This page has been archived and commenting is disabled.

Phishing Out The Goldman Code Fishers

Tyler Durden's picture




 
Still out in the boonies, so a few more days without extended analysis. In the meantime, some more amusement on GoldmanGate: Cryptogon has created a piece of html code that Google queries latch on to when searching for "Goldman Sachs Code Torrent", allowing the sysadmin to track which IPs and firms are querrying this keyword. Interesting results. From the website:

I have not seen as much activity from Goldman Sachs as I thought I would on my little honey pot. This is all so far. Then again, this hasn’t even been up 24 hours yet:

204.4.131.140 2009-07-07 12:01:17
/?paged=2
Referrer: http://www.google.com/search?hl=en&rls=com.microsoft%3A*&q=Mr.+Aleynikov+strat&aq=f&oq=&aqi=
Hostname: cflodc1.gs.com*
SEARCH ENGINE: Google (page: 1)*
KEYWORDS: Mr. Aleynikov strat
 
Other interesting visits:

Citadel Investment Group
64.22.160.1 2009-07-07 11:53:59
/?p=9712
Referrer: Direct hit
Hostname: cit1.citadelgroup.com
 
InfoNgen is the first Discovery Engine for business, finance and information professionals that knows what’s critical to you. Extracts relevant and timely information buried on the web, within emails, in desktop documents or on network drives. Identifies trends and connections between topics, companies or products that might not otherwise be apparent. And delivers results in real time.

63.87.234.186 2009-07-07 05:12:58
/?p=9712
Referrer: Direct hit
Hostname: host186.infongen.com

Batterymarch is a global equity specialist, investing in approximately 50 countries for clients around the world. Our unique quantitative strategies combine the power of technology with the wisdom of experienced fundamental investors.

199.58.12.24 2009-07-07
21:12:51
/?p=9712
Referrer: http://www.google.com/reader/view/
Hostname: smtp.batterymarch.com

U.S. Army
128.190.125.2 2009-07-07 17:59:55
/?p=9712
Referrer: Direct hit
Hostname: wks125-2.belvoir.army.mil

Clough Capital

74.201.46.1 2009-07-07 17:38:18
/?p=9712
Referrer: Direct hit
Hostname: host1.cloughcapital.com

Microsoft

131.107.0.101 2009-07-07 17:09:44
/?p=9712
Referrer: From your blog
Hostname: tide531.microsoft.com

The Benefit Company

66.184.209.18 2009-07-07 16:20:15
/?p=9712
Referrer: Direct hit
Hostname: 66.184.209.18

At ECBridge™, we know that information is the lifeblood of today’s business. Our experienced, international team helps clients plan, implement and manage innovative e-business solutions. We can help
your firm gain competitive advantage, by extending the reach of your company’s information.

207.111.251.165 2009-07-07 16:12:14
/?p=9712
Referrer: Direct hit
Hostname: mail.ecbridge.com

New York City Police Department

206.212.185.216 2009-07-07 12:49:12
/?p=9712
Referrer: From your blog
Hostname: 206.212.185.216

City of Houston
204.235.227.149 2009-07-07 12:05:43
/?p=9712Referrer: From your blog
Hostname: 204.235.227.149

Note: U.S. Department of Homeland

Security is obsessed with this post, and with Cryptogon, today. There are at least a couple of DHS employees who read Cryptogon as a matter of routine, but the activity over the last 24 hours shows 10 visits, 43 page views from five different hosts/IPs:

sbcp5.dhs.gov 204.248.24.164
bcp1.cbp.dhs.gov 63.167.255.151
bcp3.cbp.dhs.gov 63.167.255.153
sbcp6.dhs.gov 204.248.24.165
sbcp3.dhs.gov 204.248.24.162

Not sure how long Cryptogon will be able to keep this page up, so check it out while you can. And let other comparable games begin.
 
hat tip Dora
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Wed, 07/08/2009 - 07:52 | 5335 savara
savara's picture

Keep up the good work !

Wed, 07/08/2009 - 07:52 | 5336 Eduardo
Eduardo's picture

LOLLLLLLLL I searched the pirate bay to see if I got lucky ... nothing yet LOL

 

 

Wed, 07/08/2009 - 11:15 | 5367 Project Mayhem
Project Mayhem's picture

Give it time, lol

Wed, 07/08/2009 - 07:56 | 5338 FischerBlack
FischerBlack's picture

LOL, Fort Belvoir is the home of several spooky Department of Defense agencies.

Wed, 07/08/2009 - 11:18 | 5368 Project Mayhem
Project Mayhem's picture

I'm just waiting for Booz Allen Hamilton to show up in the logs

Wed, 07/08/2009 - 08:22 | 5340 Anonymous
Anonymous's picture

I was also searching for this code *grin*! BTW: I beleieve it is an ugly piece terribly intermingled C++. Typically only one or two poeple know, what is really going on in this code. Frequently also these two guy's have false imaginations, what their own code really does. Moreover I think that program trading is largely overestimated. Of course there are tricks to manipulate the stock prices. But a simple code which sells and buys due to signals of a random generator may generate a positive payoff too ;). And there exists superstition concerning computers. Nevertheless this GS code plot is a delightful story. Thanks for your reports.

Wed, 07/08/2009 - 08:33 | 5343 yellow submariner
yellow submariner's picture

It was me.

Wed, 07/08/2009 - 08:54 | 5345 Anonymous
Anonymous's picture

That is brilliant...although people are unlikely to d/l torrents at work.

Wed, 07/08/2009 - 08:54 | 5346 Anonymous
Anonymous's picture

If GS was as on top of this as they'd like to believe they are, they'd be posting some phony code on Pirate Bay as we speak to redirect everybody's attention.

Wed, 07/08/2009 - 14:53 | 5402 dark pools of soros
dark pools of soros's picture

they would post code to get everyone to buy Citi

Wed, 07/08/2009 - 09:53 | 5356 Anonymous
Anonymous's picture

hiiiiiiilarious stuff. Thanks Cryptogon! And ZH!

Sergey's defense should be "I did it for teh LULZ."

Wed, 07/08/2009 - 10:21 | 5359 Ben_the_Bald
Ben_the_Bald's picture

Fun and games but this doesn't prove anything. In fact, I'm sure the ZH access logs have visits from the same servers all the time. Fact is you don't know why the Google search was made.

When someone finds the code and puts it on a warez server with open access then we are talking.

As for what's in the code, I'd take the government's word for it, a scheme for the "fair" manipulation of the market by GS. It will not be easy to port to your pc environment at home though. But GS's competitors certainly have similar in-house developed tools. Just ask the middleware providers like TIBCO. (Of course they wouldn't answer, but it's fun to ask).

Wed, 07/08/2009 - 11:22 | 5369 Project Mayhem
Project Mayhem's picture

As for what's in the code, I'd take the government's word for it, a scheme for the "fair" manipulation of the market by GS

 

If you believe this, I have a bridge to sell you in Brooklyn.

Wed, 07/08/2009 - 13:59 | 5393 Anonymous
Anonymous's picture

I guess you miss the point of the word "fair" so I seriously doubt you do have a bridge to sell.

Sat, 07/18/2009 - 00:07 | 9220 GILLERAN
GILLERAN's picture

Yeah, as in 'fair, if you've got friends at Treasury'.

Wed, 07/08/2009 - 13:00 | 5384 E Thomas St.
E Thomas St.'s picture

I think the funny thing is that such a silly honey pot attracted people from those places in the first place.

Wed, 07/08/2009 - 13:57 | 5392 Anonymous
Anonymous's picture

They could be bots also.

Wed, 07/08/2009 - 14:33 | 5400 E Thomas St.
E Thomas St.'s picture

Which could indicate that the amount of malarky they could potentially pick up by using bots might interfere with the ability to devine anything of value.

Wed, 07/08/2009 - 21:34 | 5473 carpentersr
carpentersr's picture

Ah yes, Warez. When I first heard about this story, that is where I thought the code would be.

Wed, 07/08/2009 - 10:51 | 5363 Anonymous
Anonymous's picture

brilliant... gotta love the army, DHS and NYPD on there... love it!

Wed, 07/08/2009 - 11:49 | 5375 Anonymous
Anonymous's picture

while TD is away 'phishing', might I suggest a visit to the great Michael Pettis' China blog and his current post:

RMB 1.5 trillion in new Chinese lending — can we turn this thing off?

http://mpettis.com/2009/07/rmb-15-trillion-in-new-chinese-lending-can-we...

Wed, 07/08/2009 - 12:06 | 5378 asdf
asdf's picture

that's really insane, but the IMF doesn't seem to read Michael Pettis. "Recovery in Asia, full speed ahead!"

Wed, 07/08/2009 - 12:14 | 5379 Project Mayhem
Project Mayhem's picture

all aboard the fail whale!

Wed, 07/08/2009 - 14:00 | 5394 Anonymous
Anonymous's picture

Have been thinking this over a bit, and come up with this conclusion. The program itself is of marginal value to you or I or really any small operator. So what is scaring GS so badly that they had the FBI do one of the quickest IT investigations and arrests in history? The code is only as good as the data inputs. Since GS sits on the boiard of the group tht oversees program trading and thus has inside knowledge, not to mention its direct ties into all major exchanges, the actual URLS and identities of the instantaneous data sources have to be a part of the program. Also in a previous article last night part of the nano-second trading involved in-house communications of data and so those links would be known as well from the code. Several 'houses' within GS are strictly forbidden to communicate as that constitute insider trading etc. Those links could well be enough for competitors to force a guv investigation which would close the golden dorrs of GS forever.

Thu, 07/09/2009 - 02:41 | 5499 yellow submariner
yellow submariner's picture

IMHO: Good point! Moreover it would be really strange, if the code would still be on a site in germany, while Aleynikov is set free for a bail.

Wed, 07/08/2009 - 14:56 | 5403 dark pools of soros
dark pools of soros's picture

we all should hope so..  we will have enough problems dealing with all the emerging markets as they mature than have to also deal with these blood suckers from the inside

Wed, 07/08/2009 - 15:13 | 5406 Cue Ball
Cue Ball's picture

My question & request is : how do I get that html program to search for hits on a public Company I like....seems like it would tell me who that Company is talking to.

Wed, 07/08/2009 - 16:26 | 5425 PenGun
PenGun's picture

 I really doubt it's a torrent. It's just some files somewhere. Now whoever finds it should torrent it immeadiataly.

Wed, 07/08/2009 - 17:34 | 5437 Anonymous
Anonymous's picture

Matt Taibbi delivers a follow-up bitch slap to the fools who criticize his Rolling Stone article on GS:

http://trueslant.com/matttaibbi/2009/07/07/on-the-everyone-was-doing-it-...

Tue, 07/14/2009 - 19:58 | 7063 Anonymous
Anonymous's picture

July 14th, 2009 DealZone

Goldman Sachs breaks silence on alleged code theft

After more than a week of silence, Goldman Sachs finally commented publicly on the alleged theft of computer codes by former programmer Sergey Aleynikov calling losses sustained as a result would be “very, very immaterial.”

http://flq.us/wG

Tue, 07/14/2009 - 20:03 | 7065 Anonymous
Anonymous's picture

The Real Story of Trading Software Espionage

While none of us knows the ingredients of Goldman's "secret sauce," we can say that any algorithmic code in and of itself is precious but has limited value until placed in the right circumstances. Those circumstances are not available to just any Tom, Dick or Sergey, but represent the core strategy of the fast-rising high frequency trading firms.

First, strategies that optimize the value of high frequency algorithmic trading are highly dependent on ultra-low latency. The right decisions are based on flowing information into your algorithm microseconds sooner than your competitors. To realize any real benefit from implementing these strategies, a trading firm must have a real-time, colocated, high-frequency trading platform—one where data is collected, and orders are created and routed to execution venues in sub-millisecond times.

Next, since many of these strategies require transacting in more than one asset class and across multiple exchanges often located hundreds of miles apart, i.e., NY to Chicago, that infrastructure will often require roundtrip long haul connectivity between the data centers.

Lastly and most importantly, this code has a limited shelf life, whose competitive advantage is diluted with each second it is outstanding. While a prop desk's high level trading strategy may be consistent over time, the micro-level strategies are constantly altered—growing stale after a few days if not sooner—for two important reasons. Firstly, because high frequency trading depends on ridiculously precise interaction of markets and mathematical correlations between securities, traders need to regularly adjust code—sometimes slightly, sometimes more—to reflect the subtle changes in the dynamic market. The speed and volatility of today's markets is such that the relationships forming the core of our algorithm strategies often change within seconds of our ability to implement the very strategies that exploit them. Secondly, competitive intelligence is so good across all rival trading firms that each is exposed to the increasing susceptibility of their strategies being reverse engineered, turning their most profitable ideas into their most risky. As a result, any firm acquiring the "stolen" code would gain benefit from it for no more than a few days before that firm would need to adjust the code to the dynamic conditions. Since these changes build on themselves, in a matter of weeks that code would look quite different from that which was originally "stolen."

Advanced Trader http://flq.us/wF

Do NOT follow this link or you will be banned from the site!