Not over yet …

113147_600The Wassenaar Arrangement was signed by the US, Europe, and Russia in 1996. The primary goal of the arrangement is stated as anti-proliferation, stopping uranium enrichment and chemical weapons precursors, and controlling conventional weapons. Wassenaar also classifies crypto as a munition. This allows the NSA to eavesdrop and decrypt messages.

Last year, Wassenaar added three categories of cyber-weapons:

  1. “intrusion malware”: The specific example is malware sold by FinFisher to governments like Bahrain, which has been found on laptops of Bahraini activists living in Washington D.C.
  2. “intrusion exploits”: These are tools, including what’s known as “0-days”, that exploit a bug or vulnerability in software in order to hack into a computer, usually without human intervention.
  3. “IP surveillance” products: These are tools, like those sold by Amesys, that monitor Internet backbones in a country, spy on citizen’s activities, and try to discover everyone activists/dissents talk to.

Wassenaar includes both intrusion malware and intrusion exploits under the single designation “intrusion software”, but while they are related, they are significantly different from each other. The BIS rules clarifies this difference more.

On May 20th, the United States Bureau of Industry and Security (BIS) proposed US rules to comply with the Wassenaar additions. These rules further restrict anything that may be used to develop a cyberweapon, which therefore make a wide number of innocuous product export-restricted, such as editors and compilers.

Excuse me? Yes, more here.

The BIS proposal is not yet fixed in stone. The comment period ends July 20. You can submit comments here.

One thing to note is that the comments we want to make don’t precisely match up with the questions they are asking. For example, they ask “How many additional license applications would your company be required to submit per year?” This has nothing to do with why people are up in arms over this proposal.

Overcoming the Shock Doctrine


Translated by Stacco Troncoso, edited by Ann Marie Utratel

Lately, we’ve been talking about the techniques of manipulation used by the government and mass media, regarding the privatization of public education, and all public benefits.

In these first months of legislature, the better part of this manipulation has been aimed at rendering us into a state of shock, after which, intimidated and paralyzed, we would not react against the losses of rights brutally imposed on us. The measures, announcements and declarations of the autonomic and central governments are meted out to us day by day, gradually, like a poisonous drip of constant anxiety.  Relentlessly, the media – in some cases, better to say “propagandists” – continues their tireless preaching, like a disheartening echo of bad news from on high (from the council of ministers or the rating agencies).

Naomi Klein explains in her book, “The Shock Doctrine”, how neo-liberalism, unable to convince people by means of argument (since these neo-liberal measures are essentially anti-people), has only been able to impose itself via coups d’etat, declarations of war, situations of catastrophic natural disaster, or other traumatic phenomena, leaving the public in the grip of anxiety and fear.

And what, if not fear, are they trying to inoculate us with in this country? Fear of losing our jobs, for example, or of never again being able to find work, or of being offered nothing more than exploitation, plain and simple; fear of losing the right to healthcare,l or being unable to provide adequate education for children; fear of ending up foreclosure victims, sleeping on the street; fear, finally, of being unjustly arrested for peacefully protesting at a demonstration.

In this article, we examine how the shock doctrine takes effect on us under the name “learned helplessness”. But also, how we can escape this state of despondency if we learn to correctly attribute the causes of our malaise.

Learned Helplessness, a weapon of mass destruction

It’s true enough that the powers that be treat us like dogs, or at least like the dogs in Seligman’s experiment.

At the end of the Sixties, psychologist Martin Seligman carried out the following experiment. Inside a lab cage, a dog was exposed to a series of unavoidable electric shocks. Meanwhile, in a different cage, another dog would be able to interrupt these shocks by pressing a lever. Later, both dogs would be situated over an electrified surface from which they could escape by simply jumping over a barrier. The dog that had been able to control the electric shocks would jump the barrier, while the other dog, instead of looking for a successful exit from an adverse situation, stayed, passively bearing the shocks. This dog had “learned” his helplessness. Why waste the energy trying to escape from the negative stimuli when you know (really, more like believe) that you can’t?

Learned helplessness leads to depression. Not doing anything, because you think it’s all useless.

In the following video, we see a teacher inducing learned helplessness on a group of students through a simple activity.

From this we can infer that, given the current power of media propaganda, it’s feasible to induce a state of depression in large sectors of the population. Thanks to this video, it’s easier to understand why the victims of Nazi Germany accepted their deaths with little resistance, in much the same way that abused women often accept their fate with resignation:

To activate English subtitles, press captions button at the lower right

It’s terrible, isn’t it? But not as terrible as realizing that this inoculation by way of learned helplessness is, precisely, what’s being done to us. Right now. They’re trying to convince us to passively accept the loss of our rights and the privatization of public services with no resistance or protest. The slogan is: it’s useless no matter what we do.

We, like the dogs in Seligman’s experiments, are submitted to shocks, better known by their euphemisms “adjustments” or “cuts”. These shocks are apparently unavoidable, no matter how many times we go on strike, take part in informative actions or protests. Furthermore, many protesters become victims of unjustified arrests and preemptive prison sentences, hardly compatible with fundamental human rights.

Greece, which has suffered this commons-stripping for far longer, has seen depression spread like wildfire among the people. The suicide rate has skyrocketed. In his article entitled “¿Y si no hiciésemos nada?” (And what if we didn’t do anything?), philosopher Amador Fernández-Savater echoes this desperation that has taken hold of the Greeks.

More than 10 general strikes in Greece, but has anything been achieved? Alexandra-Odette Kypriotaki has taken part in the movement since 2008, only to move to London with that very question in mind. “In my country, you can’t even find a job as a waitress”, she told me. I met her in a meeting organised by thinker-activist Franco Berardi (Bifo) in Barcelona. Her presentation there was as evocative as it was challenging.

Reflecting on the underlying logic of conflict and protest, both impotent in preventing social devastation, repression and destruction, Alexandra proposed a new start from a different angle. “Neither fighting nor confronting, but deserting; neither demanding nor pleading, but unfolding, here and now, the world we want to live in. Neither taking action nor mobilising, but giving ourselves over to abandon. Turning our weakness into strength.”

Capitalism demands from us a constant disposition towards desire, contact, production. Where time is permanently occupied and under pressure to deliver results. Nowadays, being happy, optimistic and positive is obligatory. We must constantly project the image of knowing what’s up, that everything is going fine, it’s all under control, and we’re strong. But, doesn’t political activism often demand the same? Struggle, results, a ready answer for everything, constant high morale, rejection of the meek, doubtful and melancholic…

Couldn’t we muster up an army of the weak, the clumsy, the ignorant? The rallying cry could be, “Yes, we’re depressed, so what?” The program: “I don’t know”. The strike, doing absolutely nothing, not even mobilising ourselves. Do nothing day… Wednesday, then Thursday and so on.”

The figure of the helpless punisher

Arbitrary electric shocks, administered at regular intervals and beyond our control. Shocks, or the looting they call “cuts” or “deficit control”. Psychological abuse, bordering on the limits of, what just a few months ago, would have seemed like dystopian fiction: “IMF Requests That Pensions be Lowered Because of “The Risk That People Will Live Longer Than Expected”.

Rating agencies, international organisms (IMF, WB, OECD, WTO) in service to the financial elite, the European commission and the ECB… they all subject us to a series of demands and adjustments, gradual though inexorable. Of course, we are assured there is nothing we can do. On the other hand, cases like Iceland are silenced in the mass media.

What is the role of our leaders in this situation? Simply, to be efficient executors of this pillage ordered “from above”. “We have to do what we have to do”; “The European Union demands it from us”; “We must increase confidence in the markets”, etc.

There’s no point labelling the politicians who carry out these tasks as “evil” or “sadistic”, although it’s often tempting, given some of their statements. In her book Eichmann in Jerusalem, Hannah Arendt expressed her concept of the banality of evil: a mediocre Nazi civil servant like Adolf Eichmann was perfectly able to perform mass murders, not out of cruelty, but simply because he acted from within the rules of the system he belonged to, without reflecting on his acts. What Eichmann did was expertly carry out orders given from superiors, just as politicians in government do with the mandates of those representing the interests of financial capital. And they are unable to question the rules they follow, having been blinded by the tenets of the dominant ideology, neo-liberalism, which additionally legitimises the fact that these same leaders – or their friends and family – profit from it in ways which we would consider immoral, thanks to the loss of social rights of the citizenry and the privatization of the public sector.

Adding insult to injury, the government can even present itself to public opinion as mere victims of learned helplessness. This is typified by phrases like “I’d like to do something else, but I can’t do anything; the orders come from above. If I acted differently, the consequences would be much worse”. These selfsame heads of state become public models for learned helplessness. And, as we well know, the best way to lead is by example. This was the case when former Spanish president José Luis Rodríguez Zapatero was called by Barack Obama. But now, with our current president, Mariano Rajoy, this phenomenon has been so exacerbated that he himself has become a living example of helplessness and weakness, with his cheat sheets at public appearances, his absences, his gestures and actions. Here we see him in the Senate, running away from journalists eager to ask him about the latest budget cuts in education and healthcare:

In conclusion, what these politicians are showing us by “playing helpless” is that our country is no longer sovereign, but subject to the orders of those truly in charge: the famous “markets”. So why not be honest and consistent, and simply resign, and let Spain become a protectorate of financial capital just like Italy and Greece? Perhaps our role within the shock doctrine has not yet been totally fulfilled. We’re still not fully subject to learned helplessness. But how can we prevent it from defeating us completely?

Better living through attribution

To fend off learned helplessness, Seligman applies Fritz Heider’s attribution theory. In Learned Optimism: How to Change Your Mind and Your Life, he studies three dimensions or characteristics of the attributional style, also called causal attribution:

  1. Personalisation: whereby internal or external causes are attributed to good or bad events. Either I feel guilty when I do something wrong “because that’s the way I am”, or I’m able to externalise the problem and hold myself responsible for making changes. This dimension is related to self-esteem. Attributing bad events to external causes increases immunity to learned helplessness.
  2. Permanence: the duration, stability or instability in time which we attribute the causes underlying good or bad events. Extreme examples are expressed through discourse in the always – never poles. Thinking that the causes behind bad events are stable, permanent or even definitive, makes us more vulnerable to learned helplessness.
  3. Penetration: how many areas in our lives are affected by our good or bad luck, whether these causes affect us globally or specifically. Expressed through discourse in the all-nothing extremes.

On the other hand, in their paper on learned helplessness and its immunisation in human subjects, José Ramón Yela Bernabé and José Luis Marcos Malmierca also refer to the importance of our controllability of events.

1) Depersonalisation: the problem lies in the situation, not within us

Another strategy used by the powers that be to trigger learned helplessness is encouraging us to blame ourselves for what is happening. We’re told that we’ve “lived beyond our means”, when in reality, the means allowed to those at the bottom were well below the standards of a decent life, as evidenced by low wages and the lack of basic resources such as housing.

Geographer David Harvey offers his systemic explanation for what is happening. According to him, we’re living through a process of accumulation by dispossession. With the fall in wages since the 70s, increases in profits are being absorbed by the capitalist class due to the privatization of common goods, the financialization of the economy, the management and manipulation of the crisis, and the uneven redistribution of resources. The author gives an overview of the current crisis in the following video:

Authors such as Vicenç Navarro have pointed out that the lack of resources amongst popular classes has provoked rising debt levels, and not the other way around. Had we enjoyed a public policy defending universal access to decent housing, people wouldn’t have gone into such levels of debt, and the housing and credit bubbles that led to the crisis never would have occurred.

So, we shouldn’t fall into the trap of thinking that the blame for this “crisis” (accumulation by dispossession) is ours. We must get beyond the mass media information overload, and analyse the underlying causes of the current social, economic and cultural model so we can help mitigate the harmful effects, and even propose new and different alternative models.

2) The crisis is also a crisis of the dominant economic paradigm

Regarding the stability of the source of our problem, we must ask ourselves: can this accumulation by dispossession go on forever? Are we now at the endpoint of history? Far from it. Many have pointed out that we are living through a global crisis in capitalism owing to ecological limits which impede the model of infinite accumulation and growth. The late Spanish ecologist Ramón Fernández Durán has, like many others, indicated that the predictable depletion of fossil fuels will lead to the collapse of our civilisation.

The documentary “The Story of Stuff” does a fine job of describing the human and ecological limits of the current mode of production:

So, instead of worrying about what’s happening, shouldn’t we be looking for alternatives already?

3) Opportunities for emancipation

Regarding the penetration of the problem; is our entire being negatively affected by this pillaging of the Commons?

While the crisis/scam is undoubtedly affecting a good portion of our lives, due to unemployment, ever worsening public services and the loss of human rights, it’s also worth remembering that there is life – a lot of life – beyond the crisis.

Now is the time to explore new ways of relating to ourselves, to others and to our environment. The time to look for new modes of life.

This economic model, even at its peak, was still the cause of dissatisfaction. Beneath the surface of consumerism, mutated into a pyramid scheme thanks to the abundance of easy credit, lurked a modern version of King Midas. Everything touched by the model was converted into goods, right down to our lives and the most intimate corners of our minds.

Alienation has never reached such extremes. While in the times of Fordism and mass production, the worker was alienated during his or her work time; nowadays, capital extracts profits from the totality of our lives.

The Commons, that which we all share, is what’s being “expropriated” by some, the 1% of the population, to keep on accumulating capital. Advertising appropriates our common culture to invade our brains with consumer programming. We relate to others under the criteria informed by rentability, and we ourselves become merchandise to be sold off in the labour market or when we try to draw benefits in our personal lives.

The part of our lives affected by the crisis is, therefore, miniscule compared with everything that this crisis of the system can offer us:

The best way to increase happiness is through interpersonal relationships. Fostering cooperative relationships instead of those based on competition. All that’s given shall not be lost.

Not allowing cognitive creation (our thoughts, arts, and knowledge) to be expropriated from the common intellect by means of so-called intellectual property; an illegitimate appropriation that answers to the interests of big corporations dedicated to the production and distribution of cultural and technological products.

The promotion of commons-based economy, where instead of rentability, value resides in a model of cooperative enterprises dedicated to improving both society and the environment.

Ending the predominance of financial economy over productive economy. Overcoming the scam that is the private issue of money as debt which enslaves persons and peoples through its mechanisms.

Rallying for initiatives such as basic income, so that people may work freely, and not be forced to work for subsistence. Natural resources are a common good.

And, to complement this basic income, why not propose — as F.D. Roosevelt did in his day —  a wage ceiling, to be taxed at a rate of 100% once surpassed? As J.J Rousseau wrote in The Social Contract, “…in respect of riches, no citizen shall ever be wealthy enough to buy another, and none poor enough to be forced to sell himself.”

Value ecological proposals such as degrowth: consuming less, manufacturing less, designing totally recyclable objects and using less energy. Developing local economies.

Constructing autonomous distribution channels independent from the large-scale distributors that control practically all commercial activity, from production to retail.

Reconstruct the public sphere in a truly democratic manner, with the participation of everyone and as equals.

The future is, partly, in our hands

Finally, what is our capacity for control of our situation? In the previously cited article, Yela Bernabé and José Luis Marcos Malmierca argue that, in order to immunize ourselves from learned helplessness, the best thing is to have encountered neither success nor failure exclusively. Be conscious that there are things which we can control, and things which we cannot. As Epicurus remarked: “We must remember that the future is neither wholly ours nor wholly not ours, so that neither must we count upon it as quite certain to come nor despair of it as quite certain not to come.”

There are many examples of resistance to accumulation by dispossession that have triumphed in the world, such as the water in Bolivia or the insurrection in Chiapas. Never forget that history is mostly written by those above, who are happy to remind us only of the defeats suffered by those who struggled for emancipation.

Here in Spain, despite the clumsy first steps of a child learning to walk, the 15 M movement has obtained some notable successes as well as international projection. It has raised awareness about the root of our problems among a large sector of the population, it has put together very diverse social movements and it represents an excellent starting point for the development of cooperatives and solidarity networks.

Of course, we will make mistakes, but errors are what make us wiser.

Acting to open possibilities

In summary, faced with the fear that surrounds us, we must always remember that what is happening is not our fault, that the crisis is a crisis of the current economic model –  which is not stable, it is anything but stable – and that this change can be an opportunity for a new, more humane world, free from the tyranny of money and other goods.

And, above all, let us never forget Alain Badiou’s teaching: we must act. Our actions do not have to fall within what’s possible; instead, the action itself can open up a new space of possibility. “A subject is a point of conversion of the possible into the possible. The fundamental operation of the subject is to be at the point where something impossible becomes a possibility”.

PPLicense mockup small Produced by Guerrilla Translation under a Peer Production License.

TrueCrypt & Towels: Do NOT move over to Bitlocker!

Update june 3: TrueCrypt: Final Release Repository

nottobitlocker redirects to

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Not a hoax. Not even a prank. A True Goodbye: ‘Using TrueCrypt Is Not Secure’?

A Mystery

April 14, 2014: Phase I of the audit is complete, and report is available. Phase II begins on the formal cryptanalysis.

One of the people involved in the code/security audit, said that he hasn’t been able to reach the developers (whom he apparently knows) to find out what’s going on. He said that the version used in the review – 7.1a – had a few minor issues they found, but nothing critical or particularly earthshattering. They were going to make some sort of announcement about the audit this week, but he said this wasn’t what was planned, to his knowledge.

It doesn’t make sense. Silent fail? Did they receive a National Security Letter like Lavabit? If it was a hijack by state actors, it sure isn’t working because the last working code (that not only decrypts, but can encrypt) is still available, by now from many locations, like switzerland! This code can be improved with the results from the audit. The TrueCrypt security audit presses on, despite developers jumping ship.

What (not) to do

  • Don’t panic. Know where your towel is.
  • Don’t switch to Bitlocker.
  • Don’t use eCryptfs. It is broken by design. See this 10-hour security audit by defuse dated January 22, 2014.
  • Don’t switch to proprietary software.
  • You can keep using the last version 7.1 (switzerland) for now but DO NOT switch to newer versions of TrueCrypt or “any other tool, quick!” just yet.​ Hold and wait for more info and developments.


Stanley Cohen ► Up The Rebels!

FreeAnons.TV 17: Up The Rebels! Stanley Cohen Defending the individual against the state. We at FreeAnons will continue to support Stanley in any way we can and urge you all to do the same. We salute Stanley Cohen for his resilience, tenacity, and bravery as an activist, attorney and friend of Anonymous. Up the rebels, Stanley. Up the rebels.

Stanley Cohen Defense Fund ►
Please make your online contribution to the Stanley L. Cohen Defense Fund.

Petition by Stanley Cohen Defense Committee ►

Read more ►

AnonOps IRC Network (Anonymous Operations) ►

Goldman Sachs Steals Open Source, Jails Coder

via Cryptome

US master spy Clapper says spies steal open source, then immediately claims ownership and classifies it, and prosecutes if the material is disclosed, like Goldman Sachs
Flash Boys: A Wall Street Revolt, Lewis, Michael. 2014. W. W. Norton & Company. pp. 141-149:

After a few months working on the forty-second floor at One New York Plaza, Serge came to the conclusion that the best thing they could do with Goldman’s high-frequency trading platform was to scrap it and build a new one from scratch. His bosses weren’t interested. “The business model of Goldman Sachs was, if there is an opportunity to make money right away, let’s do that,” he says. “But if there was something long-term, they weren’t that interested.” Something would change in the stock market— an exchange would introduce a new, complicated rule, for instance— and that change would create an immediate opportunity to make money. “They’d want to do it immediately,” says Serge. “But if you think about it, it’s just patching the existing system constantly. The existing code base becomes an elephant that’s difficult to maintain.”

That is how he spent the vast majority of his two years at Goldman, patching the elephant. For their patching material he and the other Goldman programmers resorted, every day, to open source software—software developed by collectives of programmers and made freely available on the Internet. The tools and components they used were not specifically designed for financial markets, but they could be adapted to repair Goldman’s plumbing. He discovered, to his surprise, that Goldman had a one-way relationship with open source. They took huge amounts of free software off the Web, but they did not return it after he had modified it, even when his modifications were very slight and of general, rather than financial, use. “Once I took some open source components, repackaged them to come up with a component that was not even used at Goldman Sachs,” he says. “It was basically a way to make two computers look like one, so if one went down the other could jump in and perform the task.” He’d created a neat way for one computer to behave as the stand-in for another. He described the pleasure of his innovation this way: “It created something out of chaos. When you create something out of chaos, essentially , you reduce the entropy in the world.” He went to his boss, a fellow named Adam Schlesinger, and asked if he could release it back into open source, as was his inclination. “He said it was now Goldman’s property,” recalls Serge. “He was quite tense.” Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was okay to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Adam Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property . (Later, at his trial, his lawyer flashed two pages of computer code: the original, with its open source license on top, and a replica, with the open source license stripped off and replaced by the Goldman Sachs license.)

The funny thing was that Serge actually liked Adam Schles-inger, and most of the other people he worked with at Goldman. He liked less the environment the firm created for them to work in. “Everyone lived for the year-end number,” he said. “You get satisfied when the bonus is sizable and you get not satisfied when the number is not. Everything there is very possessive .” It made no sense to him the way people were paid individually for achievements that were essentially collective achievements. “It was quite competitive. Everyone’s trying to show how good their individual contribution to the team is. Because the team doesn’t get the bonus, the individual does.”

More to the point, he felt that the environment Goldman created for its employees did not encourage good programming, because good programming required collaboration. “Essentially there was very minimal connections between people,” he says. “In telecom you usually have some synergies between people. Meetings when people exchange ideas. They aren’t under stress in the same way. At Goldman it was always, ‘Some component is broken and we’re losing money because of it. Fix it now .’ ” The programmers assigned to fix the code sat in cubicles and hardly spoke to one another. “When two people wanted to talk they wouldn’t just do it out on the floor,” says Serge. “They would go to one of the offices around the floor and close the door. I never had that experience in telecom or academia.”

By the time the financial crisis hit, Serge had a reputation of which he himself was unaware: He was known to corporate recruiters outside Goldman as the best programmer in the firm. “ There were twenty guys on Wall Street who could do what Serge could do,” says a headhunter who recruits often for high-frequency trading firms. “And he was one of the best, if not the best.” Goldman also had a reputation in the market for programming talent— for keeping its programmers in the dark about their value to the firm’s trading activities. The programmer types were different from the trader types. The trader types were far more alive to the bigger picture, to their context. They knew their worth in the marketplace down to the last penny. They understood the connection between what they did and how much money was made , and they were good at exaggerating the importance of the link. Serge wasn’t like that. He was a little-picture person, a narrow problem solver. “I think he didn’t know his own value,” says the recruiter. “He compensated for being narrow by being good. He was that good.”

Given his character and his situation , it’s hardly surprising that the market kept finding Serge Aleynikov and telling him what he was worth, rather than the other way around. A few months into his new job, headhunters were calling him every other week. A year into his new job, he had an offer from UBS, the Swiss bank, and a promise to bump up his salary to $ 400,000 a year. Serge didn’t particularly want to leave Goldman Sachs just to go and work at another big Wall Street firm, and so when Goldman offered to match the offer, he stayed. But in early 2009 he had another call, with a very different kind of offer: to create a trading platform from scratch for a new hedge fund run by Misha Malyshev.

The prospect of creating a new platform, rather than constantly patching an old one, excited him. Plus Malyshev was willing to pay him more than a million dollars a year to do it, and he suggested that they might even open an office for Serge near his home in New Jersey. Serge accepted the job offer and then told Goldman he was leaving. “When I put in the resignation letter,” he said , “everyone comes to me one by one. The common perception was that if they had the right opportunity to quit Goldman they would do that in no time.” Several hinted to him how much they would like to join him at his new firm. His bosses asked him what they could do to persuade him to stay. “They were trying to pursue me into this monetary discussion,” says Serge. “I told them it wasn’t the money . It was the chance to build a new system from the ground up.” He missed his telecom work environment. “Whereas at IDT I was really seeing the results of my work , here you had this monstrous system and you are patching it right and left. No one is giving you the whole picture. I had a feeling no one at Goldman really knows how it works as a whole, and they are just uncomfortable admitting that.”

He agreed to hang around for six weeks and teach other Goldman people everything he knew, so that they could continue to find and fix the broken bands in their gigantic rubber ball. Four times in the course of that last month he mailed himself source code he was working on. The files contained a lot of open source code he had worked with, and modified, over the past two years, mingled with code that wasn’t open source but was obviously proprietary to Goldman Sachs. He hoped to disentangle one from the other in case he needed to remind himself how he had done what he had done with the open source code; he might need to do it again. He sent these files the same way he had sent himself files nearly every week since his first month on the job at Goldman. “No one had ever said a word to me about it,” he says. He pulled up his browser and typed into it the words : “free subversion repository.” Up popped a list of places that stored code for free and in a convenient fashion. He clicked the first link on the list. To find a place to send the code took about eight seconds . And then he did what he had always done since he’d first started programming computers: He deleted his bash history— the commands he had typed into his own Goldman computer keyboard. To access the computer, he was required to type his password . If he didn’t delete his bash history, his password would be there to see, for anyone who had access to the system.

It wasn’t an entirely innocent act. “I knew that they wouldn’t be happy about it,” he said, because he knew their attitude was that anything that happened to be on Goldman’s servers was the wholly owned property of Goldman Sachs— even when Serge himself had taken that code from open source . When asked how he felt when he did it, he says, “It felt like speeding. Speeding in the car.”

FOR MUCH OF the flight from Chicago he’d slept. Leaving the plane, he noticed three men in dark suits waiting in the alcove of the Jetway reserved for baby strollers and wheelchairs. They confirmed his identity, explained that they were from the FBI, handcuffed him, searched his pockets, removed his backpack, told him to remain calm, and then walled him off from the other passengers . This last act was no great feat. Serge was six feet tall but weighed roughly 140 pounds: To hide him you needed only to turn him sideways. He resisted none of these actions, but he was genuinely bewildered. The men in black refused to tell him his crime. He tried to guess it. His first guess was that they’d gotten him mixed up with some other Sergey Aleynikov. Next it occurred to him that his new employer, Misha Malyshev , then being sued by Citadel, might have done something shady. Wrong on both counts. It wasn’t until the plane had emptied and they’d escorted him into Newark Airport that they told him his crime: stealing computer code owned by Goldman Sachs.

The agent in charge of the case, Michael McSwain, was new to law enforcement. Oddly enough, he’d spent twelve years, until 2007, working as a currency trader on the Chicago Mercantile Exchange. He and others like him had been put out of business by Serge and people like him— or, more exactly, by the computers that had replaced the traders on the floors of every U.S. exchange. It wasn’t an accident that McSwain’s career on Wall Street ended the same year that Serge’s began.

McSwain marched Serge into a black town car and drove him to the FBI building in lower Manhattan. After making a show of stashing his gun , McSwain led him into a tiny interrogation room, handcuffed him to a rod on the wall, and , finally, read him his Miranda rights. Then he explained what he knew, or thought he knew: In April 2009 Serge had accepted a job at a new high-frequency trading shop, Teza Technologies, but had remained at Goldman for the next six weeks. Between early April and June 5, when Serge left Goldman for good, he sent himself, through the so-called subversion repository, 32 megabytes of source code from Goldman’s high-frequency stock trading system . McSwain clearly found it damning that the website Serge used was called a subversion repository, and that it was in Germany. He also seemed to think it significant that Serge had used a site not blocked by Goldman Sachs, even after Serge tried to explain to him that Goldman did not block any sites used by its programmers but merely blocked its employees from porn sites and social media sites and suchlike. Finally, the FBI agent wanted him to admit that he had erased his bash history. Serge tried to explain why he always erased his bash history, but McSwain had no interest in his story. “The way he did it seemed nefarious,” the FBI agent would later testify.

All of which was true, as far as it went, but, to Serge, that didn’t seem very far. “I thought it was like, crazy, really,” he says. “He was stringing these computer terms together in ways that made no sense. He didn’t seem to know anything about high-frequency trading or source code.” For instance, Serge had no idea where the subversion repository was physically located. It was just a place on the Internet used by developers to store the code they were working on. “The whole point of the Internet is to abstract the physical location of the server from its logical address,” he said. To Serge, McSwain sounded like a man repeating phrases that he’d heard from others but that to him actually meant nothing. “There is a game in Russia called Broken Phone,” he said— a variation on the American game Telephone . “It felt like he was playing that.”

What Serge did not yet know was that Goldman had discovered his downloads— of what appeared to be the code they used for their proprietary high-speed stock market trading— just a few days earlier, even though Serge had sent himself the first batch of code months ago. They’d called the FBI in haste and had put McSwain through what amounted to a crash course in high-frequency trading and computer programming. McSwain later conceded that he didn’t seek out independent expert advice to study the code Serge Aleynikov had taken, or seek to find out why he might have taken it. “I relied on statements from Goldman employees,” he said. He had no idea himself of the value of the stolen code (“ representatives from Goldman told me it was worth a lot of money”), or if any of it was actually all that special (“ representatives of Goldman Sachs told us there were trade secrets in the code”). The agent noted that the Goldman files were on both the personal computer and the thumb drive that he’d taken from Serge at Newark Airport, but he failed to note that the files remained unopened. (If they were so important, why hadn’t Serge looked at them in the month since he’d left Goldman?) The FBI’s investigation before the arrest consisted of Goldman explaining some extremely complicated stuff to McSwain that he admitted he did not fully understand —but trusted that Goldman did. Forty-eight hours after Goldman called the FBI, McSwain arrested Serge. Thus the only Goldman Sachs employee arrested by the FBI in the aftermath of a financial crisis Goldman had done so much to fuel was the employee Goldman asked the FBI to arrest.

On the night of his arrest, Serge waived his right to call a lawyer. He called his wife, told her what had happened, and said that a bunch of FBI agents were on the way to their home to seize their computers, and to please let them in, although they had no search warrant. Then he sat down and politely tried to clear up the confusion of this FBI agent who had arrested him without an arrest warrant. “How could he figure out if this was a theft if he didn’t understand what was taken?” he recalls having asked himself. What he’d done, in his view, was trivial; what he stood accused of— violating both the Economic Espionage Act and the National Stolen Property Act— did not sound trivial at all. Still, he thought that if the agent understood how computers and the high-frequency trading business actually worked, he’d apologize and drop the case. “The reason I was explaining it to him was to show that there was nothing there,” he said. “He was completely not interested in the content of what I am saying. He just kept saying to me, ‘If you tell me everything, I’ll talk to the judge and he’ll go easy on you.’ It appeared they had a very strong bias from the very beginning. They had goals they wanted to fulfill. One was to obtain an immediate confession.”

The chief obstacle to the FBI’s ability to extract his confession, oddly, wasn’t Serge’s willingness to provide it but its own agent’s ignorance of the behavior to which Serge was attempting to confess. “In the written statement he was making some very obvious mistakes, computer terms and so on,” recalled Serge. “I was saying, ‘You know, this is not correct.’ ” Serge patiently walked the agent through his actions. At 1: 43 in the morning on July 4, after five hours of discussion, McSwain sent a giddy one-line email to the U.S. Attorney’s office: “Holy crap he signed a confession.”

Two minutes later, he dispatched Serge to a cell in the Metropolitan Detention Center. The prosecutor, Assistant U.S. Attorney Joseph Facciponti, argued that Serge Aleynikov should be denied bail. The Russian computer programmer had in his possession computer code that could be used “to manipulate markets in unfair ways.” The confession Serge had signed, scarred by phrases crossed out and rewritten by the FBI agent, later would be presented by prosecutors to a jury as the work of a thief who was being cautious, even tricky, with his words. “That’s not what happened,” said Serge. “The document was being crafted by someone with no previous expertise in the matter.”

Sergey Aleynikov’s signed confession was the last anyone heard from him, at least directly. He declined to speak to reporters or testify at his trial. He had a halting manner , a funny accent, a beard, and a physique that looked as if it had been painted by El Greco: In a lineup of people chosen randomly from the streets, he was the guy most likely to be identified as the Russian spy, or a character from the original episodes of Star Trek. In technical discussions he had a tendency to speak with extreme precision, which was great when he was dealing with fellow experts but mind-numbing to a lay audience. In the court of U.S. public opinion, he wasn’t well suited to defend himself, and so, on the advice of his attorney, he didn’t. He kept his long silence even after he was sentenced, without the possibility of parole, to eight years in a federal prison.

From Flash Boys: A Wall Street Revolt, Lewis, Michael. W. W. Norton & Company. (p. 245-260):

The jury in Sergey Aleynikov’s trial consisted mainly of high school graduates; all of the jurors lacked experience programming computers. “They would bring my computer into the courtroom,” recalled Serge incredulously. “They would pull out the hard drive and show it to the jury. As evidence!” Save for Misha Malyshev, Serge’s onetime employer, the people who took the stand had no credible knowledge of high-frequency trading: how the money got made, what sort of computer code was valuable, and so on. Malyshev testified as a witness for the prosecution that Goldman’s code was of no use whatsoever in the system he’d hired Serge to build— Goldman’s code was written in a different programming language, it was slow and clunky, it had been designed for a firm that was trading with its own customers, and Teza, Malyshev’s firm, didn’t have customers, and so on—but when he looked over, he saw that half the jury appeared to be sleeping. “If I were a juror, and I wasn’t a programmer,” said Serge, “it would be very difficult for me to understand why I did what I did.”

Goldman Sachs’s role in the trial was to make genuine understanding even more difficult. Its employees, on the witness stand, behaved more like salesmen for the prosecution than citizens of the state. “It’s not that they lied,” said Serge. “But they told things that were not in their expertise.” When his former boss, Adam Schlesinger, was asked about the code, he said that everything at Goldman was proprietary. “I wouldn’t say he lied, but he was talking about stuff that he did not understand, and so he was misunderstood,” said Serge.

Our system of justice is a poor tool for digging out a rich truth. What was really needed, it seemed to me, was for Serge Aleynikov to be forced to explain what he had done, and why, to people able to understand the explanation and judge it. Goldman Sachs had never asked him to explain himself, and the FBI had not sought help from anyone who actually knew anything at all about computers or the high-frequency trading business. And so over two nights, in a private room of a Wall Street restaurant, I convened a kind of second trial. To serve as both jury and prosecution, I invited half a dozen people intimately familiar with Goldman Sachs, high-frequency trading, and computer programming. All were authorities on our abstruse new stock market; several had written high-frequency code; one had actually developed software for Goldman’s high-frequency traders. All were men. They’d grown up in four different countries between them, but all now lived in the United States.

All of them worked on Wall Street, and so, to express themselves freely, they needed to remain anonymous. Among them were employees of IEX. All were naturally skeptical— of both Goldman Sachs and Serge Aleynikov. They assumed that if Serge had been sentenced to eight years in jail he must have done something wrong . They just hadn’t bothered to figure out what that was. All of them had followed the case in the newspapers and noted the shiver it had sent through the spines of Wall Street’s software developers. Until Serge was sent to jail for doing it, it was common practice for Wall Street programmers to take code they had worked on when they left for new jobs. “A guy got put in jail for taking something no one understood,” as one of Serge’s new jurors put it. “Every tech programmer out there got the message: Take code and you could go to jail. It was huge.” The arrest of Serge Aleynikov had also caused a lot of people, for the first time, to begin to use the phrase “high-frequency trading.” Another new juror, who in 2009 had worked for a big Wall Street bank , said, “When he was arrested, we had a meeting for all the electronic trading personnel, to talk about a one-pager they’d drafted to be discussed with their clients around this new topic called ‘high-frequency trading.’ ”

The restaurant was one of those old-school Wall Street places that charge you a thousand bucks for a private room and then more or less challenge you to eat your way back to even. Food and drink arrived in massive quantities : vast platters of lobster and crab, steaks the size of desktop computer screens, smoking mountains of potatoes and spinach. It was the sort of meal cooked decades ago, for traders who spent their days trusting their gut and their nights rewarding it; but this monstrous feast was now being served to a collection of weedy technologists, the people who controlled the machines that now controlled the markets, and who had, in the bargain, put the old school out of business. They sat around the table staring at the piles of food, like a conquering army of eunuchs who had stumbled into the harem of their enemy. At any rate, they made hardly a dent. Serge, for his part , ate so little, and with such disinterest, that I half expected him to lift off his chair and float up to the ceiling.

His new jurors began, interestingly, by asking him lots of personal questions. They wanted to figure out what kind of guy he was. They took an interest, for example, in his job-market history, and noted that his behavior was pretty consistently that of a geek who had more interest in his work than in the money the work generated. They established fairly quickly— how, I do not know— that he was not just smart but seriously gifted. “These guys are usually smart in one small area,” one of them later explained to me. “For a technologist to be so totally dominant in so many areas is just really, really unusual.”

They then began to probe his career at Goldman Sachs. They were surprised to learn that he had “super-user status” inside Goldman , which is to say he was one of a handful of people (roughly 35, in a firm that then had more than 31,000 employees) who could log onto the system as an administrator. Such privileged access would have enabled him, at any time, to buy a cheap USB flash drive, plug it into his terminal, and take all of Goldman’s computer code without anyone having any idea that he had done it. That fact alone didn’t prove anything to them. As one pointed out to Serge directly, lots of thieves are sloppy and careless; just because he was sloppy and careless didn’t mean he was not a thief. On the other hand, they all agreed, there wasn’t anything the least bit suspicious, much less nefarious, about the manner in which he had taken what he had taken. Using a subversion repository to store code and deleting one’s bash history were common practices. The latter made a great deal of sense if you typed your passwords into command lines. In short , Serge had not behaved like a man trying to cover his tracks. One of his new jurors stated the obvious: “If deleting the bash history was so clever and devious, why had Goldman ever found out he’d taken anything?”

To these new jurors , the story that the FBI found so unconvincing— that Serge had taken the files because he thought he might later like to parse the open source code contained within— made a lot of sense. As Goldman hadn’t permitted him to release his debugged or improved code back to the public— even though the original free license often stated that improvements must be publicly shared— the only way for him to get his hands on these files was to take the Goldman code. That he had also taken some code that wasn’t open source, which happened to be in the same files as the open source code, surprised no one. Grabbing a bunch of files that contained both open source and non– open source code was an efficient way for him to collect the open source code, even if the open source code was the only code that interested him. It would have made far less sense for him to hunt around the Internet for the open source code he wanted , as it was scattered all over cyberspace. It was also entirely plausible to them that Serge’s interest was confined to the open source code, because that was the general-purpose code that might be repurposed later. The Goldman proprietary code was written specifically for Goldman’s platform; it would have been of little use in any new system he wished to build. (The two small pieces of code Serge had sent into Teza’s computers before his arrest both came with open source licenses.) “Even if he had taken Goldman’s whole platform, it would have been faster and better for him to write the new platform himself,” said one juror.

Several times Serge surprised the jurors with his answers. They were all shocked, for instance, that from the day Serge first arrived at Goldman, he had been able to send Goldman’s source code to himself weekly, without anyone at Goldman saying a word to him about it. “At Citadel , if you stick a USB drive into your work station, someone is standing next to you within five minutes, asking you what the hell you are doing,” said a juror who had worked there. Most were surprised by how little Serge had taken in relation to the whole: eight megabytes, in a platform that consisted of nearly fifteen hundred megabytes of code. The most cynical among them were surprised mostly by what he had not taken.

“Did you take the strats?” asked one, referring to Goldman’s high-frequency trading strategies.

“No,” said Serge. That was one thing the prosecutors hadn’t accused him of.

“But that’s the secret sauce, if there is one,” said the juror. “If you’re going to take something, take the strats.”

“I wasn’t interested in the strats,” said Serge.

“But that’s like stealing the jewelry box without the jewels,” said another juror.

“You had super-user status!” said the first. “You could easily have taken the strats. Why didn’t you?”

“To me, the technology really is more interesting than the strats,” said Serge.

“You weren’t interested in how they made hundreds of millions of dollars?” asked someone else.

“Not really ,” said Serge. “It’s all one big gamble, one way or another.”

Because they had seen it before in other programmer types, they were not totally shocked by his indifference to Goldman’s trading, or by how far Goldman had kept him from the action. Talking to a programmer type about the trading business was a bit like talking to the house plumber at work in the basement about the card game the Mafia don was running upstairs. “He knew so little about the business context,” one of the jurors said, after attending both dinners. “You’d have to try to know as little as he did.” Another said, “He knew as much as they wanted him to know about how they made money, which was virtually nothing. He wasn’t there for very long. He came in with no context. And he spent all of his time troubleshooting.” Another said he had found Serge to be the epitome of the programmer whose value the big Wall Street banks tried to minimize— by using their skills without fully admitting them into the business. “You see two résumés from the banks,” he said. “You line them up on paper and say maybe there’s a ten percent difference between them. But one guy is getting paid three hundred grand and the other is getting one point five million. The difference is one guy has been given the big picture, and the other hasn’t.” Serge had never been shown the big picture. Still, it was obvious to the jurors —even if it wasn’t to Serge— why Goldman had hired him when it had. With the introduction of Reg NMS in 2007, the speed of any financial intermediary’s trading system became its most important attribute: the speed with which it took in market data and the speed with which it responded to that data. “Whether he knew it or not,” said one juror, “he was hired to build Goldman’s view of the market. No Reg NMS, no Serge in finance.”

At least some part of the reason he remained oblivious to the nature of Goldman Sachs’s trading business, all of the jurors noticed, was that his heart was elsewhere. “I think passion plays a big role,” said a juror who himself had spent his entire career writing code. “The moment he started talking about coding, his eyes lit up.” Another added, “The fact that he kept trying to work on open source shit even while he was at Goldman says something about the guy.”

They didn’t all agree that what Serge had taken had no value , either to him or to Goldman. But what value it might have had in creating a new system would have been trivial and indirect. “I can guarantee you this: He did not steal code to use it on some other system,” one said, and none of the others disagreed. For my part, I didn’t fully understand why some parts of Goldman’s system might not be useful in some other system. “Goldman’s code base is like buying a really old house,” one of the jurors explained. “And you take the trouble to soup it up. But it still has the problems of a really old house. Teza was going to build a new house, on new land. Why would you take one-hundred-year-old copper pipes and put them in my new house? It isn’t that they couldn’t be used; it’s that the amount of trouble involved in making it useful is ridiculous.” A third added, “It’s way easier to start from scratch.” Their conviction that Goldman’s code was not terribly useful outside of Goldman grew even stronger when they learned —later, as Serge failed to mention it at the dinners— that the new system Serge planned to create was to be written in a different computer language than the Goldman code.

The perplexing question, at least to me, was why Serge had taken anything. A full month after he’d left Goldman Sachs, he still had not touched the code he had taken. If the code was so unimportant to him that he didn’t bother to open it up and study it; if most of it was either so clunky or so peculiar to Goldman’s system that it was next to useless outside Goldman—why take it? Oddly, his jurors didn’t find this hard to understand. One put it this way: “If Person A steals a bike from Person B, then Person A is riding a bike to school, and Person B is walking . Person A is better off at the expense of Person B. That is clear-cut, and most people’s view of theft.

“In Serge’s case, think of being at a company for three years, and you carry a spiral notebook and write everything down. Everything about your meetings, your ideas, products, sales, client meetings—it’s all written down in that notebook. You leave for your new job and take the notebook with you—as most people do. The contents of your notebook relate to your history at the prior company but have very little relevance to your new job. You may never look at it again. Maybe there are some ideas, or templates, or thoughts you can draw on. But that notebook is related to your prior job , and you will start a new notebook at your new job which will make the old one irrelevant. . . . For programmers, their code is their spiral notebook. [It enables them] to remember what they worked on—but it has very little relevance to what they will build next. . . . He took a spiral notebook that had very little relevance outside of Goldman Sachs.”

To the well-informed jury, the real mystery wasn’t why Serge had done what he had done. It was why Goldman Sachs had done what it had done. Why on earth call the FBI? Why exploit the ignorance of both the general public and the legal system about complex financial matters to punish this one little guy? Why must the spider always eat the fly?

The financial insiders had many theories about this: that it was an accident; that Goldman had called the FBI in haste and then realized the truth, but lost control of the legal process; that in 2009 Goldman had been on hair-trigger alert to personnel losses in high-frequency trading , because they could see how much money would be made from it, and thought they could compete in the business. The jurors all had ideas about why what had happened had happened. One of the theories was more intriguing than the others. It had to do with the nature of a big Wall Street bank, and the way people who worked for it, at the intersection of technology and trading, got ahead. As one juror put it, “Every manager of a Wall Street tech group likes to have people believe that his guys are geniuses. Russians, whatever . His whole persona among his peers is that what he and his team do can’t be replicated. When people find out that ninety-five percent of their code is open source, it kills that perception. What the guy can’t say, when he gets told Serge has taken something, is ‘it doesn’t matter what he took because it’s worse than what they’ll create on their own.’ So when the security people come to him and tell him about the downloads, he can’t say, ‘No big deal.’ And he can’t say, ‘I don’t know what he took.’ ”

To put it another way: The process that ended with Serge Aleynikov sitting inside two holding facilities that housed dangerous offenders and then a federal prison may have started with the concern of some Goldman Sachs manager with his bonus. “Who is going to pull the fire alarm before they smell the fire?” asked the juror who had advanced this last theory. “It’s always the people who are politically motivated.” As he left dinner with Serge Aleynikov and walked down Wall Street, he thought about it some more. “I’m actually nauseous,” he said. “It makes me sick.”

THE MYSTERY THE jury of Sergey Aleynikov’s peers had more trouble solving was Serge himself. He appeared, and perhaps even was, completely at peace with the world. Had you lined up the people at those two Wall Street dinners and asked the American public to vote for the man who had just lost his marriage, his home, his job, his life savings, and his reputation, Serge would have come dead last. At one point, one of the people at the table stopped the conversation about computer code and asked, “Why aren’t you angry?” Serge just smiled back at him. “No, really,” said the juror. “How do you stay so calm? I’d be fucking going crazy.” Serge smiled again. “But what does craziness give you?” he said. “What does negative demeanor give you as a person? It doesn’t give you anything. You know that something happened. Your life happened to go in that particular route. If you know that you’re innocent, know it. But at the same time you know you are in trouble and this is how it’s going to be.” To which he added, “To some extent I’m glad this happened to me. I think it strengthened my understanding of what living is all about.” At the end of his trial, when the original jury returned with its guilty verdict, Serge had turned to his lawyer, Kevin Marino, and said, “You know, it did not turn out the way we had hoped. But I have to say , it was a pretty good experience.” It was as if he were standing outside himself and taking in the situation as an observer. “I’ve never seen anything like it,” said Marino.

In the comfort of the Wall Street cornucopia, that notion— that the hellish experience he’d been through had actually been good for him— was too weird to pursue, and the jurors had quickly returned to discussing computer code and high-frequency trading. But Serge actually believed what he had said. Before his arrest— before he lost much of what he thought important in his life— he went through his days and nights in a certain state of mind: a bit self-absorbed, prone to anxiety and worry about his status in the world. “When I was arrested , I couldn’t sleep,” he said. “When I saw articles in the newspaper, I would tremble at the fear of losing my reputation. Now I just smile. I no longer panic. Or have panic ideas that something could go wrong.” By the time he was first sent to jail, his wife had left him, taking their three young daughters with her. He had no money and no one to turn to. “He didn’t have very close friends,” his fellow Russian émigré Masha Leder recalled. “He never did. He’s not a people person. He didn’t even have anyone to be power of attorney.” Out of a sense of Russian solidarity, and out of pity, she took the job—which meant, among other things, frequent trips to visit Serge in prison. “Every time I would come to visit him in jail, I would leave energized by him,” she said. “He radiated so much energy and positive emotions that it was like therapy for me to visit him. His eyes opened to how the world really is. And he started talking to people. For the first time! He would say: People in jail have the best stories. He could have considered himself a tragedy. And he didn’t.”

By far the most difficult part of his experience was explaining what had happened to his children. When he was arrested, his daughters were five, three, and almost one. “I tried to put it in the most simple terms they would understand,” said Serge. “But the bottom line was I was apologizing for the fact that this had happened.” In jail he was allowed three hundred minutes a month on the phone— and for a long time the kids, when he called them , didn’t pick up on the other end.

The holding facility in which Serge spent his first four months was violent, and essentially nonverbal, but he didn’t find it hard to stay out of trouble there. He even found people he could talk to, and enjoy talking to. When they moved him to the minimum-security prison at Fort Dix, in New Jersey, he was still in a room crammed with hundreds of other roommates, but he now had space to work. He remained in some physical distress , mainly because he refused to eat meat. “His body, he had really bad times there,” said Masha Leder. “He lived on beans and rice. He was always hungry. I’d buy him these yogurts and he would gulp them down one after another.” His mind still worked fine, though, and a lifetime of programming in cube farms had left him with the ability to focus in prison conditions. A few months into Serge’s jail term, Masha Leder received a thick envelope from him. It contained roughly a hundred pages covered on both sides in Serge’s meticulous eight-point script . It was computer code— a solution to some high-frequency trading problem. Serge feared “He radiated so much energy and positive emotions that it was like therapy for me to visit him. His eyes opened to how the world really is. And he started talking to people. For the first time! He would say: People in jail have the best stories. He could have considered himself a tragedy. And he didn’t.” By far the most difficult part of his experience was explaining what had happened to his children. When he was arrested, his daughters were five, three, and almost one. “I tried to put it in the most simple terms they would understand,” said Serge. “But the bottom line was I was apologizing for the fact that this had happened.” In jail he was allowed three hundred minutes a month on the phone— and for a long time the kids, when he called them , didn’t pick up on the other end. The holding facility in which Serge spent his first four months was violent, and essentially nonverbal, but he didn’t find it hard to stay out of trouble there. He even found people he could talk to, and enjoy talking to. When they moved him to the minimum-security prison at Fort Dix, in New Jersey, he was still in a room crammed with hundreds of other roommates, but he now had space to work. He remained in some physical distress , mainly because he refused to eat meat. “His body, he had really bad times there,” said Masha Leder. “He lived on beans and rice. He was always hungry. I’d buy him these yogurts and he would gulp them down one after another.” His mind still worked fine, though, and a lifetime of programming in cube farms had left him with the ability to focus in prison conditions. A few months into Serge’s jail term, Masha Leder received a thick envelope from him. It contained roughly a hundred pages covered on both sides in Serge’s meticulous eight-point script . It was computer code— a solution to some high-frequency trading problem. Serge feared that if the prison guards found it, they wouldn’t understand it, decide that it was suspicious, and confiscate it.

A year after he’d been sent away, the appeal of Serge Aleynikov was finally heard, by the Second Circuit Court of Appeals. The judgment was swift, unlike anything his lawyer, Kevin Marino, had seen in his career. Marino was by then working gratis for a client who was dead broke. The very day he made his argument, the judges ordered Serge released, on the grounds that the laws he stood accused of breaking did not actually apply to his case. At six in the morning on February 17, 2012, Serge received an email from Kevin Marino saying that he was to be freed.

A few months later, Marino noticed that the government had failed to return Serge’s passport. Marino called and asked for it back. The passport never arrived; instead Serge, now staying with friends in New Jersey, was arrested again and taken to jail. Once again, he had no idea what he was being arrested for, but this time neither did the police. The New Jersey cops who picked him up didn’t know the charges, only that he should be held without bail, as he was deemed a flight risk. His lawyer was just as perplexed. “When I got the call,” said Marino, “I thought it might have something to do with Serge’s child support.” It didn’t. A few days later, Manhattan district attorney Cyrus Vance sent out a press release to announce that the State of New York was charging Serge Aleynikov with “accessing and duplicating a complex proprietary and highly confidential computer source code owned by Goldman Sachs .” The press release went on to say that “[ t] his code is so highly confidential that it is known in the industry as the firm’s ‘secret sauce,’ ” and thanked Goldman Sachs for its cooperation. The prosecutor assigned to the case, Joanne Li, claimed that Serge was a flight risk and needed to be re-jailed immediately—which was strange, because Serge had gone to and returned from Russia between the time of his first arrest and his first jailing. (It was Li who soon fled the case— to a job at Citigroup.)

Marino recognized the phrase “secret sauce.” It hadn’t come from “the industry” but from his opening statement in Serge’s first trial, when he mocked the prosecutors for treating Goldman’s code as if it were some “secret sauce.” Otherwise Serge’s re-arrest made no sense to him. To avoid double jeopardy, the Manhattan DA’s office had found new crimes with which to charge Serge for the same actions. But the sentencing guidelines for the new crimes meant that, even if he was convicted, it was very likely he wouldn’t have to return to jail. He’d already served time, for crimes the court ultimately determined he had not committed. Marino called Vance’s office. “They told me that they didn’t need him to be punished anymore, but they need him to be held accountable,” said Marino. “They want him to plead guilty and let him go on time served. I told them in the politest terms possible that they can go fuck themselves. They ruined his life.”

Oddly enough, they hadn’t. “Inside of me I was completely witnessing ,” said Serge, about the night of his re-arrest. “There was no fear, no panic, no negativity.” His children had reattached themselves to him, and he had a new world of people to whom he felt close. He thought he was living his life as well as it had ever been lived. He’d even started a memoir, to explain what had happened to anyone who might be interested. He began:

If the incarceration experience doesn’t break your spirit, it changes you in a way that you lose many fears. You begin to realize that your life is not ruled by your ego and ambition and that it can end any day at any time. So why worry? You learn that just like on the street, there is life in prison, and random people get there based on the jeopardy of the system. The prisons are filled by people who crossed the law, as well as by those who were incidentally and circumstantially picked and crushed by somebody else’s agenda. On the other hand, as a vivid benefit, you become very much independent of material property and learn to appreciate very simple pleasures in life such as the sunlight and morning breeze.

HeartBleed : An OpenSSL bug which can have far-reaching consequences

Translation of HeartBleed: Ein OpenSSL-Bug, der weitreichende Folgen haben könnte:

Currently, confidence in security on the internet is not easy: NSA and other intelligence agencies are snorkeling in our online communications, in Germany recently 18 million user accounts were reported compromised and yesterday bad news of a serious security hole in OpenSSL was released.

OpenSSL is a free implementation of the Transport Layer Security (TLS) protocol. Transport Layer Security, formerly named Secure Socket Layer, is a protocol for encrypted data transfer on the Internet. The procedure is used often, namely, whenever an https connection is established. This means that data is encrypted and authenticated between browser and web server. If no TLS is used, snapshots of network traffic can easily be read in plain text. This is a serious problem, especially in public Wi-Fi networks.

Yesterday OpenSSL announced that safety engineers of the Finnish IT security company Codenomicon and Neel Mehta of Google Security found a bug that compromises the by TLS used confidentiality and authenticity:

A missing bounds check in the handling of the TLS extension can be used heartbeat to reveal up to 64k of memory to a connected client or server.

The bug was named “Heartbleed Bug“, after the Heartbeat Extension that introduced it. It can lead to extraction of the private key of a TLS server by reading the above-mentioned memory. And usernames, passwords and other sensitive information can also reside in the vulnerable 64k. Because the attack is not limited to one-time implementation, many pieces of memory can be computed until the requested information has been determinedCodenomicon engineers performed a self test and then expressed the gravity of the situation clearly :

Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

For those who are interested in the technical details, a detailed analysis can be found on the existentialize blog.

The bug concerns the SSL versions OpenSSL 1.0.1 , which was released in March 2012, to 1.0.1f . Earlier versions are not vulnerable because they do not contain the faulty heartbeat extension. A version 1.0.1g that fixes the bug has been provided by the developers already available. Whether the vulnerability was really exploited is not known, since such attacks do not leave a trace.

Arma, one of the developers of the Tor project, recommends moving carefully on the internet for the next few days, and when relaying on strong anonymity and in doubt to stay away from the internet entirely because the anonymity provided by Tor could be limited with the safety-critical TLS implementation. Also updating of other services that are based on the vulnerable OpenSSL implementation will not happen any time soon, because many Internet applications, including mail programs and browsers are likely to be affected. In addition, server operators will be dealing with the question whether its private key may be in the wrong hands, and whether possibly vulnerable certificates should therefore be replaced as a precaution.

It is standard on many Linux distributions and Apache Web servers, the most used Web server implementations with 38.2%, and nginx servers that are also wide-spread, which together reach a coverage of 66%, although not all necessarily use the relevant OpenSSL versions.

” Heartbleed ” is not the first bug that was found in OpenSSL. Last year, two weaknesses were discovered in the random number generators, one of which was compromised by the NSA pseudo-random number generator Dual_EC_DRBG. The vulnerabilities are not the only point of criticism . There was disagreement on the repression of the notification of the OpenSSL bug.

For example, the large server operator CloudFlare was informed in advance about the vulnerability and had time to close it up to the public announcement. There is disagreement as to whether this is evidence of “particular responsibility” or of smaller non-informed services being at an unfair disadvantage. And, itself uses the vulnerable version of the program library, as can be seen with a test tool.


These major bugs show how urgent a careful auditing of cryptographic libraries is. It would now be wrong to scream, to use other software which does not contain the current bug, because as the computer scientist Dijkstra said:

Testing shows the presence, not the absence of bugs

It is important to focus on improving and maintaining proven and robust code and to keep an eye out for errors and backdoors. Tirelessly.