NEW YORK (AFP) – Goldman Sachs boss Lloyd Blankfein took to the stand Wednesday, telling jurors at a high-profile insider trading trial that one of the storied bank’s ex-directors leaked sensitive company secrets.
Blankfein admitted former Goldman director Rajat Gupta broke the firm’s confidentiality rules by giving on-trial hedge fund manager Raj Rajaratnam an inside take on the bank’s possible acquisitions.
Rajaratnam, who worked for the Galleon Group, is accused by the government of creating a corrupt network of informants to rack up millions of dollars in fraudulent profits.
Blankfein appeared in a somber dark suit and blue tie before the New York court, where he heard a recording of Gupta and Rajaratnam discussing rumors that Goldman’s board “might be about to buy a commercial bank.”
“This was a big discussion at the board meeting,” Gupta said during a 2008 call, which was secretly taped.
“It was a divided discussion,” he said, adding that he would be “extremely surprised if anything is imminent.”
After being played the recording, Blankfein was asked if Gupta had broken the company’s confidentiality policies.
“Yes,” Blankfein replied.
Rajaratnam’s lawyers argued their client was just doing his job, trying to clarify information that was already circulating in the press.
Blankfein’s appearance in court as a government witness provided jurors with a rare look inside one of Wall Street’s most secretive firms.
The case is being eagerly watched by traders, as much for its personality theater as for new guidelines on what constitutes insider trading.
Earlier in the proceedings, US assistant attorney Jonathan Streeter said Rajaratnam “cheated” to benefit from illegal insider tips even as the US financial sector was in meltdown in 2008.
But defense attorney John Dowd countered that the Sri Lankan-born 53-year-old was nothing more than a brilliant entrepreneur whose Galleon hedge fund used legal, public information and “the best research in the business.”
The government case rests largely on wire-tap conversations allegedly showing Rajaratnam cultivating illegal information, and the testimony of former associates and colleagues who have already been convicted and are cooperating with the government.
Gupta, who was also a Procter Gamble director, is accused by the Securities and Exchange Commission of giving Rajaratnam “information about the quarterly earnings at both firms, as well as an impending $5 billion investment by Berkshire Hathaway in Goldman.”
The watchdog described Gupta as “a friend and business associate of Rajaratnam.”
Gupta, a Connecticut-based business consultant and former managing director of global consulting firm McKinsey Company, was also accused of being a direct or indirect investor in at least some of Rajaratnam’s Galleon hedge funds.
The internet security firm Comodo Group said it had been victim to a hacker attack that appeared to have been part of a larger scheme to eavesdrop on encrypted e-mail and chat communications that may have been sponsored by Iran.
Comodo, a digital certificate authority and security software maker, said on Wednesday that it unwittingly issued fraudulent digital certificates for Web sites operated by Google, Yahoo, Microsoft, Skype and Mozilla. Digital certificates are used to vouch for the authenticity of a site owner and facilitate encrypted communications between sites and their users. Comodo revoked all of the certificates immediately upon discovery of the incident and notified the site owners, the major browser makers and relevant government authorities, it said.
The firm described the attack as well-planned and deployed with “clinical accuracy” from computers located mainly in Iran, though it pointed out in a company blog post that those computers could have been used to “lay a false trail.” But it said that the characteristics of the attack, and the fact that Iran has sought to penetrate online communication services in the past, led it to “one conclusion only” — that the attack was likely to be “state-driven.”
The Iranian government, like others in the Middle East facing opposition movements leveraging the Internet to organize protests and press for democratic change, has aggressively sought to restrict and monitor Internet access by its citizens.
With the certificates, a hacker would be able to set up server computers that would appear to work for the targeted Web sites. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals’ accounts, said Mikko H. Hypponen, chief research officer at the security firm F-Secure, in a blog post.
Even without a grip on Internet traffic, a hacker could lure dissidents or other Web users to the rogue server and then intercept their communications and account details, said Roel Schouwenberg, a senior researcher at the security firm Kaspersky. “You can ‘own’ a target without having to compromise anything at the target’s end,” he said. “It might not be easier, but it might be ‘cleaner.’”
The fraudulent certificate for Mozilla, which was for its Firefox add-on site, might have allowed the attacker, posing as Mozilla, to install malware on targeted PCs or to block the installation of Firefox extensions that help users bypass government-imposed censorship filters, Mr. Hypponen said.
“Everything points to this being an intelligence operation,” Mr. Schouwenberg said, noting that theft of certificates has become a favored tactic among governments.
The Stuxnet worm that targeted Iranian nuclear installations last year also made use of stolen certificates, though those certificates were stolen from hardware companies who owned and used them to “sign” their products, not the certificate authorities that issued them.
In this recent attack, Comodo, one of several companies with the authority to issue digital certificates to Web sites, said one of its partners in Southern Europe, a so-called registration authority, which acts as an intermediary between it and some Web-site customers, suffered a security breach on March 15. That breach allowed the hacker to set up a bogus account and quickly prompt Comodo to generate the nine certificates.
News of the breach led to calls for increased scrutiny of the entire certificate system.
“This should serve as a wake up call to the Internet,” wrote Jacob Appelbaum in a blog post for Tor Project, a nonprofit group that makes free software that dissidents, journalists and other privacy-conscious people use to surf the Web anonymously and defeat online monitoring. “We need to research, build, and share new methods for ensuring trust, identity, authenticity, and confidentiality on the Internet,” he wrote.
Comodo said it has evidence that the hacker tried to use one bogus certificate for Yahoo, but no evidence of use for the other companies singled out. Yahoo said it was aware of the incident and “will continue to monitor this closely.”
Skype also said it was monitoring the situation and had taken steps to mitigate an attack on its service. “We do not expect any issues as a result,” Skype added in a statement.
Google said it had not detected any use of fraudulent Google certificates.
The major browser makers have all issued updates for their software to block the bogus certificates. Google pushed out an update to users of its Chrome browser on March 17. Mozilla said in a blog post Tuesday that it issued an update to its Firefox browser and urged users to download it. Microsoft did the same on Wednesday.
When Marcone Supply bought a competitor last year, it looked
like the sort of low-risk deal that happens all the time in
unglamorous industries like appliance parts.
Marcone, a 79-year-old parts distributor in Creve Coeur, was
already No. 1 in its industry. Several previous acquisitions had
extended its geographic reach, and buying Buffalo-based AP Wagner
would solidify its position in the Northeast.
A few months after the deal closed, however, Marcone noticed
that many of Wagner’s best customers were no longer placing orders.
A few months after that, Marcone filed a lawsuit accusing two
former employees and a competing company, Detroit-based 1st Source
Servall, of corporate espionage.
Parts of the case, a court document says, would be “appropriate
for a John LeCarré novel.” The suit alleges that one of the
ex-employees tried to destroy evidence of his theft by crushing
memory sticks in a vise and taking a hammer to a hard drive.
LeCarré’s spies, no doubt, would find more creative ways of
covering their tracks. But the novelist might not have imagined
that something as prosaic as a customer list could be at the center
of a high-stakes dispute.
The trouble, Marcone Vice President David Ganz says, is that the
list contains much more than names and addresses. It had data on
past orders, pricing and credit history.
Somebody with access to that data could quickly set up a
competing operation and grab Marcone’s best customers. And that,
the lawsuit alleges, is just what Servall did.
The Detroit company, which didn’t have much presence in the
Northeast before, hired Karl Rosenhahn and Mark Creighton, the two
former Wagner executives who are co-defendants in Marcone’s suit.
After they began using the list, Ganz says, Marcone identified 640
customers whose orders dried up. The loss of sales, he says,
amounted to $12 million last year.
Marcone’s suit doesn’t specify a damage amount, and no trial
date has been set. New York Justice John Michalek did, though,
issue an order last month that prohibits Servall from soliciting
business from Marcone’s customers. A New York appellate court
upheld the order on March 10, with a modification that allows
Servall to accept unsolicited orders from those customers.
Servall issued a statement calling the appellate ruling “a
significant victory” and saying that it wants to serve “customers
impacted by Marcone’s recent poor service and price gouging.”
Ganz, the Marcone executive, points out that it’s Servall
employees who have admitted unethical behavior. Rosenhahn and
Creighton first denied that they had taken any confidential
information, then admitted the theft after Marcone got court
permission to examine their computers.
Ganz also says that Marcone reduced some of Wagner’s prices,
kept most of its employees and invested more than $1 million in its
offices and warehouses. The merger wasn’t, in other words, a
slash-and-burn deal.
“It should have strengthened both entities,” he said. “Last
year, instead of being kind of a fun year with new people and new
locations, it wasn’t comfortable and it wasn’t fun.”
Michael Moberly, a security consultant and founder of Knowledge
Protection Strategies in University City, says information-theft
cases like this are not unusual. “We have this natural tendency to
want to trust our employees; we want to trust everybody,” he
said.
The highest-profile cases, Moberly says, involve high-tech
companies whose employees spirit away a key software program or a
new microchip design. But all companies — even those whose business
revolves around mundane things like hoses and dishwasher racks —
have valuable know-how and customer-relationship data.
And, as Marcone learned the hard way, information in the wrong
hands can do a lot of damage.
QUEENSLAND Police have slammed an iPhone app that allows users to tap into police radio frequencies on which officers name victims of domestic violence, sexual assaults and other crimes.
The TuneIn Radio app features a pre-programmed menu from which users can listen in and record police radio frequencies in several large regional centres, including Ipswich and Redcliffe.
“There are obvious privacy concerns for victims of crime, as well as operational safety considerations and potential for impacts on ongoing investigations,” said a police spokeswoman.
The app, which also picks up thousands of commercial stations and allows users to listen in to emergency services radio, only receives analog frequencies and doesn’t pick up the Brisbane city police network, which is digitally encrypted.
Queensland Privacy Commissioner Linda Matthews said the app made it easier for people to use the information for the wrong reasons. “The technology to access these broadcasts isn’t new what’s really new is the way it broadens the accessibility.”
She said the Queensland Government could not demand Apple remove the app from its online store because privacy legislation didn’t cover the private sector.
Middleware giant Software AG conducted an elaborate corporate espionage scheme replete with “sex, lies and an audiotape,” according to allegations in a lawsuit filed by RFID (radio frequency identification) vendor GlobeRanger.
GlobeRanger, of Richardson, Texas, “poured a decade of work and tens of millions of dollars into developing technology that is truly transformative and promised to exponentially facilitate the flow of goods and information throughout the world,” according to its complaint, which was originally filed in a Dallas County, Texas, court in December and moved to federal court this month.
Software AG, which dwarfs GlobeRanger in size, “had an irresistible motive,” the complaint adds. “It stood to make hundreds of millions of dollars from stealing GlobeRanger’s technology and attaching it to a product already deployed in tens of thousands of companies worldwide.”
RFID technology is not new, GlobeRanger’s complaint notes. But its platform is “a true chameleon” that can be deployed in any enterprise within two to three months, it claims.
Its products are used to track crime scene evidence in Holland and monitor the removal of hazardous materials from a Tennessee nuclear site, the complaint states. It even “knows just where ‘your dollop of Daisy’ sour cream is between farm and market.”
GlobeRanger has also won contracts making it “the enterprise standard” for the U.S. Defense Logistics Agency and the U.S. Air Force, according to the complaint.
Software AG’s April 2007 purchase of middleware vendor WebMethods for US$546 million is at the root of the conspiracy alleged in GlobeRanger’s filing.
“WebMethods was worth so much because it is literally everywhere — in every industry, every sized enterprise,” the complaint states. An integration between RFID technology and WebMethods would constitute a “holy grail” and a “massive home run” for Software AG, it adds.
However, WebMethods was not developed with RFID in mind, according to the complaint.
Now with WebMethods in hand, it would be years before Software AG could develop a viable RFID product, leading the company to make a brazen move, according to the complaint.
“Software AG had just spent a half a billion dollars. It had to show returns on this investment,” it states. “Software AG decided that it would develop an RFID Solution through corporate espionage.”
GlobeRanger’s complaint also names two systems integrators it had worked with, Main Sail and Naniq Systems, as defendants.
A director at Naniq, Kim Gray, “was unusually successful” at winning contracts from the Navy’s Automatic Identification Technology Office, according to the complaint, which said, “She was also having an improper relationship with Bob Bacon, the married head of Navy AIT.” Gray was also “involved with a man at Software AG,” it alleges.
