Insider dealing 2.0

Bloomberg reports that a Goldman Sachs employee was arrested for the alleged theft of trading code. The suspect is a dual Russian-US national and was arrested after transferring the code to a machine in Germany.

While we do not yet have the details of this particular incident, it is the type of theft that would require significant resources to exploit. Without the necessary capital to front-run the Goldman-Sachs trades, the trading software is not worth too much.

Traditional businesses strategy is to use capital from a cash cow to develop new forms of enterprise. MBAs are told to 'work up the value chain' to find larger rewards. It has always been a matter of when and not if the Russian cyber-mob would decide to take the profits they have made from cheating bank customers and go after the banks themselves.

In this case the suspect is a dual national, most likely he has family living in Russia. It might well turn out that blackmail was involved. This has occurred in corporate espionage cases. If an employee has a relative living in a police state, they can be pressured in subtle ways. A parent gets sick but the normal hospital treatment is unavailable, unavailable that is 'unless' the child can perform a 'patriotic service' for the state.

Understanding the risk is one thing, working out how to apply effective controls is quite another. Attempts to compartmentalize information are expensive to design and maintain. Trying to compartmentalized code is more challenging still.