Is A Case Of Quant Trading Sabotage About To Destroy Goldman Sachs?

Tyler Durden's picture

Major developing story: Matt Goldstein over at Reuters may have just broken a story that could spell doom for if not the entire Goldman Sachs program trading group, then at least those who deal with "low latency (microseconds) event-driven market data processing, strategy, and order submissions." Visions of swirling, gray storm clouds over Goldman's SLP and hi-fi traders begin to form.

Back-up: This week's NYSE Program Trading report was very odd: not only because program trading hit 48.6% of all NYSE trading, a record high at least since the NYSE has kept tabs on this data, and a datapoint which in itself was startling enough to cause some serious red flags as I jaunt from village to village in what little is left of Europe's bison country, but what was shocking was the disappearance of the #1 mainstay of complete trading domination (i.e., Goldman Sachs) from not just the aforementioned #1 spot, but the entire complete list. In other words: Goldman went from 1st to N/A in one week.

Even more odd, this "disappearance" comes hot on the heels of what Zero Hedge reported could be potentially a major change to the way the NYSE provides its weekly program trading report. Of course, Ray over at the NYSE immediately replied to Zero Hedge that all was going to be same as always ... Odd, maybe he meant that all is back to normal except the reporting of Goldman's trades. Either way, it might very well be time for proactive readers to again contact the two employees publicly disclosed by the NYSE as lead-contacts on the issue.  Readers will recall that it was these same two who were previously steadfastly assuring anyone who would listen that there would be no change at all in data reporting.

Robert Airo, Senior Vice President, NYSE Euronext at (212) 656-5663 or
Aleksandra Radakovic, Vice President, NYSE Regulation at (212) 656-4144

Alas, the just released weekly data proves that either theirs was a material misrepresentation of facts, or Goldman simply suddenly decided to stop transacting with the NYSE, or, what would be even more sinister, Goldman notified the NYSE to scrap all their trading data from the prior week. Why would they do that?

Goint back to Matt Goldstein's story. In a nutshell, on Friday, one Sergey Aleynikov was arrested at Newark airport by FBI agents, as he was coming back from a trip to Chicago (maybe visiting his new employer), on what are basically industrial espionage charges. Sergey, or Serge as his Linked-In account identifies him, was VP of equity strategy over at 85 Broad (or maybe 1 New York Plaza, his detailed Bloomberg Bio page has disappeared) had the following responsibilities at Goldman Sachs according to Linked-In:

• Lead development of a distributed real-time co-located high-frequency trading (HFT) platform.The main objective was to engineer a very low latency (microseconds) event-driven market data processing, strategy, and order submission engine. The system was obtaining multicast market data from Nasdaq, Arca/NYSE, CME and running trading algorithms with low latency requirements responsive to changes in market conditions.
• Implemented a real-time monitoring solution for the distributed trading system using a combination of technologies (SNMP, Erlang/OTP, boost, ACE, TibcoRV, real-time distributed replicated database, etc) to monitor load and health of trading processes in the mother-ship and co-located sites so that trading decisions can be prioritized based on congestion and queuing delays.
Responsible for development of real-time market feed handlers, order processing engines and trading tools at a Quantitative Equity Trading revenue-making HFT desk.

If the allegations are true, it looks like Goldman's hi-fi quant trading desk was thoroughly penetrated by a "spy", and as readers will recall, Serge(y)'s description of his job duties mirrors what Mr. Ed Canaday conveniently provided to Zero Hedge as a description of Goldman's SLP program. (Sources connected with the office of the United States Attorney have confirmed to Zero Hedge that Aleynikov was at one time or another a Goldman employee.").

The plot thickens: per FBI agent Michael McSwain's sworn deposition, Sergey quit a firm described as "Financial Institution" in the affidavit, which according to circumstantial evidence and according to Goldstein is none other than Goldman Sachs, on June 5, at that time earning $400,000 annually. As Matt reports, he proceeded to move to a Chicago firm engaged in "high volume automated trading" where he would make 3x his $400k salary (Hey Getco, is it time for a formal release at least denying you guys had anything to do with this, cause if you did it might not look that hot. No matter, we have reached out to our sources in law enforcement to confirm or deny Getco's, and Goldman's, involvement: once we get a response we will immediately advise our readers).

In the 5 days immediately preceeding his departure from "Financial Institution" (potentially GS), Sergey allegedly downloaded 32 megs of ultra top-secret quant trading proprietary code, that, according to Special Agent McSwain's affidavit, he then proceeded to encrypt and upload to a website in Germany, with a UK owner. One can only imagine the value of this "code" not only to Goldman but to the highest bidder. After all, from the affidavit: "certain features of the [code], such as speed and efficiency by which it obtains and processes market data, gives the Financial Institution a competitive advantage among other firms that also engage in high-volume automated trading.The Financial Institution further believes that, if competing firms were to obtain the [code] and use its features, the Financial Institution's ability to profit from the [code]'s speed and efficiency would be significantly diminished." Needless to say, many others are now also likely hot on the trail of the code.

What is probably most notable, in less than a month since Sergey's departure from [Goldman?], the FBI was summoned to task and the alleged saboteur was arrested and promptly gagged: if anyone is amazed by the unprecedented speed of this investigative process, you are not alone. If only the FBI were to tackle cases of national security and loss of life with the same speed and precision as they confront presumed high-frequency program trading industrial espionage cases... especially those that allegedly involve Goldman Sachs.

Now the real question here is, does [GS?] feel lucky? Because the code has supposedly been in the hands of an outsider for over a month, one might suspect that anyone who wanted to has had ample opportunity - if the holder(s) wished to sell... Would that have anything to do with the even weirder than usual market action over the past 2-3 weeks: after all it is the very Goldman Sachs (which may or may not be the target of this program trading industrial espionage) which is the primary SLP on the world's biggest stock exchange.

Another major question: do Goldman and the NYSE not have a fiduciary responsibility to announce to both shareholders and any interested parties if there has been a major security breach in their trading operations? Certainly this seems like a material piece of information: given that program trading accounted for 49% of all NYSE trading last week, and Goldman as recently as one week ago represented about 60% of all principal program trading, will this be called an issue threatening the National Security of the United States. Shouldn't all market participants be aware that there is some rogue code in cyberspace that can be abused by the highest bidder, who very likely will not be interested in proving the efficient market hypothesis?  What will happened when said bidder goes about trying to front run none other than the "Financial Institution" [GS]?

The complete affidavit can be downloaded from this post here, and is also provided Scribed below as this could (and likely should) become a matter of National Security. Zero Hedge will closely monitor this situation from the European hinterland and provide updates as they come. For really interested readers, we recommend tracking any potentially new developments on the forums and message boards over at Wilmott.

Lastly, a quick question to lawyers among our readers: what if any is the likelihood that Goldman will be forced to provide associated discovery if this were to become an extended legal case?




major hat tip Matt Goldstein of Reuters

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Anonymous's picture

i KNEW I should have shorted (or otherwise bet against) GS two months ago. Damnit.

Arm's picture

Don't be so unhappy.  I shorted two months ago and am about to expire worthless

maui73's picture

Tyler . This is a huge story . thx for your great work.

andy55's picture

Agreed -- incredible work and dilligence, TD and all others on this story!  Your work makes me feel like America is not yet totally lost! 

svendthrift's picture

So, Monday morning comes a ban on shorting bankster stocks?

Anonymous's picture

bah-BOOM! 4th of july fireworks?

/w.r.t the CAPTCHA -math is hard! ;)

Anonymous's picture

OMG, Paulsonator hacked the skynet. The field of Finance hasn't been that exiting and scandalous since at least 1929. : (

Anonymous's picture

Does anyone want to bet one-fity that LEH is somehow involved?

Anonymous's picture

Finkle is Einhorn.

EINHORN (bold) is Finkle

Talkhard's picture

He kissed a man too?!?!

Comrade de Chaos's picture

Found "his" (names match)  website, he must be a cybernatic mechanism ...


let the robot wars begin : )

Anonymous's picture

uh he probably hid the source code in those images using steganography:

Anonymous's picture

I can't wait to see the liquidity on Monday morning. Will GS pull their bidz for their SLP programs? The storm is brewing bigger and bigger.

ScepticalMind's picture

Enormeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee!!!!!!!!!!! (at french for enormous....)

pinkboxtrader's picture

I read through the PDF and either this guy is the dumbest software guy making 400k/yr or it was just a mistake in uploading some parts of the source code. He gets a new job offer then in his last week of work decides to upload the critical code to a repository machine using https? And the smoking gun is his shell history and a copy of the script he left on his desktop? Any software guy with half a brain trying to steal even $100 would have transported out the source in a much more obfuscated manner. This is all assuming that 'Financial Institution' had blocked all abilities to transfer the files onto physical portable media without logging the exact content while inside the facility. Of course if security were this important then why was the 'top secret' code on a machine connected to the Internet? I'm not sure if the story adds up if there was a malicious intent. Or maybe the code in question isn't really that important and this is just a scare tactic to keep the other nerds afraid of leaving the family. If it is something good I sure hope it starts showing up on the public torrents. Maybe give 'Financial Institution' a taste of what being on the wrong side of insider information is like.


Either way I hope it puts the scare into big institutions relying on this kind of information control for their financial edge (or even viability). In the game of greed, how much do you pay the nerd who creates you a cash generating black-box? Well in theory it should just about be the value of the incoming cashflows minus cost of capital. If not you'd better worry about how easy that edge can disappear for an incrementally higher bidder. Background checks, patriotism and legal enforcement tougher than theft of trade secret can barely contain top secret government data. In the Capital Markets Casino with no allegiances firms should seriously worry about non-equity partners who do the critical work which must remain secret to be effective.

Anonymous's picture

Yeah, this idiot didn't know use of HISTFILE="" and doesn't know .bash_history is under $HOME and is always backed up, at least daily!

andy55's picture

Well, you have to remember there's a variety of engineer/CS people out there...  Physics, finantial, and math guys, as you know, often can be weak on the workstation/code side.   In fact, as a software engineer that's managed all kinds of minds, it's random how talented of a theorist a guy can be while his shell/workstation level of knowledge is low.

Anonymous's picture

Right on the mark p/b/t. A couple of other facts which seem to support that view: (i) the code he actually uploaded was less than 5% of the total module size (and apparently he had the entire module on his machine--not too surprising given he was the lead developer); (ii) he uploaded the code to a plain-vanilla cut-rate hosting outfit, to an account with his name on it that he had had for some time--not to some shadowy server in St. Petersburg under account name "condor." and (iii) he's a ballroom dancer (excuse me--a competitive ballroom dancer) for godsake.

Bubby BankenStein's picture


No matter what the outcome will be, this could be written into the climax of a blockbuster drama titled "Chernobyl Syndrome"

Anonymous's picture

Why is this not on any Main Stream Media? Not even Reuters has the story, only its blog carries it. Creepy, so much for Free Press in America.
We are all doomed.

Anonymous's picture

his title was Vice President of equity strategy, anyone who knows anything about banking knows the title of VP is given out more easily than a cup of free coffee....

he's a nobody who got a new job (prob on false premises) and decided to take some work product (his or others) with him to his new employer....

IT group monitored his computer, see what he did...reported it to the Feds...

picked him up real easily as he used credit cards to book his plane tkts....

doom for trading group....i dont think so, but i so wish

with Paulson at the helm and Bernanke in their back pocket they can even probably just back day a months worth of trading to fleece the avg job

the game is rigged

Arm's picture

Anybody who knows anything about banking knows that operations are basically run by senior analysts and middle managers (VP's and associates).

Directors, and MD's are the happy faces to sell to clients.   So yes, this VP would be in fact the operational coordinator for that trading group.  That would make his knowledge very significant.


Anonymous's picture

I'm in IT myself. Perusing his linkedin profile shows to me that he was at the top of this specific field. Some intense technologies and experience on his resume. This guy would be quite sought after if he delivered even half of what was listed in his profile.

Anonymous's picture

i agree with #4669. There is too much corruption. Business as usual will continue. Disconnect with reality will continue.

Tyler Durden's picture

Here are examples of what happens in traditional quant trading IP cases:

The FBI was involved in exactly zero of them. This was supposed to be a statement. Of what nature, it remains to be seen.

channel_zero's picture

TD: you clearly conflating a couple of stories.  Story 1 is the volume disappearing. Story 2, guy possibly steals code.  Mixed up in there is your heated conspiracy thinking.

You are as distracted as most are by the alphabet soup this guy was spewing.


You can't do anything sub-second with SNMP anything. Period.  It just doesn't work that way. You can notify an admin a service has stopped, or something like that.  There's no heat here.


Now, erlang is something that can possibly do sub-second stuff on its own.  I would be very surprised a VP is the algorithym guy.  Would he have access to the code? Probably.

boost, ACE, TibcoRV

This is software engineering sploog  for some C++ libraries and a message passing framework.  TibcoRV will get your sub-second trades.  But the magic is in the C++/erlang code. 

BTW, why mix them?  That's a baaaaad combination.  If he actually has a coding background, it's probably in C++ because Erlang doesn't have much in the way of textbooks or Sun/Microsoft to promote it in schools.

real-time distributed replicated database

More sploog.  This guy's a Veep.  Other than getting a presentation from the coders, he probably doesn't have a clue.

Can a competitor do something **quickly** with the code?  Depends on how good the shop is that will port the code.  This guy would only be instrumental in that he might have taken the code.  Is this some secret/magic code that precious few are capable of doing?  Not at all. 

Is GS evil?  Sure, but this is side-show stuff.  The mainstream media knows a good story.  This isn't one of them.

Anonymous's picture

If what you say is true the Financail Institution would have left it to internal security.

The Financail Institution chose to make this a matter of public record.

Anonymous's picture

Were they hoping it would be buried in the fog of the Southern District?

For use in their defence at a later date?

Alcuria's picture

"SNMP You can't do anything sub-second with SNMP anything. Period. It just doesn't work that way. You can notify an admin a service has stopped, or something like that. There's no heat here."

Nonsense. We use SNMP to alert us when certain thresholds are reached on WAN links, and we use SNMP SETs to make various adjustments based on which specific threshold is reached. I can assure you it happens sub-second And when using SNMPv3, this occurs in an authenticated, encrypted manner

channel_zero's picture

We use SNMP to alert us when certain thresholds are reached on WAN links

As do we.  Does the *whole* process happen in 10th's of seconds?  No.  Link fails>router fires SNMP message>SNMP server recieves message, then maybe even fires off a SET back to the router and sends a notification via snmp.  In less than 1 second? No.

Among other things, the other side of the transaction would timeout.

Anonymous's picture

The code that was stolen here does not guarantee microsecond execution. The code contains behavoral heuristics and proprietary algorithm to execute the next trade. The stuff that guarantees microsecond execution is the kernel along with messaging protocols.

Anonymous's picture

By gathering the information I have an urge to post the platform that they are using, but I shall leave it for everyone to guess.

FischerBlack's picture

Well, CNBC has picked up the story. And they know a good story, as you say...

But you're missing the point, anyway -- and it has nothing to do with conspiracy theories. Goldman can't go back to trading using this code now that it's out there. It will take some time for them to go to Plan B -- I don't know how long. In the meantime, no Goldman PT, no liquidty, get ready for the volatility. If this story is true, the chances of a market liquidity event have just gone up significantly.    

Anonymous's picture

> More sploog. This guy's a Veep. Other than getting a
> presentation from the coders, he probably doesn't have a > clue.

Yeah. Where'd you get that? I'm a VP (associate director, whatever..) at another random financial organisation, and I write custom compilers. You don't have to lose touch till you get to Director. ;)

Anonymous's picture

VP = Director in most US IB's.

I've worked with VP's and SVP's who still code daily, and are damn good at it. Usually it's the SVP's who get the $400k pay packet, not VP's, but possibly this guy annoyed someone on the promotions board so didn't get the title.

In any case, odd behaviour. Everyone knows not to do this kind of stuff. Amazed that GS allow this stuff through their firewall/proxy servers.

akreitman's picture

He should upload the code to wikileaks, that will level the playingfield!

Anonymous's picture

Meh. Goldman Sachs(Teflon Bank) is like John Gotti(the Deflon Don).

Bubby BankenStein's picture

A few questions:

Did GS shut down operations based on this code due to the breach?

Could this breach have anything to do with the extended session July 2?

Is the FBI on it because of GS influence, or is it such a serious threat that their hair is on fire?

Is the possibility of others adapting the code to their operations a game changer?

Is this a smoke screen?



Anonymous's picture

futures turning rederer, has the worm turned??

Anonymous's picture

smoke screen.

Anonymous's picture

When there was a scandal about some Salomon Brothers traders making illegal bids for treasuries, several senior executives (Meriwether, Gutfreund, and Strauss) were forced to resign for failing to promptly disclose the illegal bids.

Why shouldn't GS and NYSE executives be forced to resign for failing to disclose theft of SLP code to the public? Far more money is at risk through the theft of SLP code than from a pidling treasury auction.

agrotera's picture

Yea, and it is candy coat, and gloss over any significance as if all that matters is whether big daddy's quarterly earning will be hurt by the story!

maui73's picture


but the this line is missing from the  article :"..The Zerohedge blog was all over this controversy a week ago..."



Anonymous's picture

You've got it all wrong Tyler.

Serge actually works for the Russian Mafia, long active in stealing credit card info and other such small financial potatoes (which the Russians have been good with for centuries). The Mafia is in cahoots with a Russian plutocratic family involved in Russian stock markets. Together they plan to use the high-speed code to beat the Americanskis at their own Kapitalist game, including GS.

Or it could be the KGB? Remember the "great grain heist" of the early 1970s (?) when Russian authorities broadly spoke of the great wheat crop coming in that year. Meanwhile, they were quietly buying wheat futures through intermediaries knowing their crops were totally wiped out. When the crap hit the fan, the Russians paid for the wheat they needed from the futures they bought. Talk about "material misrepresentation!"

Watch: Serge will be paid nicely for the few years time he spends in jail, and all his considerable lawyer's and wife's expenses will be covered from unidentifiable European sources. His wife will return to Russia to rejoin her family after her "horrible" experience in Amerika.

Man, it's a great novel if not the truth!

orange juice's picture

oooh well if they had it for a month it was probably old anyways. I remember reading somewhere that algorithms older than ~3 months just aren't relevant anymore, so I'd be surprised if this code was integral to what GS is running now.  Anyway, in the last few weeks we've seen tops begin to form in all markets... so we were long overdue for some gearshifting.


Now it's time to see the GS SLP run some short progs.

JohnKing's picture

Scoring algos could be old in days or minutes but the basic framework of data collection> indexing> storage> serving would probably have a longer shelf life.



Anonymous's picture

boom goes the DYNAMITE!

Bubby BankenStein's picture

Firmly place a tin foil hat on your head:

Serge's CV claims significant expertise in telecommunications routing, skills potentially valuable in routing / replicating exchange traffic through the back office of select secret trading systems in real time.  Such skills could also contribute to "Communications Glitches".  

Moe Speeks's picture

Excellent News Story Tyler, as usual.

Break this wide open to the world.