Goldman Code Theft BOMBSHELL?

The Market-Ticker ^ | July 8, 2009 | Karl Denninger

[Mister Muggles]

Maybe GS has complete freedom to pull the strings on the market because they are using part or all of the original $787 BILLION bailout fund as their own private liquidity in a “dark pool” hidden fund. Such an amount of hidden liquidity would certainly be enough to manipulate equity markets on a daily basis.

What was Hank Paulson’s old job title again?

[editor-surveyor]

If this is the backbone encryption codes, this is way past huge. The data could be blocked and fed into a delay of only a few seconds, and steal the wealth of every trader.

[mo]

I never really appreciated the words “rope” and “lampost” together quite so much.....

[DuncanWaring]

Network Ping.

[hiredhand]

Bear in mind that there are two broad questions to consider here. One is whether or not the alleged actions were indeed committed. The other is whether or not what Denninger is suggesting is possible.

While I can't speculate on the first, I can confirm that the second is indeed possible under certain conditions. I'd go as far as to say it could even be TRIVIAL. In fact, in the realm of network encryption, stealing codes is old school. It's a lot easier to simply grab the traffic behind the crypto termination point. We use hardware SSL accelerator technology made by Cisco Systems (other companies manufacture similar hardware though) and have what are called spans, or monitor sessions established on the switch gear behind the SSL accelerator which cross connects to a Linux based sniffer....and that's just ONE test point. We can drop VOIP phone calls into "wav" files, watch exactly what somebody is surfing to on a PC, intercept Instant Messenger traffic (encrypted or NOT), and any and all manner of other traffic types. We use this for troubleshooting as well as "auditing" when requested. We even do this with fiber optics, which are said to be very difficult to tap. When the fiber terminates into a switch that also has copper gigabit ports, just span the fiber traffic over to the copper gigabit port! There's no need to tap the fiber port per-se. In fact, the term tap as used today in current technology is really a misnomer. We only use that term because if we called it what it really is, nobody would understand us. Everybody understands a tap though. :-)

But to say that those who own the network, stole a code to snoop the traffic is probably incorrect. There would certainly be no reason to steal anything. Even if they're using other (non-SSL) encryption gear, somebody has access to the unencrypted network on the backside of the things. Somebody who doesn't understand technology infrastructure might be lead to think that somebody stole an encryption key to pull this alleged theft, but I doubt it.

More than this, I can say from experience that if people have enough access to drop traffic from the wire on core switchgear, they also have enough access to cover their tracks well enough to get away with it.

The financial industry does have some interesting requirements for transporting data across networks. I'm fairly certain they're either straight out of FIPS (Federal Information Processing Standards), or some similar federal requirement. While I can't give details here, the technologies used do indeed make it difficult for "most" to perform unauthorized interception of traffic. But the bottom line is that there's always somebody on the IT staff who holds the keys to the kingdom.

[IamConservative]

http://www.clearsightnet.com/

Here is one product I have used to do just what you describe. We use the term “port mirroring”, which in effect sends a duplicate copy of all the traffic from one network port in a switch to a second port for “monitoring.”

I was demoing the product above to some management folks one time and at random pulled up a copy of a VoIP call we had monitored. The call happened to be one of the managers attending calling their spouse. It left a certain chill in the room.

Sarbanes Oxley has had some effect on security of systems, but as you say, someone *has to* have the keys to the kingdom or things won’t work.

[hiredhand]

I'll check out "clearsight". Since you obviously understand what I'm talking about... we simply spanned all the major trunks in our datacenter over to fairly high powered Linux box with a BUNCH of gigabit Ethernet cards in it, and mainly we use tcpdump for troubleshooting. However, Dug Song's (dsniff) toolset is also there, as well as an app (can't recall the name at the moment) for grabbing VOIP traffic into wav files...as well as some custom things that we created.

We caused a bit of a stir back in 2006 when I stood this beast up on our network because in the full interest of disclosure, management needed to know that my team would by virtue of having access to this system also have access to things such as RACF credentials on our IBM Enterprise platform where everything important is housed inside of DB2. At first they were concerned, but they came to terms pretty quickly with the fact that you have to trust somebody. :-) It's very difficult to give people like us enough access to do our jobs, but stay within a narrow confine. We're a state government agency, so implementing something such as DoD C-2 is out of the question.

It's a good argument for making sure that people in the type positions we're talking about are of high integrity, and very, very loyal.