A Goldman Sachs programmer was found guilty

[Daniel Duffy]

Reason for narrating the story : Instead of hoping to interview with you I would actually fear interviewing with you :p

We all live between fear and hope

 

[Jayanthan]

Darth!!!
Man!! you are so funny

 

[KaiRu]

See.... the point is why would you take a 100 page print out of a code and risk prison when you can do that by carrying the code in ur brain if you really have malicious intentions.

Impossible. Initial idea that you have in mind is a tiny part of final implementation. There is also work of dozens people who implemented, fixed, re-implemented, tested, verified, tuned and maintained the code throughout the years, let alone some other bright ideas from other people which were implemented in the same piece of code to make it all a successeful project.

 

[darth]

Impossible. Initial idea that you have in mind is a tiny part of final implementation. There is also work of dozens people who implemented, fixed, re-implemented, tested, verified, tuned and maintained the code throughout the years, let alone some other bright ideas from other people which were implemented in the same piece of code to make it all a successeful project.

We are not talking about the SDLC . I am saying that once it is finally converted into a successful project you can carry it in your brain than a piece of paper.Anyone can memorize 100 pages of anything written on it in less than 10 days .

 

[robopool]

I don't think it is that dumb. If you are going to do such a thing, how would you do it?

If he used an encrypted connection, finding out was not an easy thing. I don't know the details but I can guess GS found out by checking the command logs (history).

I would use a different kind of way. I mean, the code is on the computer. It is many, many, many lines. It would probably take days to scroll through all of it.

But you are employed for years. How about you do not steal it so openly by printing or "secret encrypted connections", risking yourself 8 years in prison, but you sit at your desk calmly, and slowly scroll through all of it while wearing a high-quality hidden camera bug. If my smartphone has an 8.1 megapixel camera, I am sure there is spy equipment out there that is even better. So you get take a few weeks or months and scroll through all of it, piece by piece. If you think this is a lot of work and takes too long, imagine this as an alternative to the fast-way-plus-8-years-jail-time route. Scrolling through code is not evidence of anything (you are a programmer, of course you are allowed to verify the code line by line if you so wish). Then you enlist your wife or unemployed but trusted family members (or yourself) to type it all out manually. Even if you paid this person $20 an hour for uncountable hours, this is peanuts compared to the money you will make with this stolen code.

 

[alain]

I would use a different kind of way. I mean, the code is on the computer. It is many, many, many lines. It would probably take days to scroll through all of it.

But you are employed for years. How about you do not steal it so openly by printing or "secret encrypted connections", risking yourself 8 years in prison, but you sit at your desk calmly, and slowly scroll through all of it while wearing a high-quality hidden camera bug. If my smartphone has an 8.1 megapixel camera, I am sure there is spy equipment out there that is even better. So you get take a few weeks or months and scroll through all of it, piece by piece. If you think this is a lot of work and takes too long, imagine this as an alternative to the fast-way-plus-8-years-jail-time route. Scrolling through code is not evidence of anything (you are a programmer, of course you are allowed to verify the code line by line if you so wish). Then you enlist your wife or unemployed but trusted family members (or yourself) to type it all out manually. Even if you paid this person $20 an hour for uncountable hours, this is peanuts compared to the money you will make with this stolen code.

You have been watching too many movies. Remember, you are in front of the computer to do work.

 

[KaiRu]

We are not talking about the SDLC . I am saying that once it is finally converted into a successful project you can carry it in your brain than a piece of paper.Anyone can memorize 100 pages of anything written on it in less than 10 days .

Definitely. If a project is only 40K pages (40000x400 = ~1.5Mb which is nowhere near the real world) then it should take approximately one year to memorize it

 

[darth]

Definitely. If a project is only 40K pages (40000x400 = ~1.5Mb which is nowhere near the real world) then it should take approximately one year to memorize it

If i remember correctly , the evidence that was given in the soc gen trader's case was that he took few pages (<100)of print out which was captured by the CCTV footage . Who would take 40k pages of print out in his/her ofc...

 

[KaiRu]

If i remember correctly , the evidence that was given in the soc gen trader's case was that he took few pages (<100)of print out which was captured by the CCTV footage .

"The hundreds" (c), then he copied it into Word before printing so I guess he played with font and layout to have as much as possible on paper. Anyway, it's not a problem to memorize some pretty code from high school. The problem is to memorize tuned code with advanced data structures, pointers arithmetic, threading, bit operations here and there and some numerical algorithms in C style on top of it. For example, just a random file from Linux kernel - http://fxr.watson.org/fxr/source/ipc/mqueue.c?v=linux-2.6.

Of course, if someone desides to do it he will be able to achieve his goal - impossible is just a word

 

[robopool]

You have been watching too many movies. Remember, you are in front of the computer to do work.

Well, you were talking about methods of copying code, and then asked the open question "how would you do it?", I'm merely answering you.

It's a bit of a high horse you're on to pull out the moral card and say "you are in front of the computer to do work" when we were explicitly talking about something else. Obviously a good employee would be in front of a computer to do work, but we are not talking about that, we are talking about copying code here, in a thread about copying code, in reply to a question that YOU asked.

And no, I haven't been watching too many movies. I haven't watched a movie for about a year now. Believe it or not, some people have the imagination to think of solutions, patience to carry them out, and willingness for tedious work in order to avoid a risk of 8 years in prison. You just don't hear the success stories because the winners do not make it to the news for their felony. If you don't like my solution, say a real critique. Don't just throw a blanket statement.

 

[darth]

"You just don't hear the success stories because the winners do not make it to the news for their felony"
"Behind every great fortune is a crime : Mario Puzo "


More aware we are about the methods of copying ,greater are the chances we can detect it . So there's nothing wrong in coming with and discussing innovative ideas of copying.

 

[Jayanthan]

hahaha Darth!!!

What about taking screen shot?

 

[darth]

I guess taking screen shots , saving and mailing or copying to an external drive could be detected by command logs..
Robopool's idea of stealth cam seems more appealing till someone comes up with a better idea :P

 

[KaiRu]

I guess taking screen shots , saving and mailing or copying to an external drive could be detected by command logs..

It's called steganography - http://en.wikipedia.org/wiki/Steganography
When you send a picture of something irrelevant but some bytes in this image store some valuable information which was added by small modifications in colors.

 

[darth]

But when you would be giving the command to print screen, the key logger will have it and it can be used as an evidence?

 

[KaiRu]

It will be some evidence that I printed a picture of my boss

On a serious note, everyone prints tons of information every day. There should be some other evidence to start looking through all this data to find what you have actually done.

 

[Ilya W]

Just a hypothetical scenario, what if you doing your fe class hw using computer at work and then send the code to your home computer? mail server will have a log, but I seriously doubt someone can claim that you steel something without any proof that code you sent belongs to any of the real projects.

 

[Jayanthan]

I totally agree with you, IIya Weinstein. It seems like,they already proved that code belongs to GS

 

[robopool]

Ilya Weinstein: Well, in this case it's pretty evident. We're talking about tens of thousands of lines of code here, lines which can be compared against the lines at GS, and will have virtually a 100% match (your homework code will have a 0% match against the GS stuff). That's pretty legitimate evidence if GS takes you to court.

That's why I'm saying, bypass all the server/encryption/keylogger/CCTV stuff and just do it manually with a hidden video cam in your shirt pocket.

 

[ferdowsi]

Just a hypothetical scenario, what if you doing your fe class hw using computer at work and then send the code to your home computer? mail server will have a log, but I seriously doubt someone can claim that you steel something without any proof that code you sent belongs to any of the real projects.

Depending on what you signed when you started working, your employer may own the rights to your HW. Obviously, no sane employer would care, but technically, it may legally be theirs. If they had any suspicions that the code is not actually HW, they can pursue charges pretty easily.