A federal judge in New York has denied bail to a former trader at Societe Generale who was arrested earlier this week for allegedly stealing proprietary computer code used in a high-speed trading system.
U.S. Magistrate Judge Michael Dolinger ordered Samarth Agrawal, 26 to remain jailed, citing flight risk concerns if Agrawal were to be released on bail.
Agrawal has been in custody since Monday when he was arrested on one count of theft of trade secrets. If convicted, Agrawal, who is a native of India, faces a maximum of 10 years in prison.
Agrawal is the second individual to be nabbed in the past year for attempting to steal proprietary information involving high-speed trading systems. Last July, Sergey Aleynikov, a software developer working for Goldman Sachs, was arrested on charges that he stole 32 megabytes of proprietary code used in the company’s high-speed, high-volume trading system.
Agrawal worked at Societe Generale’s New York offices initially as a quantitative analyst and later as a trader in the company’s High Frequency Trading Group (HFTG).
According to the official complaint against him, the code that Agrawal is alleged to have stolen took Societe General several years and millions of dollars to develop.
The company took several measures to protect the code, including by dividing it into multiple smaller ‘units’, limiting access to only those employees whose jobs require it and then only to specific units, as well as preventing the code from being downloaded to portable storage devices such as USB thumb drives.
Agrawal’s alleged theft of the code began in June 2009, about two months after he was promoted to the position of a trader within Societe Generale’s HFTG. As a trader, Agrawal was granted access to the trading algorithms on one unit of the proprietary code.
According to the complaint, Agrawal is alleged to have used that access to copy the entire proprietary code in that unit, as well as another unit that he was not officially allowed access to. He is also alleged to have captured several screen shots of the entire file system structure of the unit containing the code.
The copied documents, which amounted to hundreds of pages of proprietary code, some of which were stored as Microsoft Word documents, were later printed out by Agrawal the next day, which happened to be a Saturday.
Though Agrawal was supposed to inform his supervisor about his presence in the office on a weekend, he did not inform anybody that he had been there.
On two separate occasions thereafter, once in August and the other in September, Agrawal is alleged to printed out hundreds more pages of proprietary code from the two units he had accessed and copied data from in June.
Agrawal resigned from Societe Generale in November despite the company’s efforts to get him to remain with the firm. According to the complaint, Agrawal declined to stay despite being assured that his bonus for 2010 would be “several multiples” of the $130,000 bonus he had received in 2009.
The complaint noted that Agrawal told supervisors he wanted to return to his native India and set up a high-frequency trading firm there.
The complaint doesn’t make it clear when exactly or how Agrawal’s activities were first noticed. It does however describe the investigating agent as having gone through numerous detailed computer transaction logs, printer logs and video recordings capturing all of Agrawal’s illegal activities.
The incident is the latest to highlight the dangers posed to corporate data from insiders with privileged access to business networks and systems, said Phil Neray, vice president of security strategy at Guardium, an IBM company that develops database security software.
In this case, Agrawal’s activities appear to have remained unnoticed despite what should have been some obvious signs such as his accessing a unit of proprietary code that he was not allowed access to or his printing out of hundreds of pages of proprietary on a Saturday, Neray said.
Incidents such as this highlight why companies need to have tools that not only control access to sensitive data but monitor all access as well, he said.
Importantly, such incidents also hammer home the importance of monitoring logs on a regular basis and having a system for real-time alerts when something out of the ordinary is happening on a network, he said.
“Just because you have logs doesn’t mean you are secure,” Neray said. “Logs are just logs. They are useless unless you examine them,” he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld.