He's just a mis-understood
Underpaid slave to his desk.
Feds cuff coder accused of US bank source code swipe
A computer programmer has been charged with stealing source code worth $9.5m from the Federal Reserve Bank of New York, according to the FBI and prosecutors. Bo Zhang, a 32-year-old from Queens in New York, was cuffed on suspicion of swiping the Government-wide Accounting and Reporting (GWA) software, used to help keep track of …
This topic is closed for new posts.
"...he subsequently copied the code onto an Fed-owned external hard drive..."
What is it with FedGov agencies and external storage devices?
First there was Wen Ho Lee at Los Alamos, then the missing floppy flap at Sandia, followed by the UAV management system malware debacle, and now this guy at the Federal Reserve...
its already considerable protections
Somebody missplet "porous."
No this program?
for (;;) {
$accountBalance += $irs->extortMoneyAtGunpoint($taxRate) unless $deathDidDie;
$accountBalance += $treasury->sellGovtBondsToHoiPolloi();
if (log(-$accountBalance) > 12) {
$fed->printRandomAmountOfMoney();
$accountBalance += $treasury->sellGovtBondsToFedVia($goldmanSachs);
damageControlVia(@spinmeisters)
}
do {
$accountBalance -= $congress->welfareWarfareSpending($exelSheet,$blackExcelSheet);
} while !moneyLustSatiated();
elect(); elect();
$taxRate *= 1.1;
$situation->update($taxRate,$accountBalance)
throw FinancialException if $situation->isZimbabwe()
}
Stupid
Regardless of how innocent his purpose is, doing this is just plain stupid. I'm sure that in his boilerplate contract, there are sections dealing with proprietary code and confidentiality. Plus this is coding for the Federal Reserve. I'm surprised that the NSA didn't just black bag him quietly and avoid the publicity.
Its a boring accounting system.
Not only is it a boring accounting system. Its an accounting system for a government department. It has no commercial value whatsoever.
''
The fact that the feds (over)spent $9.5 million on the software does not actually make it worth anything.
This would seem to be yet another example of Federal government prosecutors abusing there powers to boost there conviction numbers, get publicity and enough promotion to run for a better paying job.
For other examples take a look at:-
http://www.economist.com/node/21542772
http://www.economist.com/node/16636027
Not like this
By the end of the article I'm beginning to wonder...
If he wasn't told this is just some stuff we use that needs these improvements...
If he looks at the code and thinks what a POS this is...
If after questioning some stuff he's told, look, you're just a contractor, fix what we say and just shut up about the rest...
If after awhile of trying to fix up things he doesn't think parts of the code aren't *perfect* examples of what not to do...
If he didn't think, I should include bits of this trash as examples in my part-time class I'm setting up...
In other words, he tried to get some positive value out of code with negative values. A DailyWTF, but with the FRB source code.
Wrong actions, yes. But maybe it's more like Dumb (contractor) and Dumber (code)?
*Now* they tell him it's worth US$9.5crapillions? Anyone for an independent review? How about this turning around into "You paid *what* for this limp biz-wang?"
QB
...would have saved them a whole bunch of money - and arguably produced the same results in the end. Any QB users knows exactly what results I'm talking about. I'd be willing to bet that if they'd used QB they'd have been about to reduce their costs by at least a hundred thousand dollars.
Government-Wide Accounting and Reporting
or GWAR for short.... heh-heh - huh-huh -hehehehe -huhuhuh . those guys are cool.
Now they know where the code went ...
... are they any closer to finding all the missing money?
Minority Report
In the case of: U.S. v. Zhang, 12-mag-00108, U.S. District Court, Southern District of New York (Manhattan).
> A New York Fed spokesperson told Reuters and others that the bank had investigated the breach as soon as it was uncovered and promptly referred the case to the authorities ..
>> The New York Fed detected the breach through its established security procedures and referred it to law enforcement officials, Jack Gutt, a spokesman, said in an e- mailed statement ..
http://www.businessweek.com/news/2012-01-19/treasury-code-stolen-by-new-york-fed-programmer-u-s-says.html
Minority Report: Investigators discovered the breach after one of Zhang's colleagues told a supervisor Zang had been asking round the office about a missing harddrive. Zhang had previously told colleges that he was developing something "for private work", in the event that he would be dropped from his current perma-temp contractor employement. The complaint, stated that Zhang copied his own code onto the external drive.
Another one bites the dust
When will they learn? Too late.
An armchair philosopher writes...
Whilst I can see that these acts are a breach of contract, how can it be said that he "stole" $9M of software.
When my bicycle was stolen, I no longer had the use of it to ride to the shops or the pub. When this man copied the source code, it was still there for the Fed to use. Massive fines and up to ten years in prison seems rather disproportionate. It also seems like dumb economics as the legal system wants to remove the economic gain of a taxpayer, plus the cost of keeping him in prison for up to ten years for a crime that seems to have inflicted no damage to anyone. Or am I missing something here?
@Anonymous Coward - Ahh but you have to understand the 'logic'.
"He might have got something that we didn't--so that'll learn him. Even if it costs us."
Some call it revenge.
Oh, Janice...
"""
Stealing it and copying it threatened the security of vitally important source code
"""
Oh Janice. Security by obscurity is not security.
Why is this "highly sensitive"?
It's an accounting package.
If there are secrets in how it works, there's something badly wrong with it...
Vic.
Presumably because
it reveals just how much cash goes walkabout each year.
"copying it threatened the security of vitally important source code"
not saying he wasn't wrong doing this. But if exposing the source code can threaten the security then it's because it's not very secure, hope they don't use this angle in the court case.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
