Attacks/Breaches
5/11/2010
04:58 PM
50%
50%

Goldman Sachs Sued For Illegal Database Access

Employees at Goldman allegedly used misappropriated credentials to grab intellectual property from market intelligence service's database

Goldman Sachs has been slapped with a $3 million lawsuit by a company that alleges the brokerage firm stole intellectual property from its database of market intelligence facts.

Filed last week in the U.S. District Court for the Southern District of New York, the lawsuit claims Goldman Sachs employees used other people's access credentials to log into Ipreo Networks's proprietary database, dubbed Bigdough. Offered on a subscription basis, the information contained within Bigdough offers detailed information on more than 80,000 contacts within the financial industry. Ipreo complained to the court that Goldman Sachs employees illegally accessed Bigdough at least 264 times in 2008 and 2009.

Adrian Lane, an analyst with Securosis, says this is a textbook case for why companies with important intellectual property held in databases need to implement robust monitoring tools to supplement sound access control policies and procedures.

"Insider threats of CRM systems is literally the genesis of [the database activity monitoring] industry," Lane says. "This is a prototypical example of why you want to have monitoring over and above access controls to verify usage. You want to check to make sure that the individual is looking at the records that are appropriate to that account."

According to the suit, Goldman Sachs did acknowledge that the IP address used to make the unauthorized access belonged to the brokerage firm, but that it was just the act of a lone employee.

Phil Lieberman, president of Lieberman Software, believes that defense won't wash well in court. "The only place this rogue-employee defense works is if the employee goes nuts off-site of the company with no company direction and hurts someone while not conducting company business," he explains. "Sharing a bucket of KFC chicken with a friend is OK. Sharing the secret formula for KFC chicken with a friend who then goes out and makes money from the information is not OK. In this last case, if the cook gets the formula for the chicken and makes more money for the restaurant as a result of the secret information, the owner will be liable for the stolen information."

As Lieberman puts it, shared accounts are a sad fact of life when IT manages its own systems. Things become a lot trickier, though, when that account-sharing involves third-party services. "Many online companies provide a per-seat licensing model that does not enforce restrictions or stop sharing. In many cases, these per-seat costs are very high and it is deemed to be too troublesome for low-level employees without executive titles to purchase additional seats, so theft is the usual outcome," Lieberman says. "In this case, it appears that friends probably shared these licenses outside of their company as a 'favor.'"

In most cases, when the service provider informs the infringing party that they need to pay for what they stole, the offending party basically pays for the stolen property and that's it, he says. "[But] it appears that Goldman decided to take the road less traveled and enter into a less-than-savory legal and business position that has now landed them in court," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.