Programmer steals Wall Street trading code, FBI alleges
Sources confirm Sergey Aleynikov worked at Goldman Sachs
Computerworld - A high-level developer for Goldman Sachs was arrested by the FBI Friday and charged with stealing computer code that automates the firm's high-volume trading on stock and commodities markets, according to court documents and sources close to the case.
The Reuters news service, which broke the story yesterday, tied the developer, Sergey Aleynikov, to Goldman Sachs, where he was allegedly a vice president of equity strategy.
Today, sources with knowledge of the case confirmed that Aleynikov had worked for Goldman Sachs for the last two years, and allegedly tried to steal code from the company.
In the days before his June 5 resignation from Goldman Sachs, Aleynikov copied, encrypted and transferred approximately 32MB of proprietary code to a server located in Germany, the FBI claimed in the complaint filed July 4 by Special Agent Michael McSwain, a member of the agency's securities fraud squad.
Aleynikov resigned to take a job with a new company "that intended to engage in high-volume automated trading," for triple his $400,000 salary, the complaint said.
McSwain spelled out four data transfers from Aleynikov's workstation -- both locally and remotely -- on June 1, June 4 and June 5, then tied the dates and times to Aleynikov's use of his keycard to access the office, or logging in remotely from his home computer.
Aleynikov tried to cover his tracks, alleged McSwain. "The program used to encrypt the files was then erased," the FBI agent swore in the complaint. "An attempt was also made to erase the bash history, which was unsuccessful, because of a feature of the Financial Institution's computer system that retains a back-up copy of each user's bash history."
A "bash history" is a log of the most-recently-executed commands by a user on a Unix-based operating system.
The FBI arrested Aleynikov late Friday night at the Newark Airport, and charged him with theft of trade secrets and transporting stolen property.
The complaint said that Aleynikov had made a statement after his arrest, admitting that he had copied and encrypted files from his company's servers, then transferred them to the remote server, deleted the encryption software and attempted to erase the bash history. "Aleynikov claimed, however, that he only intended to collect 'open source' files on which he had worked, but later realized that he had obtained more files than he had intended," McSwain said.
Before sources confirmed that Aleynikov worked for Goldman Sachs, Reuters had used facts in the FBI's complaint to match a LinkedIn profile for someone named "Serge Aleynikov," including his May 2007 start date and the description of his job. In the complaint, for example, McSwain said Aleynikov worked as a computer programmer on a platform that "allows the Financial Institution to engage in sophisticated, high-speed, and high-volume trades on various stocks and commodities markets."
In the LinkedIn profile, meanwhile, Aleynikov notes his position with Goldman Sachs and says he "lead development of a distributed real-time co-located high-frequency trading (HFT) platform" at the firm.
As of 2:30 p.m. ET Monday, Aleynikov was still being held in federal custody, pending bail. A Saturday hearing had set bail at $750,000, and placed both travel restrictions and computer access limitations on him assuming he posts a bond. A spokeswoman for the U.S. Attorney in the Southern District of New York declined to comment further on the case.
Goldman Sachs also declined to comment today.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Practice Management: Double Billing Rate and Improve Patient Services
- Would you like to double your billing rate and achieve faster payment for services?
Download this customer success story to see how One Health... - Mission Critical Data Explosion and Customer Case Study
- Would you like to double your tier 1 storage capacity while simultaneously reducing your storage footprint?
Download this customer success story to see how... - Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
- Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
- Database Activity Monitoring Is Evolving
- Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.
- Establishing a Strategy for Database Security is No Longer Optional
- The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three... All Cybercrime and Hacking White Papers
- Distributed Database Security with Real-time Monitoring
- View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
- InfoSphere Warehouse Packs Demo
- These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
- Delivery Management -- Extending Lifecycle Management
- Date: Wednesday, June 20, 2012, 1:00 PM EDT
Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,... - Leverage automation today to reduce IT complexity
- Date: Tuesday, June 5, 2012, 2:00 PM EDT
Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific... - Redefine Expectations in the Data Center
- Need to do more with less? Watch this video to learn how HP ProLiant Gen8 servers can help your business deploy servers three... All Cybercrime and Hacking Webcasts