From reading the articles, it seems to me that Mr. Aleynikov actually was successful in downloading the program code … all 32 megs of it. Not only did he download it to his home computer, but he also was able to load it onto a server somewhere in Germany. And who knows what damage he might have done in the month between when he stole the data and when he was arrested?
What appears to be the case is that Goldman’s security systems, however sophisticated they might be, did not in fact succeed in stopping an expert insider from downloading highly valuable data, as Mr. Schneier asserted. The monitoring systems seemingly detected, after the fact, that the data had been wrongfully exfiltrated. Subsequent forensics work probably determined what had been done with the data and who might have done it. The most disturbing quote in the Times article is by assistant U.S. attorney Joseph Facciponti who, according to Bloomberg News, said that “The copy in Germany is still out there, and we at this time do not know who has access to it.” Tell me … who stopped what here?
If the (somewhat contradictory) reports are to be believed, the lesson to be learned from this incident is that even the most sophisticated of companies, such as Goldman, can find it next to impossible to prevent a knowledgeable and motivated insider from getting around the installed protective measures. This is particularly disquieting since most other organizations are not nearly as competent in their security programs as is Goldman. Who knows what havoc could be wreaked against other firms?
Popularity: 12%
