Did Citadel Trading Secrets Get Dumped in a River?

The "smoking guns" were dropped in a Chicago river. Only the "guns" were not guns. They were hard drives. And the suspect is not a gangster, a la Al Capone. Instead, it is a programmer and former employee of Citadel, the computer-driven hedge fund in the Windy City.

On Thursday, that former Citadel employee, Yihao Ben Pu, was arrested. The charges? Downloading trade secrets off Citadel’s trading systems and then trying to use them for his own financial benefit.

Pu could face 10 years in prison for theft of trade secrets, according to the New York Times.

But what really matters is how those trade secrets get protected – or not.

According to the court document that justified the arrest, Pu was intent on swiping the key building blocks of Citadel’s "TT" trading algorithms.

The linchpin of those algorithms are prediction signals, which Citadel refers to as "alphas." Alpha, of course, is widely used in securities markets as a reference to achieving above-average market returns.

These signals take incoming market data and other data and then predict the movement of investment instruments and other relevant market activity, according to the complaint.

According to Jonathan Graham, a managing director of Citadel, the output of the alpha algorithms are expressed as numerical values, and are referred to by Citadel employees as "alpha data." The alpha data are unique number sequences that have inherent value as a result of their relationship to the alpha algorithms.

The prediction signals in turn are comprised of smaller data-based computations referred to as alpha "terms."

According to Graham, if a company gained access to Citadel’s alphas, that company would have a significant advantage in writing the code and strategies to implement a competitive business or to improve an existing competitive business. The company, to protect its alphas, forbid copying data onto thumb drives or other storage devices, for instance.

Pu, according to the court document, was hired by Citadel in May 2010 as a Quantitative Financial Engineer, and worked at Citadel from May 2010 until he was terminated by Citadel on August 30, 2011.

His job was to develop and enhance Citadel’s proprietary trading strategies, particularly order placement logic.

According to Graham, Pu was permitted to use his office computer to access a folder stored on Citadel’s servers that contained information and data related to Citadel’s alphas.

But what Pu is alleged to have done is actually turn that computer into multiple "virtual" machines, to abet his effort to use the alphas to his own benefit.

Pu configured and was running two virtual computers on his computer’s hard drive, by subdividing its capacity.

Citadel’s IT staff determined, by its account, that Pu had downloaded and used Ubuntu Linux, an open-source operating system, to run the virtual machines on his Citadel computer.

He also used, purportedly,a "port scanner" program to locate data or files on multiple servers and the Bit Torrent program " to rapidly upload and download files, in violation of Citadel’s IT and security policies."

These files made their way to one or more external storage devices.

According to Citadel and the complaint, one of those devices was Pu’s Motorola Droid mobile phone.

But, somewhere along the line, a variety of hard drives were tossed into a canal leading to Chicago’s Wilmette Harbor.

These were recovered and found to be storing alpha terms and alpha data.

According to the complaint, "it appears that Pu was attempting to use the alpha data he stole from Citadel to reverse engineer the algorithms containing Citadel’s alphas, and was trading currency futures" in a brokerage account with Interactive Brokers "in order to test the system that he was creating."

This story originally appeared on Securities Technology Monitor, a sister website of Traders Magazine.