The Aleynikov Affair: From Newark with Code
In D.C. last week, I spoke to a group of data security specialists and computer forensic experts about the type of case I see most frequently. Unlike most in the audience, I work in civil litigation and see little of the child porn, identity theft and hacking cases that occupy them. Much of my work concerns alleged employee data theft, so I addressed the prevelance and patterns of those cases, discussing incident response fundamentals, e.g., what to preserve and where and how to look to determine the whether, when, who and how much of proprietary data theft.
I was fortunate the day's big news story was of a lately-resigned senior programmer at Goldman Sachs arrested at Newark airport for allegedly spiriting away a copy of Goldman's trading program code. My topic seemed ripped from the headlines.
The New York Times billed Sergey Aleynikov as the mastermind of a "dazzling bank theft." Thanks to Comrade Aleynikov's Russian origins and his alleged use of a German server to house the stolen data, the story fairly crackled with Cold War intrigue. That Aleynikov reportedly saw his salary lately trebled by a new employer made all the pieces seem to fall into place. Tinker, Tailor, Soldier, Programmer?
That Aleynikov was a U.S. citizen flying back from Chicago or the "server based in Germany" was just a free source code storage site like Google, didn't dispell the Ludlum-esque overtones. FWIW, my money is on this being the repository server: managed in the U.K. but spinning on drives in Deutchland. Welcome to the brave new world of "I have no earthly idea where my data lives."
Anyway, in D.C., I noted that two-thirds of departing white collar employees carry off proprietary data and touched on the "it's my data, too" syndrome unique to ESI. I detailed the vector analysis needed to assess these cases and the often clumsy anti-forensic activity used to cover tracks. That Aleynikov reportedly tried unsuccessfully to erase his record of BASH transactions points up how hard it is for even highly skilled IT pros. I shared my thoughts about the sources that should be preserved and the common digital spoor that mark the trail of a data thief. In the end, I found myself counseling caution and restraint.
Lately, I'd encountered cases where what looked like data theft at first blush turned out to be largely benign. Even the benign can occassion needless pain and huge expense when it serves as fodder to thwart the competition. Someone who grabs a copy of their Outlook container file may have anti-competitive designs...or they may simply want their personal e-mail. A careful analyst can usually tell one from the other, but requisite caution can bend to an analyst's desire to find something that pleases the client. The wannabe hero sometimes forces the puzzle pieces together.
When all is said and done, the Aleynikov Affair will probably turn out to be more flash than fire, a point borne out in a rambling guest op-ed in the Times on July 17, 2009. Sure, it's a good story with the tang of corporate espionage played out for billions on the world stage, but don't be surprised if it quietly spins down to a small, sad saga of a light-footed (if not light fingered) Vice President for Equity Strategy who acted with too little equity and not enough strategy.
Comments