Donate for the Cryptome archive of files from June 1996 to the present

14 April 2014. Part 2: 

2014-0582.htm  Goldman Sachs Steals Open Source, Jails Coder 2  April 14, 2014

11 April 2014

Goldman Sachs Steals Open Source, Jails Coder

US master spy Clapper says spies steal open source, then immediately claims ownership and classifies it, and prosecutes if the material is disclosed, like Goldman Sachs.

Flash Boys: A Wall Street Revolt, Lewis, Michael. 2014. W. W. Norton & Company. pp. 141-149.

After a few months working on the forty-second floor at One New York Plaza, Serge came to the conclusion that the best thing they could do with Goldman’s high-frequency trading platform was to scrap it and build a new one from scratch. His bosses weren’t interested. “The business model of Goldman Sachs was, if there is an opportunity to make money right away, let’s do that,” he says. “But if there was something long-term, they weren’t that interested.” Something would change in the stock market— an exchange would introduce a new, complicated rule, for instance— and that change would create an immediate opportunity to make money. “They’d want to do it immediately,” says Serge. “But if you think about it, it’s just patching the existing system constantly. The existing code base becomes an elephant that’s difficult to maintain.”

That is how he spent the vast majority of his two years at Goldman, patching the elephant. For their patching material he and the other Goldman programmers resorted, every day, to open source software—software developed by collectives of programmers and made freely available on the Internet. The tools and components they used were not specifically designed for financial markets, but they could be adapted to repair Goldman’s plumbing. He discovered, to his surprise, that Goldman had a one-way relationship with open source. They took huge amounts of free software off the Web, but they did not return it after he had modified it, even when his modifications were very slight and of general, rather than financial, use. “Once I took some open source components, repackaged them to come up with a component that was not even used at Goldman Sachs,” he says. “It was basically a way to make two computers look like one, so if one went down the other could jump in and perform the task.” He’d created a neat way for one computer to behave as the stand-in for another. He described the pleasure of his innovation this way: “It created something out of chaos. When you create something out of chaos, essentially , you reduce the entropy in the world.” He went to his boss, a fellow named Adam Schlesinger, and asked if he could release it back into open source, as was his inclination. “He said it was now Goldman’s property,” recalls Serge. “He was quite tense.” Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was okay to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Adam Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property . (Later, at his trial, his lawyer flashed two pages of computer code: the original, with its open source license on top, and a replica, with the open source license stripped off and replaced by the Goldman Sachs license.)

The funny thing was that Serge actually liked Adam Schles-inger, and most of the other people he worked with at Goldman. He liked less the environment the firm created for them to work in. “Everyone lived for the year-end number,” he said. “You get satisfied when the bonus is sizable and you get not satisfied when the number is not. Everything there is very possessive .” It made no sense to him the way people were paid individually for achievements that were essentially collective achievements. “It was quite competitive. Everyone’s trying to show how good their individual contribution to the team is. Because the team doesn’t get the bonus, the individual does.”

More to the point, he felt that the environment Goldman created for its employees did not encourage good programming, because good programming required collaboration. “Essentially there was very minimal connections between people,” he says. “In telecom you usually have some synergies between people. Meetings when people exchange ideas. They aren’t under stress in the same way. At Goldman it was always, ‘Some component is broken and we’re losing money because of it. Fix it now .’ ” The programmers assigned to fix the code sat in cubicles and hardly spoke to one another. “When two people wanted to talk they wouldn’t just do it out on the floor,” says Serge. “They would go to one of the offices around the floor and close the door. I never had that experience in telecom or academia.”

By the time the financial crisis hit, Serge had a reputation of which he himself was unaware: He was known to corporate recruiters outside Goldman as the best programmer in the firm. “ There were twenty guys on Wall Street who could do what Serge could do,” says a headhunter who recruits often for high-frequency trading firms. “And he was one of the best, if not the best.” Goldman also had a reputation in the market for programming talent— for keeping its programmers in the dark about their value to the firm’s trading activities. The programmer types were different from the trader types. The trader types were far more alive to the bigger picture, to their context. They knew their worth in the marketplace down to the last penny. They understood the connection between what they did and how much money was made , and they were good at exaggerating the importance of the link. Serge wasn’t like that. He was a little-picture person, a narrow problem solver. “I think he didn’t know his own value,” says the recruiter. “He compensated for being narrow by being good. He was that good.”

Given his character and his situation , it’s hardly surprising that the market kept finding Serge Aleynikov and telling him what he was worth, rather than the other way around. A few months into his new job, headhunters were calling him every other week. A year into his new job, he had an offer from UBS, the Swiss bank, and a promise to bump up his salary to $ 400,000 a year. Serge didn’t particularly want to leave Goldman Sachs just to go and work at another big Wall Street firm, and so when Goldman offered to match the offer, he stayed. But in early 2009 he had another call, with a very different kind of offer: to create a trading platform from scratch for a new hedge fund run by Misha Malyshev.

The prospect of creating a new platform, rather than constantly patching an old one, excited him. Plus Malyshev was willing to pay him more than a million dollars a year to do it, and he suggested that they might even open an office for Serge near his home in New Jersey. Serge accepted the job offer and then told Goldman he was leaving. “When I put in the resignation letter,” he said , “everyone comes to me one by one. The common perception was that if they had the right opportunity to quit Goldman they would do that in no time.” Several hinted to him how much they would like to join him at his new firm. His bosses asked him what they could do to persuade him to stay. “They were trying to pursue me into this monetary discussion,” says Serge. “I told them it wasn’t the money . It was the chance to build a new system from the ground up.” He missed his telecom work environment. “Whereas at IDT I was really seeing the results of my work , here you had this monstrous system and you are patching it right and left. No one is giving you the whole picture. I had a feeling no one at Goldman really knows how it works as a whole, and they are just uncomfortable admitting that.”

He agreed to hang around for six weeks and teach other Goldman people everything he knew, so that they could continue to find and fix the broken bands in their gigantic rubber ball. Four times in the course of that last month he mailed himself source code he was working on. The files contained a lot of open source code he had worked with, and modified, over the past two years, mingled with code that wasn’t open source but was obviously proprietary to Goldman Sachs. He hoped to disentangle one from the other in case he needed to remind himself how he had done what he had done with the open source code; he might need to do it again. He sent these files the same way he had sent himself files nearly every week since his first month on the job at Goldman. “No one had ever said a word to me about it,” he says. He pulled up his browser and typed into it the words : “free subversion repository.” Up popped a list of places that stored code for free and in a convenient fashion. He clicked the first link on the list. To find a place to send the code took about eight seconds . And then he did what he had always done since he’d first started programming computers: He deleted his bash history— the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password . If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system.

It wasn’t an entirely innocent act. “I knew that they wouldn’t be happy about it,” he said, because he knew their attitude was that anything that happened to be on Goldman’s servers was the wholly owned property of Goldman Sachs— even when Serge himself had taken that code from open source . When asked how he felt when he did it, he says, “It felt like speeding. Speeding in the car.”

FOR MUCH OF the flight from Chicago he’d slept. Leaving the plane, he noticed three men in dark suits waiting in the alcove of the Jetway reserved for baby strollers and wheelchairs. They confirmed his identity, explained that they were from the FBI, handcuffed him, searched his pockets, removed his backpack, told him to remain calm, and then walled him off from the other passengers . This last act was no great feat. Serge was six feet tall but weighed roughly 140 pounds: To hide him you needed only to turn him sideways. He resisted none of these actions, but he was genuinely bewildered. The men in black refused to tell him his crime. He tried to guess it. His first guess was that they’d gotten him mixed up with some other Sergey Aleynikov. Next it occurred to him that his new employer, Misha Malyshev , then being sued by Citadel, might have done something shady. Wrong on both counts. It wasn’t until the plane had emptied and they’d escorted him into Newark Airport that they told him his crime: stealing computer code owned by Goldman Sachs.

The agent in charge of the case, Michael McSwain, was new to law enforcement. Oddly enough, he’d spent twelve years, until 2007, working as a currency trader on the Chicago Mercantile Exchange. He and others like him had been put out of business by Serge and people like him— or, more exactly, by the computers that had replaced the traders on the floors of every U.S. exchange. It wasn’t an accident that McSwain’s career on Wall Street ended the same year that Serge’s began.

McSwain marched Serge into a black town car and drove him to the FBI building in lower Manhattan. After making a show of stashing his gun , McSwain led him into a tiny interrogation room, handcuffed him to a rod on the wall, and , finally, read him his Miranda rights. Then he explained what he knew, or thought he knew: In April 2009 Serge had accepted a job at a new high-frequency trading shop, Teza Technologies, but had remained at Goldman for the next six weeks. Between early April and June 5, when Serge left Goldman for good, he sent himself, through the so-called subversion repository, 32 megabytes of source code from Goldman’s high-frequency stock trading system . McSwain clearly found it damning that the website Serge used was called a subversion repository, and that it was in Germany. He also seemed to think it significant that Serge had used a site not blocked by Goldman Sachs, even after Serge tried to explain to him that Goldman did not block any sites used by its programmers but merely blocked its employees from porn sites and social media sites and suchlike. Finally, the FBI agent wanted him to admit that he had erased his bash history. Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. “The way he did it seemed nefarious,” the FBI agent would later testify.

All of which was true, as far as it went, but, to Serge, that didn’t seem very far. “I thought it was like, crazy, really,” he says. “He was stringing these computer terms together in ways that made no sense. He didn’t seem to know anything about high-frequency trading or source code.” For instance, Serge had no idea where the subversion repository was physically located. It was just a place on the Internet used by developers to store the code they were working on. “The whole point of the Internet is to abstract the physical location of the server from its logical address,” he said. To Serge, McSwain sounded like a man repeating phrases that he’d heard from others but that to him actually meant nothing. “There is a game in Russia called Broken Phone,” he said— a variation on the American game Telephone . “It felt like he was playing that.”

What Serge did not yet know was that Goldman had discovered his downloads— of what appeared to be the code they used for their proprietary high-speed stock market trading— just a few days earlier, even though Serge had sent himself the first batch of code months ago. They’d called the FBI in haste and had put McSwain through what amounted to a crash course in high-frequency trading and computer programming. McSwain later conceded that he didn’t seek out independent expert advice to study the code Serge Aleynikov had taken, or seek to find out why he might have taken it. “I relied on statements from Goldman employees,” he said. He had no idea himself of the value of the stolen code (“ representatives from Goldman told me it was worth a lot of money”), or if any of it was actually all that special (“ representatives of Goldman Sachs told us there were trade secrets in the code”). The agent noted that the Goldman files were on both the personal computer and the thumb drive that he’d taken from Serge at Newark Airport, but he failed to note that the files remained unopened. (If they were so important, why hadn’t Serge looked at them in the month since he’d left Goldman?) The FBI’s investigation before the arrest consisted of Goldman explaining some extremely complicated stuff to McSwain that he admitted he did not fully understand —but trusted that Goldman did. Forty-eight hours after Goldman called the FBI, McSwain arrested Serge. Thus the only Goldman Sachs employee arrested by the FBI in the aftermath of a financial crisis Goldman had done so much to fuel was the employee Goldman asked the FBI to arrest.

On the night of his arrest, Serge waived his right to call a lawyer. He called his wife, told her what had happened, and said that a bunch of FBI agents were on the way to their home to seize their computers, and to please let them in, although they had no search warrant. Then he sat down and politely tried to clear up the confusion of this FBI agent who had arrested him without an arrest warrant. “How could he figure out if this was a theft if he didn’t understand what was taken?” he recalls having asked himself. What he’d done, in his view, was trivial; what he stood accused of— violating both the Economic Espionage Act and the National Stolen Property Act— did not sound trivial at all. Still, he thought that if the agent understood how computers and the high-frequency trading business actually worked, he’d apologize and drop the case. “The reason I was explaining it to him was to show that there was nothing there,” he said. “He was completely not interested in the content of what I am saying. He just kept saying to me, ‘If you tell me everything, I’ll talk to the judge and he’ll go easy on you.’ It appeared they had a very strong bias from the very beginning. They had goals they wanted to fulfill. One was to obtain an immediate confession.”

The chief obstacle to the FBI’s ability to extract his confession, oddly, wasn’t Serge’s willingness to provide it but its own agent’s ignorance of the behavior to which Serge was attempting to confess. “In the written statement he was making some very obvious mistakes, computer terms and so on,” recalled Serge. “I was saying, ‘You know, this is not correct.’ ” Serge patiently walked the agent through his actions. At 1: 43 in the morning on July 4, after five hours of discussion, McSwain sent a giddy one-line email to the U.S. Attorney’s office: “Holy crap he signed a confession.”

Two minutes later, he dispatched Serge to a cell in the Metropolitan Detention Center. The prosecutor, Assistant U.S. Attorney Joseph Facciponti, argued that Serge Aleynikov should be denied bail. The Russian computer programmer had in his possession computer code that could be used “to manipulate markets in unfair ways.” The confession Serge had signed, scarred by phrases crossed out and rewritten by the FBI agent, later would be presented by prosecutors to a jury as the work of a thief who was being cautious, even tricky, with his words. “That’s not what happened,” said Serge. “The document was being crafted by someone with no previous expertise in the matter.”

Sergey Aleynikov’s signed confession was the last anyone heard from him, at least directly. He declined to speak to reporters or testify at his trial. He had a halting manner , a funny accent, a beard, and a physique that looked as if it had been painted by El Greco: In a lineup of people chosen randomly from the streets, he was the guy most likely to be identified as the Russian spy, or a character from the original episodes of Star Trek. In technical discussions he had a tendency to speak with extreme precision, which was great when he was dealing with fellow experts but mind-numbing to a lay audience. In the court of U.S. public opinion, he wasn’t well suited to defend himself, and so, on the advice of his attorney, he didn’t. He kept his long silence even after he was sentenced, without the possibility of parole, to eight years in a federal prison.