Goldman Sachs Trading Source Code In the Wild?

Hangtime writes "The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey, prior to his early June exit from Goldman, copied, encrypted and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history, which would later give him away to Goldman and the authorities. So the question is: where are the 32MB of encrypted files that Sergey uploaded to a German server?

Surely not?

[fuzzyfuzzyfungus]

I can't believe that Goldman's algorithmic trading code is more valuable than its list of root passwords to governments all over the world...

nationalism vs. anti-corporatism

[DoofusOfDeath]

It's funny... I normally find myself loathing companies like Goldman Sachs for hyper-selfish capitalism, finding ways to get rich at taxpayer expense, etc.

But then, when I see industrial espionage by Russians, Chinese, Israelis, etc. against those very same corporations, a sense of nationalist anger makes me forget my anti-corporatist anger. Somehow I completely fail to have a sense of schadenfreude for the corporations that I normally hate, and I don't know why.

Being human is strange.

Access controls anyone?

[jonnyj]

I can't read the original article so I might be inferring something incorrect. But who on earth though it was a good idea to give internet access to someone with access to valuable source code? Whatever happened to role based access restrictions?

Re:Even More Interesting

[eldavojohn]

It seems unlikely to me that any single person, or even small group of people, would have the capability to remove all copies of this code, binary and source, from the company's information infrastructure.

Ah, the double edged sword of secrecy. Keep the location of your secrets solitary so that you don't have to keep track of multiple copies. With every new location it is stored, the odds of corporate espionage double. Had they ascribed to keep it in one place, this would be all too possible. And let's face it, if you're shelling out $400k to one or two developers, you do checks on them and make sure they can handle the keys to the palace.

Is it possible that they have suspended use of this code because they fear that someone analyzing it could profit from the trades it would have made?

I had not thought of this, although I believe these transactions would be done on secure networks with insane encryption. Again, if you're shelling out $400k to a developer, you're probably laying fiber straight to the NYSE's servers from yours or at least including a level of encryption that is so high it would take the NSA days to decrypt it -- rendering the data worthless as it's public by then.

Still if they don't understand how it works, I could see them doing that. I could not, however, see them sacrificing a week's worth of trading for these fears without first researching them. Do you know how much money and customers that would cost them?

Re:Surely not?

[mysidia]

Passwords can be easily changed by any old sysadmin, with minimal damage, as long as the passwords are changed quickly, or remote access is locked out, the damage can easily be mitigated very rapidly.

Changing source code (to allay use of it by the thief to attack its owners, beat GS at their own game, or sell to competitors), is time-consuming, and requires the assistance of many software experts (programmers).

The damage can only be mitigated by shutting down the system, and waiting a long time for changes to get made, or for the software to get rewritten, to protect against evil third parties knowing the trading system's flaws.

Re:Surely not?

[Anonymous Coward]

Exactly. Analyzing the source code will tell you how Goldman Sachs trades its stuff. It's not valuable because it was so expensive to develop this stuff, it's expensive because it shows how they play the game with what kind of strategy, and the stakes of the game is extremely high. It's like knowing how your opponent plays poker when the stakes are on the magnitude of billions of dollars.

If the source code is in the wild, Goldman Sachs is forced to stop all related real-time trades, because their strategy is completely exposed, and once somebody exploits it, they will lose money really quickly. (Just imagine how many transactions they can make per second, and imagine every one of those transactions lose some money in average.) That means they get forced to leave the market until they develop a new trading system, or at least, re-develop their strategy. That costs a lot of money because they have to stop doing investments and leave the money some place safe.

Re:Surely not?

[A beautiful mind]

Excellent! If knowing the source code for _financial trading mechanisms_ allows for gaming the system, then it's a very good thing that the code was exposed. If anything, I'd expect banking code to resist outside intrusion.

Re:Access controls anyone?

[u38cg]

Possibly because in that position you need internet access to do your job.

What's the exit strategy?

[Sits]

If I were a rival to Goldman Sachs I would be terrified of someone offering me Goldman's source code. If I use it and Goldman find out then I'm in a world of trouble. If I use it but Goldman don't know for a bit AND the person who offered it knows I used it, then they can blackmail me. Even if I don't use it there could be expensive legal battles to prove my innocence ("Exhibit A shows the same loop variable counter is used in these two different source code bases." "?!"). How do I know it's not a trap? It would be like someone offering the secret of Coke to Pepsi - what do you expect Pepsi to do? Use the secret? What if they like their product more?

Obviously there must be another angle if this situation is true to drive someone to actually do it. I just can't figure it out at the moment.

Re:Surely not?

[dkleinsc]

Be fair: Goldman Sachs has way more control over government policies than a mere root password would give them. They don't just have root passwords, they have root passwords, physical access, and insider support.

Re:Non-story

[MadFarmAnimalz]

It will be largely useless without the slang and secdb components

If you didn't have a python/java/$LANGUAGE interpreter and no python/java/$LANGUAGE documentation you'd probably still be able to glean the logic and algorithms from the code. The trade secret is the algorithms not the computer instructions representing them.

Re:Surely not?

[WindowlessView]

I'm talking about knowing *precisely* how the code will react in given circumstances,

It's an advantage for sure, but maybe not a slam dunk. It's likely that those systems are highly parameter driven. Without knowing the values of whatever tables they have set up for the day/hour/minute your trades could get smacked pretty hard before figuring it out.

Re:Surely not?

[captainpanic]

The fact that one can compare the strategy in big business with poker shows clearly why I think we're all better off when this whole banking business is downscaled a bit.

While in the good old days the banking business was simply a place to store and borrow money, it has now become a mess so complicated that nobody really understands it anymore.

It can be interesting to see what happens next... although I also realize that this accident can cause some innocent people to lose their jobs.

Re:nationalism vs. anti-corporatism

[Gilmoure]

That us-and-them geographical, language or ethnicity identification is pretty weird. Try to cultivate the "scared bunny" / "everyone's out to get me" attitude and you won't feel sorry when a local coyote or mountain lion gets run over by a foreign truck.

The whole us/them left/right axis is just part of the circuses to distract the crowd. If you really want to see the us/them divide, it's the upper crust Kleptocrats against everyone else. We're all just cattle and cat food to them. The only way they can make the tens of thousands of dollars a minute they do is by harnessing the earning power of lots of ants and skimming off a bit of everyone else's productive power.

After WWII, the traditional pyramid shape of society (large number or poor, smaller number of middle class and very small number of upper class) changed towards more of a diamond shape. Ever since then, a lot of folks have been trying to revert that, driving down real wage gains while increasing productivity. All that benefit of efficiency has to go somewhere and it's not going down to the poor and it's not showing up in the paychecks of the works so it must be flowing up towards the top.

Re:nationalism vs. anti-corporatism

[dna_(c)(tm)(r)]

So basically you argue that:

• Citizens have to obey ethic rules
• Governments have to obey ethic rules
• Legislators have to obey ethic rules
• companies can do anything they like

Again, the solution isn't more government regulation (which also has loophoes), but less (none!).

Look at what happened to failed states [wikipedia.org] like Somalia and Sudan. Warlords. Pirates. Al-Qaeda.

Re:Surely not?

[demachina]

There is a pretty good expose [rollingstone.com] up on Rolling Stone describing the nefarious behavior of Goldman Sachs. They are in general what you expect out of Wall Street types, greedy and unscrupulous but very good at what they do. Unfortunately what they are good at is creating devastation in their wake so they can take home multimillion dollar bonuses every year, and completely controlling our government so they can get away with it.

Re:Surely not?

[bdenton42]

Depends on how their systems are organized and which root(s) you have. Having root to the source, build or test server doesn't necessarily mean you would be able to disrupt/modify trades on the production server. Even if you had root to the production server you may be able to disrupt/shutdown trades but modifying trades could require access to an Oracle server somewhere else. It all depends on if Goldman has any clue about system security.

Re:Surely not?

[sam0vi]

and once somebody exploits it, they will lose money really quickly.

Not necessarily. IANAE but they probably make money off the transactions, whoever makes them, and whoever profits from them. I think it would be analogous to obtaining the source code for the DowJones stock scoring system. DJ wouldn't be the first/most affected by it. Please correct me if i'm wrong.

Re:Access controls anyone?

[u38cg]

You can get away with that when you're the NSA, but I'd suggest that a typical quant is not going to play nicely with a policy like that. I would rather take the risk than scare away talent by running a shop on that basis. At the end of the day, the contents of that guy's head are worth more than the mere code he was working on.

Re:Rolling Stone alleges Goldman Sachs corrupts...

[EastCoastSurfer]

Goldman Sachs IS the US government. It was made perfectly clear when other investment banks were failing. When the sharks started circling GS, the government stepped in and shut it down.

Re:Surely not?

[nacturation]

Maybe Goldman is worried that if someone reviews the code, they might be able to discover that Goldman is gaming the system and the source code is just the smoking gun.

The system is a game. As long as Goldman operates within the rules, it's all fair play.

Re:Surely not?

[peter_gzowski]

I skimmed the Rolling Stone article, and it was difficult to find any specific evidence for what Taibbi is asserting. I have no doubt that Goldman is a huge behemoth that abuses its position to affect markets in a way that benefits itself at the expense of lower-tier investors, which makes it doubly dissapointing that Taibbi mounts such a weak attack. He chooses to fill his "expose" with invectives like [t]he world's most powerful investment bank is a great vampire squid wrapped around the face of humanity, relentlessly jamming its blood funnel into anything that smells like money. To prove this point, he simply lists the former Goldman employees which are now, or were, in positions of power. I find the Frontline documentaries on this topic to be much more rational and informing:

http://www.pbs.org/wgbh/pages/frontline/meltdown/view/ [pbs.org]
http://www.pbs.org/wgbh/pages/frontline/breakingthebank/view/ [pbs.org]

Re:Surely not?

[gstoddart]

Investment is different from speculation which is different from mere gambling.

The way investment and speculation have been handled over the last decade or so, it's really hard to see how it's different from mere gambling -- or, as the GP said, one big legalized ponzi scheme.

Back in the middle of the .COM era, if you had a web-site and a company name, your stock could trade at a value which would be 100 years income. Certainly Enron and lots of other examples tell us that the people who we're supposed to trust are doing not much more than kiting cheques on a grand scale.

The "Slashdot School of Finance" is a bunch of people who have been around long enough (and burned enough in some cases) to have a very cynical view that it really is a fairly shaky foundation with a lot of mumbo-jumbo even the so-called experts can't navigate. Many of us have had options, and been in the markets -- quite a few of us are probably fairly savvy about investments.

Things which are supposed to be investments are totally devalued because their value became tied up in all of those stupid asset-backed paper commodities or whatever they were. Modern "investment" strategy seems to be buy a high flyer, expect it to go up 15% year over year, and sell it before the price drops out so some other poor schlep is stuck with it when it becomes worthless -- which, is what the stock market has always been.

Other than sneering, and not actually making any points or stating any facts, why don't you tell us how the statement

The real problem is that stocks are a legalized ponzi sceheme and should be done away with entirely, it's basically a ponzi scheme through abstraction using machiens so you don't see the other people trying to fuck one another over for personal gain.

is inaccurate, and in what ways the markets are truly valid ways of doing business in which someone isn't trying to fuck over everyone else to get a piece of the pie? Because, quite frankly, I'm inclined to agree with the GP -- it's hard not to look at the state of the stock market and think it's not a big legalized Ponzi scheme.

Cheers

Re:Surely not?

[Anonymous Coward]

Wow, thanks for your comment. You know, I really feel a lot better now knowing there's someone else who misses the "good old days" too. Hey, by the way, would you happen to know anyone who would trade salt or yeast for squirrel pelts? I need a couple of loaves of bread, and I know this guy who will trade wool for squirrel pelts. I've got a friend of a friend who will trade corn for wool. Then I heard a rumor that there's a guy a few counties over who will trade the corn for wheat. Then I'm basically set. Well, except I still need salt, yeast, firewood, oh yeah, and a good oven might help. But it shouldn't be hard getting that stuff, right? Everyone loves squirrel pelts and fresh squirrel meat.

BTW, just because YOU don't have the first clue about economics and finance doesn't mean that there aren't plenty of others who do. I'm not going to try to sit here and defend the tons of stupid things that have been going on for the past 20 or 30 years, but lately it's been fashionable for people who know nothing about economics to spout off this bullshit about how we would be so much better without big banks and the stock market. Fact #1: Whenever someone's harkening back to the good old days it's never as good as they imagine. That's because of selective memory. It's all a bunch reactionary ranting because people's greed got the best of them and now they're hurt and afraid. Fear and greed.

I will say this, much of the problem stems from the fact that the economic landscape is formed by legislators who are usually lawyers, not economists, and therefore have little understanding of the financial implications of the laws they're passing. The fact that all kinds of strange economic incentives and disincentives result from bad legislation really has nothing to do with banks, stock markets, etc. When we elect unqualified legislators to office, or when we elect legislators for their social policies rather than their fiscal policies, we get what we deserve - a failed economy.

Re:Why should Goldman Sachs have an unfair advanta

[Anonymous Coward]

Why should Goldman Sachs be allowed to take money from people who don't have the same time or equipment?

If you can't afford to play, don't.

The bankers certainly knew there would be a crash.

[Futurepower(R)]

"The rolling stone article is conspiracy drivel..."

Thoughts:

1) The linked article is not the article published on paper in Rolling Stone, although confusingly it has the same name.

2) A Slashdot comment is not meant to be a complete discussion of anything. A Slashdot comment can alert you to the need to do further research.

3) The actual Rolling Stone article in the paper edition only says things that have been reported elsewhere.

4) The bankers certainly knew there would be a crash, and that they would profit from the crash, and that the crash would be very destructive to everyone else.

5) Matt Taibbi's article, The 52 Funniest Things About The Upcoming Death of The Pope [nypress.com] lacks any humor. It's just stupid. In number 26, he guesses that the pope lives, and he dies. The point of the article seems to be that the pope gets less respect now; a big difference from 50 years ago. But it's a terrible article.

6) What is important is not what someone said, but the facts.

GS secrets revealed on /. right here, right now

[jackspenn]

Listen I am going to drop a huge bombshell on how GS makes their money and it has nothing to do with source code or trading. Ready?

Step 1: Buy Republicans
Step 2: Hedge investment and buy Democrats
Step 3: Create illusion that there is a difference between above to avoid discovery that you own both. Get people to vote for their party each election, one thing you don't want is for people catch on and vote against all incumbents which you are heavily invested into and who have been there long enough to feel comfortable bending rules or outright breaking law.
Step 4: Make money trading stocks, bonds and commodities using leverage from 1,2,3 and 5.
Step 5: If nobody to buy, have former GS executives run. See Corzine - D - NJ Governor and Paulson - R - Former Treasury Secretary.
Step 6: If GS fails to make money on step 4, get politicians to bail you out indirectly to avoid blame. For example get them to bailout your failing investment AIG, then have AIG kick you back the $20 billion you gave them. Sure take direct bailout money, but give it back should public try to regulate GS salaries or demand transparency.
Step 7: Act like you are better at making money because you are really really smart and it has nothing to do with the fact that you are in a position to change the rules. Look down on little people and small businesses trying to compete while playing by rules.
Step 8: As if making money trading actual items by influencing markets/politicians isn't profitable enough, kick it up a notch and make money trading ... wait for it ... nothing. Call it Cap 'n Trade, make people think it will help environment, knowing that in truth it will not cut back on global pollution, that it will ship manufacturing to other countries along with jobs. Tell people it doesn't tax them and will create jobs (I mean with all the money GS execs will be making they can higher more gophers to get them coffee and they will be going out in NYC to eat expensive meals and that will employ aspiring actors ... I mean waiters). Don't tax/charge people directly just tax companies, services and products the people cannot do without. When prices go up on those things blame the very companies that GS and US federal government are robbing with a pen (guns are so small time) and say it is their ... wait for it ... "selfish greed". Have system in place so the shares of nothing you are trading become more and more rare over time to ensure you get larger and larger pay outs and hope US public is to stupid to vote out every paid politician you had in your pocket to vote for it. Rememeber avoid and deflect, blame the other side.
Step 9: If questioned or called out, act as if there is no way the person pointing out truth could possibly understand the complexities of the system and therefore and unqualified to comment. If person is in energy production label them greedy capitalistic ways". If somebody from any other sector of economy comes forward to detail insanity of scam, I mean legislation, label them a racist or proclaim they don't care about ... wait for it ... "the children". If person is using slashdot then mod them -1 TROLL.
Step 10: Goto Step 1.

Re:Surely not?

[lennier]

"If someone creates a model that predicts where the oil futures will go based on past performance in similar circumstances, you think that person should be required by law to reveal his model?"

Yes.

"Wouldn't that make it nearly impossible to make money in the stock market"

Yes. That would mean the stock market would be an *efficient market* and would do the job it's supposed to do: direct investment to sources of real value (long-term, planet-wide improvement in social conditions) rather than short-term Prisoner's Dilemma-style scams and ripoffs.

"and the only buying and selling would be people looking to begin investing in blue chips for the long haul"

YES. This would redirect the attention of the economy to solving the vitally important long-term problems of the world.

"thus reducing investment in companies"

No, only reducing investment in short-term rip-offs.

"thus reducing R&D, thus reducing innovation?"

No, it would expose the true sources of R&D investment, which remain what they've always actually been: groups like DARPA with funds and a long-term vision and commitment.

If your long-term R&D funding model is driven solely by expectation of short-term returns and REQUIRES obfuscation and deception between investors seeking self-interest rather than honest and transparent public dissemination of scientific knowledge, your society is already screwed no matter how you try to cut the cake.

Long-term, planetary scale R&D requires long-term, planetary scale wisdom and cooperation. There's no way around this. You can't boost the system by making individuals fight each other like starving rats in a fog of ignorance and think somehow that will generate good vibes of positivity and constructive progress. It won't.