Former Goldman Sachs Employee Accused of Stealing Code

In another example of insider threats, the FBI nabbed a former software designer for Goldman Sachs and is accusing him of downloading proprietary software and sending the data to a Web server in Germany.

Sergey Aleynikov, 39, of North Caldwell, N.J., was arrested by agents at Newark Liberty International Airport July 3 and charged with trade-secret theft as he attempted to board a plane to Chicago.

According to an FBI affidavit, (PDF) the former programmer was employed by Goldman Sachs for a little over two years, starting in May 2007. At some point prior to June, he notified the company that he planned to leave on or about June 5 to work for a company engaged in high-volume automated trading that was willing to triple his salary. At the time, he was making roughly $400,000 a year.

In the past few weeks, officials at Goldman Sachs began monitoring uploads of large amounts of data from their computer system via HTTPS. As a result of that review, the company reportedly learned that the work desktop of Aleynikov had been used on at least four occasions to transfer about 32MB of data through HTTPS to an external Website. As a result, the company launched an internal investigation of the uploads.

On June 5, Goldman Sachs reportedly recovered a record of a series of commands entered in Aleynikov’s desktop. According to the affidavit, among them was a script that was run that apparently copied, compressed and merged files containing code for the platform and some of its associated programs. After the script was run, the copied files were encrypted, renamed and uploaded to the Website. The program used to encrypt the files attempted to erase the desktop’s bash history, but was unsuccessful because Goldman Sachs’ computer system retained a copy.

Bash history is the most recent series of commands executed by a user of the Unix-based operating system Goldman Sachs uses to edit and maintain code related to the platform.

The FBI affidavit says Aleynikov admitted to copying, encrypting and uploading the data, as well as copying it later to his home computer, laptop and a portable memory device. He claims he did so however only to collect open-source files on which he had worked, but later realized he had taken more than he needed. He denied distributing any proprietary software.

Whether or not he is criminally guilty or innocent however, the incident underscores the importance of keeping tabs on activity by employees.