BoA Sues Programmer For Stealing Files Before Firing

[Andy Nguyen]

Bank of America Claims Programmer Stole Files Before Firing - Bloomberg

A former Bank of America Corp. computer programmer was accused in a lawsuit by the bank of stealing 21 confidential files the day before he was to be fired.

Rao Chalasani e-mailed the files to himself the night before the company was to announce it was firing 400 people, including him, Bank of America said in a complaint filed yesterday in federal court in Manhattan. Chalasani worked in New York for the bank’s global markets portfolio management group, according to the complaint.

“It appears that defendant stole key documents from the company with the intent of causing harm to Bank of America’s business and reputation,” the bank said.

Bank of America is seeking a court order requiring Chalasani to return the files, plus unspecified damages. The files included profit-and-loss figures, current securities trading positions and company risk assessments, according to the bank.

Chalasani didn’t immediately return a voice-mail message left yesterday at his home in New Jersey.

On Sept. 30, as part of a security review of large files sent by employees outside the company, Bank of America discovered that on Sept. 20 at 9:32 p.m., the night before the firings were to be announced, Chalasani sent the 21 files from his company e-mail address to a personal address, the bank claimed.

Possible Job

Bank of America said Chalasani was told on Sept. 22 that he was to be fired. He was being considered for a position with a different department, Chalasani was told, although it wasn’t certain he would get the job, Charlotte, North Carolina-based Bank of America said in the complaint.

Files Chalasani allegedly took included those titled “Consolidated_Balance_Sheet.xls,” “RDM_Stress_Scenarios.pdf” and “Global_Credit_Summary_.xls.”

 

[Noko]

I'm pretty sure you can get flash drives at the dollar store now.

 

[Andy Nguyen]

And if you have worked at a financial institution before, you would know that the usb and general "write-out" ports are disabled. In addition, your emails are monitored, your web activities are logged.
And to think you can just get a cheap flash drive and copy stuff down?

 

[Noko]

And if you have worked at a financial institution before, you would know that the usb and general "write-out" ports are disabled.

Spare internal IDE and SATA ports as well? While I did not know about the usb ports being blocked, I would assume it could still be done if you have physical access to the computer. Unless there are also padlocks on the computers I suppose.

Edit: Also I suppose I should say that no, I have not worked at a financial institution before, so apologies if my assumption seemed out of place.

 

[const451]

When I saw the subject I thought - Oh, another Russian guy is in trouble j/k

 

[Andy Nguyen]

Spare internal IDE and SATA ports as well? While I did not know about the usb ports being blocked, I would assume it could still be done if you have physical access to the computer. Unless there are also padlocks on the computers I suppose.

Yes, try to play with the internals of the computers and see funny looks from the IT guys when you try to tell him why your computer is not booting anymore after you "reset the ports". That wouldn't go well.
I'm not in IT so I don't know the details and don't bother to, but USB won't work, CD writer won't work. They probably configure the computers to lock down certain features.

That's why all the stories you hear about people stolen code, they all go with the easiest solution: email the files to themselves or upload to a server somewhere.

 

[Noko]

Yes, try to play with the internals of the computers and see funny looks from the IT guys when you try to tell him why your computer is not booting anymore after you "reset the ports". That wouldn't go well.

Well now I'm kind of curious. Having built multiple computers myself, and gone through BIOS setup and configuration, I think it can be done even if there are security measures *before* a user can access BIOS. The only requirement is that you have access to your hardware (like I mentioned before, no padlocks on the tower). Once you're there, anyone with a bit of experience can be sure that their computer will still boot just like it did before.

Does anyone closer to the IT department know what's stopping someone at this point?

 

[Andy Nguyen]

Custom bios, chasis removal detection, bios password, etc
These computers are not off the shelf, at least for big banks with huge IT dept (that where I was at).

 

[Noko]

Wow, I had no idea.

 

[marina]

in most of the banks there will be a camera above every person's head.
some banks allow usb drives, but they will keep a copy of the files you write to usb.

 

[alain]

That guy was not a simple programmer.

 

[iHateVariance]

hm interesting. i guess the only useful file is credit summary with all net longs/shorts for bofa credit business. but u can print out those dv01s by book with associate tickers.

 

[DominiConnor]

If this is true, and I have no knowledge either way ,this evangelical was so dumb he ought to claim mental deficiency as a defence. I'm a only headhunter, and if someone like me sneers at your cracking skills you're fucked.

Yes, you can copy, and probably not be noticed, but p has to be bloody small before it's a rational choice, and what fool uses file copying to extract files anyway ?

It's possible to configure a good modern desktop PC to know if the case has been opened and screwed with. It can do this silently, and send a message when it next boots. Yes, you can get past this, but exactly how lucky are feeling punk ?

Of course this guy may not be an evangelical at all...
Anyone here read their Poe ?
Just because they were sent from his ID, doesn't really mean that he sent them, does it ?

 

[TraderJoe]

Goldman Sachs accused a Russian programmer of stealing their source code a couple of years back. That guy was arrested but no charges were ever filed against him. Last I heard he had a nice $500 K job in a hedge fund. He probably has all the Goldman Sachs source code.

 

[marina]

Goldman Sachs accused a Russian programmer of stealing their source code a couple of years back. That guy was arrested but no charges were ever filed against him. Last I heard he had a nice $500 K job in a hedge fund. He probably has all the Goldman Sachs source code.

he is not working. he is still fighting the case http://www.zerohedge.com/article/ex...rgey-aleynikov-indicted-faces-25-years-prison

 

[const451]

Goldman Sachs accused a Russian programmer of stealing their source code a couple of years back. That guy was arrested but no charges were ever filed against him. Last I heard he had a nice $500 K job in a hedge fund. He probably has all the Goldman Sachs source code.

That was last year and he's going on trial this fall. Hence my joke above.

 

[Andy D.]

I worked as a consultant at a large bank in London and we had access to the USB drive. In fact we would often work weekends from home and bring in updated code on a Monday ( I once left the USB drive at family members house and having just travelled 100+ miles into London, had to then go and do another 200+ mile round trip to go get it and bring it back - I learned my lesson - and no they couldn't email/upload the files elsewhere unfortunately).

Now we weren't writing anything involved with trading systems or similar so it may be different by department.

 

[DominiConnor]

The USB thing is part of a trade off.

To make a computer tough to extract files from, you end up limiting it's capabilities quite severely.

One way of stealing data is to attach a video recorder to the graphics output.
That may strike you as just silly.
Actually, a significant reason Windows Vista was so slow, and had such poor and flaky driver support was the way they'd caved to pressure from Hollywood to engineer Windows to prevent you doing that. Look up the spec of HDMI if you don't believe this nonsense. It permeated the whole O/S since Windows is umm, err a Windowing system, so to prevent there being any path round the DRM, they had to screw with pretty much everything.

One firm I did some consultancy for disabled the read-only CD Rom drives.
I had to bring in my own PC because the stuff I needed for my job was on it.
So everyone else had a locked down PC, and I waltzed in plugged in the laptop and did what was necessary, with no hindrance from any security at all.

Local hard drives are necessarily more vulnerable, so imagine how fast compilation goes when everything is run off the server. Try this at home...

If you're doing serious low latency work like the Goldman case above, you need to monitor what is going on at a network level, literally tapping in at the wire. At many firms, merely having such s/w is instant dismissal. Debuggers don't just monitor what your code is doing, you can change the values and make it skip over code you don't like. You can stop people doing that as well.

Because of things like this many firms have a policy of absolute separation between development and production environments. Does anyone here really believe this is thoroughly enforced ?

I recall the auditors at my last firm got quite stressed about the idea of a "head of" level person actually being able to change firewall settings, and having passwords in his head. The fact that this was a novel idea to them should tell you how much the average senior IT guy knows about what's going on in his department.