Gold Finger

The former Goldman Sachs Group Inc. computer programer, Sergey Aleynikov, found guilty in December for stealing proprietary computer code from Goldman's high speed trading desk, was sentenced to 97 months in prison on March 18, according to the Federal Bureau of Investigation.

Aleynikov was convicted on Dec. 10 in Manhattan federal court on charges of theft of trade secrets and interstate transportation of stolen property.

Aleynikov was employed at Goldman between 2007 and 2009, during which time he developed programs for the company's high-frequency trading desk, which, according to the FBI generated millions of dollars in profits per year for the company. Aleynikov left the company in 2009 and joined Teza Technologies, of Chicago, Ill., where he helped the company develop its own high-frequency trading platform.

On his last day of work at Goldman, Aleynikov secretly transferred large portions of the investment bank's code for the trading platform to an independent computer server in Germany. The FBI reports he also transferred thousands of computer code files to his home computers.

He reportedly arrived at Teza for his first day of work with the code on a laptop and an external storage device.

In explaining the severity of the sentence, Judge Denise L. Cote said: "[Aleynikov's] conduct deserves a significant sentence because the scope of his theft was audacious—motivated solely by greed, and it was characterized by supreme disloyalty to his employer."

In addition to his prison term, Cote sentenced Aleynikov to three years of supervised release, and he was ordered to pay $12,500 fine.

Boy Meets URL

It's a case of opposites attract: A new study by polling company Harris Interactive shows that some 13 million adults are willing to accept invitations from members of the opposite sex, even though those requests might be from strangers, according to a March 22 story on CNet.com.

That opens up social network users to attacks from hackers, who can use the connections to phish for more information about consumers. The issue is important for bankers, because consumers often reuse their passwords for multiple sites, including access to their online banking services.

About 18% of men and 7% of women are willing to accept invitations from strangers of the opposite sex, according to Harris, and 5% of all adults will accept all requests from strangers. The results are based on a survey of more than 1,000 adults polled in February.

More than 24 million U.S. citizens leave their information public, according to CNet.

Payday Scam

The Federal Trade Commission announced a settlement on March 17 with fraudsters who operated a payday loan scam that tricked hundreds of thousands of consumers into signing up for unrelated debit cards.

Matthew Patterson, Mark Benning and Swish Marketing, Inc., of Palo Alto, Calif., have agreed to pay $800,000 plus the proceeds of the sale of a house to settle claims they tricked consumers when they applied for loans on various websites operated by Swish.

The sites reportedly contained tiny, pre-checked buttons that also signed consumers up for debit cards that cost $54.95 each.

The debit cards were marketed through Virtual Works LLC.

In August, 2009, the FTC charged Swish and Virtual Works with deceptive business practices. Jason Strober, another part-owner of Swish, and Virtual settled separately with the FTC in October 2010.

Patterson and Benning will be barred from misrepresenting facts about any product or service, or misrepresenting that a product is free without disclosing all terms and conditions; They will also be barred from charging consumers money without first disclosing what billing information will be used and for what amounts. They must also monitor the activities of their business affiliates going forward.

Both settlements are components of a $5.2 million judgement against the fraudsters, the FTC reports.

Flash Drive

Adobe Systems Inc. of San Jose, Calif., announced it had released a plug for a security hole in its popular Flash Player, Adobe Acrobat, and Adobe Reader products, according to a March 21 post on the blog Krebs on Security, written by security expert Brian Krebs.

The patch comes about one week after Adobe announced hackers were exploiting Flash to attack users of the product. Most bank customers use Adobe products, and practically all computers have Flash installed.

In an updated release from March 21, Adobe said the vulnerability could cause systems to crash, or it could allow hackers to take over victims' computers. Adobe said the vulnerability could be lodged in Microsoft Excel files delivered as attachments.

Experts recommend updating to the latest version of Adobe Flash. Acrobat and Reader.

Thais That Bind

Four Romanian tourists were arrested in the Thai resort of Phuket on charges of operating a credit card skimming scam that stretched around the globe, according to a March 16 story in Secure Computing Magazine.

The skimming crime involves some 7,000 stolen credit card numbers, and a theft of 100 million Thai Baht, or roughly $3.3 million.

The arrested include Florin Eugen Gavrila, 33, his wife Alexandra, 26; Claudiu Constantin Vilvoi, 36; and Bogdan Constantin Ene, 23.

The four reportedly used more than 200 blank cards with magnetic stripes, coupled with numbers stored on a hard drive that had information from 5,000 British and 2,000 Latvian card holders. They withdrew money from ATMs at the Thai resort, Secure Computing reported.

The alleged criminals targeted people who might not miss the money right away, including the wealthy and the elderly.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.