It was a Friday afternoon when the contractor - we'll call him Joe - seemed to be behaving particularly strangely. Joe had been with the fund for a while but had not been performing well. The hedge fund manager couldn't put his finger on it. Perhaps it was the odd mannerisms or the abrupt way Joe had announced plans to do some work from home. But the manager grew suspicious, so he and a trusted inner circle of staff started checking the logs.
"Sure enough we saw that he had essentially accessed one of the traders' machines," the manager said. "He tried a bunch of different passwords and user names but eventually got in. It was clear that he had made copies of stuff that he never should have made copies of."
Careful not to jump to conclusions, the manager and his small team spent all of Friday evening gathering evidence. That stretched into Saturday as they combed one machine after another. Finally on Monday they met with the police and brought in legal counsel.
The fund, which shared its experience with Automated Trader for this article, has asked to remain anonymous, for obvious reasons. The events leading up to and following the detection of the attempted theft illustrate just how fraught an issue network security can be. Firms that spend vast sums designing trading models and amassing data face not only a litany of threats but also a wide variety of choices for what do if there is a breach.
"We used to think of security in terms of reducing the chances of unauthorised users gaining access to critical systems or data," said Jim Doherty, chief marketing officer at Certes Networks.
"I think we have to start assuming that eventually these efforts will fail or, as we saw in the Goldman affair, that a trusted insider will turn on us. Given that 'inevitability', companies should be thinking about how they can limit the damage any one breach could cause. If you assume you can't prevent bad things from happening with 100% effectiveness, then the next best thing is to do your best to minimise the potential impact of those events."