NEW YORK (Reuters) - The purported theft of a Goldman Sachs (GS.N) trading platform threatens to cost it millions of dollars, a prosecutor told a court, but so far the bank has not reported damage to its business.
Questions were raised about the security of proprietary trading systems at a court hearing on July 4 for a former Goldman computer programer arrested on a charge of stealing the information, which was copied to a server in Germany.
If the stolen information, or trading code, is allowed to go to a competitor who can start trading with it, “the bank itself stands lose its entire investment in creating this software to begin with, which is millions upon millions of dollars,” warned U.S. prosecutor Joseph Facciponte, according to a transcript of Saturday’s proceeding.
He added that because of the way this software interfaces with the various markets and exchanges, the bank has warned it could be used to “manipulate markets in unfair ways.”
The FBI in New York said on Tuesday that measures had been taken to prevent code being sent from the server in Germany.
“Working through our assistant legal attache in Frankfurt and with the authorities in Germany, the FBI has taken steps to ensure that the appropriated code was not distributed,” FBI spokesman Jim Margolin said.
Sergey Aleynikov, 39, who left Goldman on June 5 for a Chicago firm and was arrested last Friday night, gave consent to the FBI to visit his home in Little Falls, New Jersey, over the weekend and remove all of his personal computers, according to court documents.
They show that Aleynikov, a father of three and a dual national of the United States and Russia, told the FBI he was cooperating because “I did not think I was doing anything wrong” when he downloaded copies to his personal computer, laptop and to a flash drive.
He told investigators that Goldman Sachs knew he worked on the program from home and said nothing about it previously, according to the court record.
Aleynikov said he had no intention of selling the information or breaking his employment agreement. Aleynikov was arrested at Newark Liberty airport in New Jersey on a flight from Chicago on July 3.
On Monday, he was released on $750,000 bail, restricted to New York and New Jersey and ordered to surrender travel documents.
Goldman Sachs has declined to comment on the case. A source familiar with the situation said on Monday that the bank had seen no impact on clients or business.
According to the transcript, Aleynikov’s lawyer, Sabrina Shroff, argued in court that “the server happens to be in Germany is not known to anybody, nor was it a deliberate attempt because when you see a URL you don’t know where the server is.”
She told U.S. magistrate judge Kevin Fox that ”if Goldman Sachs cannot possibly protect this kind of proprietary information that the government wants you to think is worth the entire United States market, one has to question how they plan to accommodate any other breach.
“I think the market is at risk no matter what then. It’s not necessarily attributable to my client’s actions,” Shroff said.
A former Goldman technical employee said in an email to Reuters the issue was “a big deal” to most companies, not just Goldman, the biggest and most profitable securities firm until it became a bank last September in the financial crisis.
“Goldman is one of the few companies that protects its data and assets. A lot of companies don’t pay attention to it,” said the former employee, who asked not to be identified for professional reasons.
The prosecutor Facciponte said in court that the copy on a German server could have been disseminated already.
He said the platform was sent out on June 5, Aleynikov’s last day at Goldman Sachs.
“We at this time do not know who has access to it and what’s going to happen to that software,” Facciponte told the magistrate judge.
“My understanding from the financial institution is that they do not believe that any steps they can take would mitigate the danger of this program being released,” he told the court.
But he also said only someone with Aleynikov’s user name and password could gain access to the server.
On Tuesday the office of the U.S. attorney in Manhattan cited the public record and declined additional comment.
Additional reporting by Steve Eder and Elinor Comlay; Editing by Steve Orlofsky