members Firms Weekly Report. GS had been #1 the week before and now they're not even on it. These fifteen firms alone represent about 98% of all trades with the NYSE. So what happened?

The author mentions some things but gives no clear motivation for GS hiding their stats. I would speculate that if one of your developers copied your code and uploaded it to a server discretely, you could have that in your logs and not notice it for days or weeks. But if he then did something to your system to ensure his new employer's ownership of that code you wuold notice that pretty damn fast I imagine. Sergey Aleynikov sounds like a brilliant coder but maybe he's not so smart on legal issues, is it possible he completely hobbled GS to please his new employer? Are they keeping their transaction report hush hush so investers don't worry? Was Sergey Aleynikov thinking he could sell the code and the rights to the code? After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?

If GS remained #1, they would have left themselves on the list. I presume that something else related to this has gone wrong with their operation, the news just hasn't broke yet.

Re:Even More Interesting (1, Informative)

Anonymous Coward | more than 5 years ago | (#28593189)

A brilliant coder...

who's never heard of "history -c"???

Re:Even More Interesting (3, Interesting)

Ciaran Power (447593) | more than 5 years ago | (#28593321)

A brilliant coder...

who's never heard of "history -c"???

TFS says that his history file was backed up while he was Hacking The Gibson. He might have cleared his .history afterwards but presumably didn't know about/didn't have access to/didn't bother clearing the backup. TFA doesn't mention anything about his history btw, but slashdot wouldn't lie to me.

Re:Even More Interesting (2, Informative)

xaxa (988988) | more than 5 years ago | (#28593479)

unset HISTFILE and he (might) have been OK.

Re:Even More Interesting (5, Informative)

Anonymous Coward | more than 5 years ago | (#28593889)

unset HISTFILE and he (might) have been OK.

Not likely... since most financial institutions capture not only the commands, but the output to STDOUT/STDERR, and that is logged outside, upstream of the physical machine, using tools like PowerBroker, Sudoscript, and others.

I know, because I work for $LARGE_BANK, and we use it there. You can't just symlink ~/.bash_history to /dev/null, or unset HISTSIZE or any of that.. even the !shell trick out of vim doesn't help, because everything you type and everything it outputs, is logged where you can't wipe it out.

Re:Even More Interesting (1)

ammorais (1585589) | more than 5 years ago | (#28593325)

... the system backed up...

And backups to external servers. Did you ever heard about?

Re:Even More Interesting (3, Interesting)

Richard W.M. Jones (591125) | more than 5 years ago | (#28593485)

Seems more likely he was caught by auditing through the audit daemon [die.net] in Red Hat Enterprise Linux. It records both high level "actions" taken on the machine, and (in some cases) commands typed at the shell. Unless you have root (in some cases, even if you have root), it's hard to erase those logs.

Rich.

Re:Even More Interesting (0)

Anonymous Coward | more than 5 years ago | (#28593193)

Its a longshot, but maybe it has something to do with this:

http://forums.somethingawful.com/showthread.php?threadid=3159732&pagenumber=1

Re:Even More Interesting (3, Interesting)

dr.newton (648217) | more than 5 years ago | (#28593219)

It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

Re:Even More Interesting (4, Insightful)

eldavojohn (898314) | more than 5 years ago | (#28593301)

It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

Ah, the double edged sword of secrecy. Keep the location of your secrets solitary so that you don't have to keep track of multiple copies. With every new location it is stored, the odds of corporate espionage double. Had they ascribed to keep it in one place, this would be all too possible. And let's face it, if you're shelling out $400k to one or two developers, you do checks on them and make sure they can handle the keys to the palace.

Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption. Again, if you're shelling out $400k to a developer, you're probably laying fiber straight to the NYSE's servers from yours or at least including a level of encryption that is so high it would take the NSA days to decrypt it -- rendering the data worthless as it's public by then.

Still if they don't understand how it works, I could see them doing that. I could not, however, see them sacrificing a week's worth of trading for these fears without first researching them. Do you know how much money and customers that would cost them?

Re:Even More Interesting (1)

Arancaytar (966377) | more than 5 years ago | (#28593445)

including a level of encryption that is so high it would take the NSA days to decrypt it

Keep in mind that encryption, right now, can be strong enough to take millions of years to decrypt.

Re:Even More Interesting (2, Informative)

eldavojohn (898314) | more than 5 years ago | (#28593517)

including a level of encryption that is so high it would take the NSA days to decrypt it

Keep in mind that encryption, right now, can be strong enough to take millions of years to decrypt.

You, sir, are correct. Although, I must inquire that if you're making several thousand transactions a week and you're writing software to whereby the transaction frequency matters to you (probably down to the millisecond) do you have the time to waste in encrypting/decrypting this? I would imagine that while it would take millions of years to decrypt it would also take several seconds to encrypt. That's time they don't have.

Also, if you are doing transaction with foreign institutions or exchanges then you may incur the wrath of exporting a weapon and putting national security at risk by deploying your software overseas. I know that sounds stupid for me to say. But you see, ever since Phil Zimmerman's [philzimmermann.com] arrest and subsequent release (and even more subsequent celebration), people have been wary of crossing that line.

Re:Even More Interesting (1)

ground.zero.612 (1563557) | more than 5 years ago | (#28593881)

Citation needed.

I'm willing to put myself in cryostorage for millions of years to test this theory!

Re:Even More Interesting (4, Interesting)

morgan_greywolf (835522) | more than 5 years ago | (#28593591)

I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption.

Knowing the algorithms that Goldman Sachs uses to do realtime trades could possibly give you insider information you wouldn't have otherwise had. When doing realtime transactions, if you know the ORDER Goldman Sachs will use to do the transactions, for instance, you could buy certain stocks a minute or two before Goldman Sachs does...since the act of GS (or anyone) buying a stock will increase its trading price some, and you've just automatically made money and hurt GS at the same time.

This type of insider trading information will likely result in criminal prosecution by the SEC, however, so don't try this at home, kiddies.

Re:Even More Interesting (1)

MichaelSmith (789609) | more than 5 years ago | (#28593233)

After all, if he could remove all copies of the code from GS how could they take people to court over the code without a local copy to prove ownership?

I don't see how a developer could possibly do that. They must have backups all over the place. Certainly the BOFH could corrupt the backups, but Aleynikov isn't the BOFH.

Alternative theory....(and more probable) (3, Informative)

tacokill (531275) | more than 5 years ago | (#28593241)

...or, perhaps last week was a short trading week which cut into the already-low trading volume. Did you by chance compare the overall volume levels when you came up with your theory?

I am betting you didn't because if you had, you'd see that the volume last week was way lower than the norm.

More likely, lots of GS traders just took the week off and went on vacation.

Re:Alternative theory....(and more probable) (5, Informative)

Pixie_From_Hell (768789) | more than 5 years ago | (#28593625)

It's a good alternate theory, but you're a week off:

On the week ending June 19, Goldman, for instance, was ranked first on the NYSE program trading list. But on the week of June 22, Goldman mysteriously didnâ(TM)t appear on the list of the top 15 firms at all.

So unless the Fourth of July is celebrated in June, I think that's not the issue.

Of course, I'm not checking the volume of trading either, so there could be something to your theory. (Of course, if GS bailed out for a week, wouldn't that lower the volume significantly? Weren't they the number one traders?)

Re:Alternative theory....(and more probable) (1)

KillerBob (217953) | more than 5 years ago | (#28593907)

I think it's more likely that they pulled themselves from trading while they updated their code/algorithms.

If a malicious trader had their algorithms, he could know how the software would react in real time to his actions. It'd be fairly easy, from that point, to design a bot that could buy the right number of the right stock to trick GS' software into thinking that the stock is hot and buying large amounts of it. Buying large amounts of the stock would cause the price to rise, and then the bot can dump their stock at a profit.

In other words... having their source code out there made it possible to pump&dump them. That's fraudulent at best, and doesn't *really* hurt people when you're talking about a few hundred dollars worth of penny stock (never play stocks with money you can't afford to lose), but when you're talking about one of the biggest trading houses in the world, with a trading volume in the billions of dollars... that's a very bad thing.

Re:Even More Interesting (0)

Anonymous Coward | more than 5 years ago | (#28593305)

Uh, oh... their bollinger bands (or something nearly identical in principle [like rolling candles?]) broke!

It is not unheard of these algorithms [all of them!] to simply stop working one day---like majority of the naive ones did in ~2002 or so.

Also, ``most active trader'' list means very little these days, as only ~20-30% of the total volume goes through nyse.

Re:Even More Interesting (0)

Anonymous Coward | more than 5 years ago | (#28593697)

It is possible that the bank which aided the defrauding of the Mirror pensioners for million pound bonuses while the pathetic UK government stood by with its thumb up its arse might suffer some serious financial problems as a result of Aleynikov. Couldn't happen to a more deserving crowd.

Goldman Sachs... cockney rhyming slang for bunch of c**ts... or at least it should be.

nationalism vs. anti-corporatism (5, Insightful)

DoofusOfDeath (636671) | more than 5 years ago | (#28593195)

It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

But then, when I see industrial espionage by Russians, Chinese, Israelis, etc. against those very same corporations, a sense of nationalist anger makes me forget my anti-corporatist anger. Somehow I completely fail to have a sense of schadenfreude for the corporations that I normally hate, and I don't know why.

Being human is strange.

Re:nationalism vs. anti-corporatism (5, Interesting)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28593283)

That, my friend, is what having your self interest 0wn3d by your primate instincts feels like.

Don't worry, multinationals have no such weaknesses, and won't bat an eye when you are on the hook.

Re:nationalism vs. anti-corporatism (1)

Arancaytar (966377) | more than 5 years ago | (#28593487)

Unless TFA (didn't read) says Aleynikov was backed by a government, my guess is he was self-employed or being paid by a mafia organization. Look, it can be a Russian mafia if you want. Other than that, his surname isn't much evidence.

Re:nationalism vs. anti-corporatism (0)

Anonymous Coward | more than 5 years ago | (#28593537)

Unless TFA (didn't read) says Aleynikov was backed by a government, my guess is he was self-employed or being paid by a mafia organization.

Some would argue that the current government of Russia is a Mafia organization.

Re:nationalism vs. anti-corporatism (1, Informative)

Anonymous Coward | more than 5 years ago | (#28593835)

Some would argue that the current government of Russia is a Mafia organization.

"In Soviet Russia, government is the Mafia."

Poor Yakov. How could he have known he'd be the most bang-on political pundit of the next century?

Re:nationalism vs. anti-corporatism (1)

noidentity (188756) | more than 5 years ago | (#28593785)

It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

That's not due to capitalism, it's due to statism (having a government that goes way beyond its mandate). You can't fault companies for taking advantage of government perks, because if they don't, they can't compete in the marketplace. Again, the solution isn't more government regulation (which also has loophoes), but less (none!).

Re:nationalism vs. anti-corporatism (2, Interesting)

CrazyDuke (529195) | more than 5 years ago | (#28593855)

I damn sure can fault them when they are the architects of said perks. Last I checked [opensecrets.org] , Goldman Sachs "donates" quite heavily in DC.

Colour me surprised (5, Funny)

Antidamage (1506489) | more than 5 years ago | (#28593203)

Pure evil partnered with Linux?

I'm pretty sure that can't happen. I'm going to pray to Linus for guidance.

Re:Colour me surprised (5, Funny)

neomunk (913773) | more than 5 years ago | (#28593629)

Linux isn't GOOD by nature. It's not BAD either.

It's like The Force, you see. All around us, binding our processes behind the scenes in ways it takes an enlightened eye to perceive. There is always Linux prodding along the information swirls and eddies that make up our modern lives, unconcerned with the nature or usage of said information.

Windows is like The Force too, except I've never heard a Windows acolyte preach any path other than the quicker, easier, more seductive one...

Access controls anyone? (3, Insightful)

jonnyj (1011131) | more than 5 years ago | (#28593209)

I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?

Re:Access controls anyone? (2, Insightful)

u38cg (607297) | more than 5 years ago | (#28593493)

Possibly because in that position you need internet access to do your job.

Re:Access controls anyone? (2, Interesting)

jonnyj (1011131) | more than 5 years ago | (#28593793)

You don't need internet access that is in any way shared with your development work. Completely sandboxed internet access in a totally locked down thin client session might be OK, but you certainly don't need to be able to upload data to remote servers. If you think you do, you need to go and read up about segregation of duties.

But I don't expect you to agree. Your signature displays more about your attitude to the world than you perhaps realise.

Proving theft.. (5, Interesting)

MosesJones (55544) | more than 5 years ago | (#28593213)

Its hardly surprising that this sort of code is highly valuable but the challenge is surely going to be proving that it was actually stolen. If they have a bash history that doesn't include the IP addresses but just shows that he created a tar ball then where is the proof that he actually stole anything at all?

The original is of course still there, what he took is a copy, so you can't show something is missing.

They currently don't know where it has gone, so they can't prove that a copy was moved outside the firewall successfully

If he hasn't yet sold the stuff on they can't prove there was a financial benefit linked to the theft

So how will they prove beyond a reasonable doubt that some actual theft has gone on?

Its not like he has just lobbed it on Bit-torrent or posted it to Wikileaks. What he has done is taken a copy of the code, which means its Intellectual Property and copyright issues rather than "simple" theft and therefore they really need to prove (surely) that he has done something with the code.

Should be interesting to see how the police "generate" and prove the evidence on this one.

Re:Proving theft.. (3, Interesting)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28593319)

Whenever I run into a tough time proving a case, I fall back on due process of law [maglite.com] ...

Re:Proving theft.. (1)

japhering (564929) | more than 5 years ago | (#28593693)

So how will they prove beyond a reasonable doubt that some actual theft has gone on?

If GS has any brains, they don't go after him in criminal court they go after him in civil court, where the statndard is the preponderance of evidence and then attach anything any everything that in his name to pay off the billions of dollars they will get from the jury.

All the while waiting on the feds to figure out how to nail him in criminal court, after all international spying is federal jurisdiction

Re:Proving theft.. (0)

Anonymous Coward | more than 5 years ago | (#28593929)

You have clearly never worked on a leading financial companies' network before

No one will touch that code. (4, Funny)

Tei (520358) | more than 5 years ago | (#28593255)

Probably people that would do something similar, will never touch that code, for fear of be "tainted".

And anyway.. most code create new stuff that is worthy a patent. But not because most programmers are genius, but because the patent system is crap. No one sould care about what is on that code, because any professional can recreate the code anyway with the same features. There are not "sacred" code in this world. More the other stuff... Is really hard to make other people look at your code. The bussines type of guys dont want to look at your code. The users don't want to look at your code. Often, others programmers don't want to look at your code. Maybe is more valuable and interesting the features, and the documentation, the analysys of the problem, than the fucking source code. I do like to read source code, but I am one in a million (of programmers) and theres probably around 7 million programmers, so probably theres only another 7 dudes like me :-I

Re:No one will touch that code. (0)

Anonymous Coward | more than 5 years ago | (#28593549)

Come on,.... are you that slow, what do we care about using the code we want to find the holes and with the code it takes less time
1. get the code
2. find the hole
3. profit :)

Re:No one will touch that code. (1)

Snarf You (1285360) | more than 5 years ago | (#28593815)

I do like to read source code, but I am one in a million (of programmers) and theres probably around 7 million programmers, so probably theres only another 7 dudes like me :-I

Slight correction on the math: if there are 7 million programmers, and 1 in a million enjoy reading source code, there should be 7 total. You are one of them, thus there should be 6 other dudes like you.

And I am one of those 6.

The search is on for the other 5 dudes like us.

Non-story (5, Informative)

Anonymous Coward | more than 5 years ago | (#28593293)

GS's code for program trading is all written in a proprietary programming language called slang and relies on a proprietary database (secdb).

The install for that is a hell of a lot bigger than 32 MB, so this is probably just a few trading algorithms that a pissed-off developer has copied away.

It will be largely useless without the slang and secdb components and will be totally unsafe to trade off without a sufficient source of historic data and reference data, correctly formatted and loaded into secdb.

The idea that this leak is likely to be in any way materially damaging to GS is frankly a joke to anyone with even a passing knowledge of how these systems really operate.

But don't let that get in the way of your paranoia about how the world works.

Re:Non-story (3, Interesting)

Anonymous Coward | more than 5 years ago | (#28593363)

Well done, sir. I was thinking about just the same (slang/secdb).

Of course, it wont be easy to install the whole system and then put those bits of code he stole on it and run it. But it is entirely possible those algos were not his, but coming from some of the very important core modules. It can still carry a large value.

Re:Non-story (0)

Anonymous Coward | more than 5 years ago | (#28593433)

Dammit, put your tin foil hat back on. You're making us look bad.

The algorithm could be all the competitor needs to implement something similar on their own DB/trade application. I mean, I'm sure Bing would love to have some Google code, even if they don't implement it, just to try to 1 up it.

Re:Non-story (4, Insightful)

MadFarmAnimalz (460972) | more than 5 years ago | (#28593719)

It will be largely useless without the slang and secdb components

If you didn't have a python/java/$LANGUAGE interpreter and no python/java/$LANGUAGE documentation you'd probably still be able to glean the logic and algorithms from the code. The trade secret is the algorithms not the computer instructions representing them.

Re:Non-story (0)

Anonymous Coward | more than 5 years ago | (#28593753)

Oh, cool, another ex-strat weighing in. Seen MAF around recently?

We're talking about PT code here, and although they use the train code to talk to the secservs, the really important stuff isn't written in slang. And even if this is the slang bits, the code without the interpreter is cause enough for a Really Bad Day(tm).

Re:Non-story (4, Interesting)

anothy (83176) | more than 5 years ago | (#28593919)

i have a somewhat-better-than-passing knowledge of how these systems work. i'm very unconvinced by your explanation.

you seem to be assuming the intent would be to out-compete Goldman by re-implementing this system, perhaps with some changes/optimizations. for that, sure, you'd need the rest of the environment. but a good understanding of the algorithm and implementation could be obtained without the rest of the environment (like i can read C# code and extract the algorithms without having the rest of the environment). that seems like it would be enough to game Goldman's system (which is a sizable part of the system overall).

note that i am not asserting that this is a catastrophe for Goldman, just that your explanation isn't convincing. i will, however, agree with a previous poster that Goldman's sudden absence from NYSE's 15 most active members [nyse.com] , rather than being #1 as they had for a good while, is very suspicious.

"codes"? (1)

zarkill (1100367) | more than 5 years ago | (#28593395)

The article keeps referring to what was stolen as "codes". Does that mean "source code" or are they talking about some kind of access codes or authentication keys or something, like the way people call their bank PIN their "secret code" ?

Re:"codes"? (1)

rudy_wayne (414635) | more than 5 years ago | (#28593757)

The article keeps referring to what was stolen as "codes". Does that mean "source code" or are they talking about some kind of access codes

I noticed that too. Nowhere in the article does it actually say "source code". It just says things like:

"being held on federal charges of stealing top-secret computer trading codes"
"the codes Sergey Aleynikov tried to steal"
"Federal authorities allege the computer codes and related-trading files that Aleynikov uploaded"

Of course, the guy writing this article may not even know wat source code is.

The code is worthless (4, Funny)

lxs (131946) | more than 5 years ago | (#28593417)

Without the login codes to https://www.illuminati-hq.org/financialserver/tomorrows-stockprices.php [illuminati-hq.org]

Re:The code is worthless (1)

jeffasselin (566598) | more than 5 years ago | (#28593689)

"Server not found"

I'm probably not on the cabal's DNS servers.

Re:The code is worthless (0)

Anonymous Coward | more than 5 years ago | (#28593841)

That's an old link. The Illuminati have merged with Bilderberg [bilderberg.org] . Ignore all the conspiracy theory shit. That's just to make you think you're not on the real Bilderberg site.

No, it belongs to the U.S. people (1)

elrous0 (869638) | more than 5 years ago | (#28593419)

Considering that they got about $13 billion of our taxpayer money as part of the AIG bailout, I'd say that software belongs in part to us too.

Re:No, it belongs to the U.S. people (1)

cathars1s (974609) | more than 5 years ago | (#28593639)

They were forced to take the money by the Fed and they tried to repay it within days because they didn't want the ex post facto strings attached.

From the summary: (5, Funny)

Anonymous Coward | more than 5 years ago | (#28593429)

"The world's most valuable source code could be in the wild."

Duke Nukem Forever? Oh joy.

Re:From the summary: (0)

Anonymous Coward | more than 5 years ago | (#28593729)

No, the source engine!!!!!

What's the exit strategy? (5, Insightful)

Sits (117492) | more than 5 years ago | (#28593531)

If I were a rival to Goldman Sachs I would be terrified of someone offering me Goldman's source code. If I use it and Goldman find out then I'm in a world of trouble. If I use it but Goldman don't know for a bit AND the person who offered it knows I used it, then they can blackmail me. Even if I don't use it there could be expensive legal battles to prove my innocence ("Exhibit A shows the same loop variable counter is used in these two different source code bases." "?!"). How do I know it's not a trap? It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do? Use the secret? What if they like their product more?

Obviously there must be another angle if this situation is true to drive someone to actually do it. I just can't figure it out at the moment.

Re:What's the exit strategy? (0)

Anonymous Coward | more than 5 years ago | (#28593817)

It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do?

That sort of happened [foxnews.com] , and yes Pepsi did immediately inform Coca-Cola.

Re:What's the exit strategy? (1)

The_mad_linguist (1019680) | more than 5 years ago | (#28593827)

Actually, Pepsi and Coke know each other's formulas. Have since the early nineteen hundreds. There's nothing really secret about the formula, it's just that people who prefer one to the other are already entrenched with marketing, and there isn't any incentive to switch brands on something that is exactly identical. As long as they've got slightly different tastes, they don't have to get into a price war.

Oh, and the KFC "secret blend of eleven herbs and spices"? All marketing. All that they really use is flour, salt, and MSG.

Re:What's the exit strategy? (4, Informative)

zarkill (1100367) | more than 5 years ago | (#28593897)

It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do?

that very thing happened a few years ago - http://news.bbc.co.uk/2/hi/business/5152740.stm [bbc.co.uk]

pepsi declined the offer and reported it as a theft of trade secrets.

GS Runs Linux. (0)

Anonymous Coward | more than 5 years ago | (#28593553)

Just notice the sentence with the word bash. I'm sure Goldman Sachs runs Linux. Take that M$! You are your .NET, C# stinking attitude!

Their source code is useless (4, Interesting)

bartwol (117819) | more than 5 years ago | (#28593571)

I worked for a financial services company that had similar types of systems. The legal department and security people were always concerned about people stealing our source code.

But their fears were unfounded. Why? Because the source code is highly customized code that not only implements thoroughly non-standards-based algorithms, but is also tightly coupled to underlying hardware/software platforms (and the non-standardized APIs of their peer systems). The result: you can't run it anywhere but on the infrastructure of the company for which it was built. Sure, you could pull out a subroutine here or there. But overall, it's pretty worthless stuff.

Humorously, we had a large, difficult, multi-year project to port our code to a newer hardware platform (same O.S. and language tools). I joked that we should post all our source code on the web for free unencumbered download, and if somebody could get it to run on the newer (or any other) platform, we could pay them $2 million for their effort and still come out way ahead in the deal. Everybody laughed and agreed that that would be a dream come true.

Re:Their source code is useless (2, Interesting)

anothy (83176) | more than 5 years ago | (#28593981)

you're only looking at reputable players here. sure, BofA won't touch GS's code, for a host of very good reasons like those you describe. but for someone looking to game GS's system, being able to run the code is totally unimportant: just reading it could likely be enough to extract exploitable characteristics.

Looks like he skipped the Unix classes (1)

Enleth (947766) | more than 5 years ago | (#28593575)

$ sftp && kill -9 `/sbin/pidof `/bin/basename $SHELL``

Unless the shell is modified to append commands to the history file *before* executing them (as far as I know, no shell does that out of the box), or the system is hardened (exec() logging etc.), this will take care of any history logs.

Re:Looks like he skipped the Unix classes (1)

daid303 (843777) | more than 5 years ago | (#28593641)

$ rm ~/.bash_history && ln -s /dev/null ~/.bash_history
Works for all commands, forever.

Re:Looks like he skipped the Unix classes (2, Informative)

Enleth (947766) | more than 5 years ago | (#28593771)

But it's an instant giveaway that something sleazy is going on. Every automated security auditing tool checks for that and every sysadmin worth his salary knows this "trick".

Re:Looks like he skipped the Unix classes (0)

Anonymous Coward | more than 5 years ago | (#28593805)

HISTSIZE=0

Instant private shell session.

Re:Looks like he skipped the Unix classes (0)

Anonymous Coward | more than 5 years ago | (#28593995)

The FBI article points to bash history as a piece of evidence.

It doesn't say if anything else was used internally to find the breach which also would have recorded, oh I don't know, keystroke history. That seems like something that is shell history" and "can't delete" (if kept off server) and something that the probably wouldn't want to leak out as well.

So the question, where are the 32MB of encrypted f (3, Funny)

ChoboMog (917656) | more than 5 years ago | (#28593811)

So the question, where are the 32MB of encrypted files that Sergey uploaded to a German server?

Rapidshare?

"Project Mayhem" Alternate Ending? (1)

tunapez (1161697) | more than 5 years ago | (#28593837)

Anyone notice the 2nd article's author's name? Wouldn't it be nice if this bit of info exposed the market manipulations that led us down the road of $124 barrel oil? Tyler Durden eat your heart out, maybe Robin Hood will save the day!

sigh...that shit only happens in the movies.

Information wants to be free! (4, Funny)

jollyreaper (513215) | more than 5 years ago | (#28593911)

I think it's wonderful that the code has been reintroduced to the wild. Looks like their captive breeding program has been quite a success!

We'll save so much money by hiring Russian coders (1)

TheGrapeApe (833505) | more than 5 years ago | (#28593977)

Flashback to a meeting with a bunch of douchebag MBAs 4 years ago at Goldman Sachs:

MBA Dbag 1: "We'll save so much money by moving these coding jobs overseas to Russia! American coders are getting too expensive!"

MBA Dbag2: "I don't see any drawbacks. Let's do it. As long as they can't outsource us playing phonetag and having meetings with each other all day, right?"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>