Goldman Sachs Software Theft: When Employees Go Greedy
Office Space this is not. Some companies may not enforce confidentiality agreements, but not finanicial giant Goldman Sachs.
Some employees give employers good reason to monitor and copy whatever is done on their computers, especially where propietary software is being used to make the company truckloads of money.
Take the case of Sergey Aleynikov, a former high-ranking Goldman Sachs programmer accused of copying and stealing propietary trading software, sending it home and to some computers in Germany. The FBI nabbed Aleynikov at the Newark, NJ airport and have charged him with trade-secret theft. Aleynikov is now at out on $750,000 bail, according to Reuters.
From the eWEEK Security Watch blog:
On June 5, Goldman Sachs reportedly recovered a record of a series of commands entered in Aleynikov's desktop. According to the affidavit, among them was a script that was run that apparently copied, compressed and merged files containing code for the platform and some of its associated programs. After the script was run, the copied files were encrypted, renamed and uploaded to the Website. The program used to encrypt the files attempted to erase the desktop's bash history, but was unsuccessful because Goldman Sachs' computer system retained a copy...
The FBI affidavit says Aleynikov admitted to copying, encrypting and uploading the data, as well as copying it later to his home computer, laptop and a portable memory device. He claims he did so however only to collect open-source files on which he had worked, but later realized he had taken more than he needed. He denied distributing any proprietary software.
Aleynikov had left Goldman Sachs to take a job that was apparently tripling his already- lucrative salary of $400,000 a year. Hard to believe that he was only copying the open source aspects of the software and just happened to take most of the propietary parts too. Regardless, he should have known that copying and sending any part of it externally would cause such an uproar, especially in the financial world where the security is tight already.
Security expert Bruce Schneier told the NY Times: "This is an example of a system of detection and response working."
What hasn't been proven yet is whether the stolen goods were sold or distributed to anyone, but what is at stake here is pretty big. Some experts say this software may be difficult to use in the U.S, but has potential to be used by parts of the world less prone to obey U.S. law.
"It is certainly possible that if you knew what the big guys were doing you could anticipate it and make money." He said that if a rival bank in the United States had been approached to buy the software, it would most likely have called the police, but a seller might have had better luck abroad.
"It is worth a lot less in the U.S. than you might think, but in countries that are more lawless it could have value," he said.
Because of cases like this, more and more companies are bound to get much more protective of their assets, including things you may see as pieces of innocuous technology that you worked on. In this case, it was not innocuous.
There is a reason your company is monitoring what you do. Whether it's to make a buck or try and take what you think is yours, remember that you don't always own what you do and someone may enforce the protection of that work.