Goldman Sachs – Pilloried for Doing Things Right
File this one under the heading “No Good Security Deed Goes Unpunished.” This week, the Wall Street Journal reported on a former Vice President at Goldman Sachs who was arrested by the FBI for allegedly stealing source code from his former employer. You’ll find a detailed description of the circumstances and possible impacts by Tyler Durden on the Zero Hedge web site.
If all the allegations are true, Sergey, who managed a software development group in the program trading business for the Goldman Sachs, apparently decided to steal some of the software that makes it work. Whether this is Goldman’s “magic sauce” for trading or not, is beside the point right now. Here’s what I can see from the recent media reports:
Sergey worked for Goldman in their VP of Equity Strategy, according to information uncovered by Zero Hedge. According to the affidavit sworn out against him, Sergey downloaded 32 MB of source code from his company, within 5 days of leaving for another firm. BTW, the other firm was apparently willing to triple his salary for making the move. About a month later, he was arrested while returning from Europe and charged with stealing the software.
To a computer security guy, this would say that Goldman Sachs had a program in place to detect and report unauthorized transfers of certain software components. This is a good thing, right? Moreover, the response team was good enough to identify a potential theft and run it through channels until an arrest warrant had been prepared and served by the FBI. All of this happened in less than a month. That’s great security work. How many other firms would have been able to find and track this kind of event at all?
Unfortunately, other reports have focused on many of the possible negatives for Goldman. That’s too bad. This was a classic bit of investigative and response work at a major financial institution and it may have prevented important software from falling into the wrong hands. If nothing else, it has sent a great message to everyone who develops software at the firm. The message is, “We will protect your intellectual investment in our success.” My advice is to gut it out while the world gets used to a company who will protect all assets. So my hat’s off to Goldman Sachs. Hopefully, after all the legal wrangling is over, they can tell us how they did it.
Jim Molini, CISSP, CSSLP
