The Victim: UBS PaineWebber (renamed UBS Wealth Management USA in 2003).
What Happened: A logic bomb went off on the company's Unix-based network, taking down nearly 2,000 servers in the main office in Weehawkin, N.J., and in branch offices around the country.
When: March 4, 2002 at 9:30 a.m. " just as trading began on the stock market.
Cost of the Attack: UBS has never said how much the company lost in down business time, but Nancy Bagli, an assistant vice president with UBS, testified during the trial that the company spent $898,780 on hardware, including IBM and Sun Microsystems servers; $260,473 on investigative services; and $1,987,036 on technical consultants, who were mainly from IBM and went out to help bring the branch offices back up. That adds up to a total of $3,146,289 on recovery costs alone.
Weapon: The government maintains that malicious code, or a logic bomb, took down the servers. It consisted of two triggers to set the bomb off; a distribution component to push the code out from the central data center to the branch servers; the payload, which told the servers to delete all their files; and a persistence component to make sure it kept running.
How Bad: Elvira Maria Rodriguez, an IT manager at UBS at the time of the attack, said the logic bomb had a ''catastrophic impact'' and the company still suffers from it four years later. At the time of the attack, 400 to 500 UBS workers were pulled off their normal jobs to work on the restoration. It was so bad that to avoid a repeat of the incident, Rodriguez said, for the next two or three years she prepared to fend off a similar attack before every March 4.
The Defendant: Roger Duronio, 63, of Bogota, N.J. At the time of the incident, he had been a systems administrator for UBS for three years, but had quit his job a few weeks before the bomb went off.
The Government's Case
Motive A - Revenge: According to the government, Duronio was having financial trouble and needed money to pay his son's college tuition for NYU. In the months after the Sept. 11 terrorist attacks, many financial companies were struggling and UBS employees were told not to expect big bonuses. That February, Duronio's bonus came up $15,000 less than expected, an amount nearly equal to a semester's tuition payment. Upset, he then requested a written contract for his compensation, and threatened to quit if he did not get one by the end of the day. He did not, and quit, but, according to the prosecution, not without first having a plan - and the bomb - in place.
Motive B: Trying to Cash In: The government claims Duronio also wanted to cash in on the trouble he was about to cause UBS. A month before the attack, Duronio bought his first set of risky put options against UBS, and proceeded to buy nearly $25,000 worth of puts against UBS in all. He even cashed out an IRA to do it.
The Secret Service Investigates: Charged with investigating financial crimes, the U.S. Secret Service searched Duronio's home, finding parts of the code used to bring down the UBS network on two of the defendant's home computers, as well as in a hard copy printout.
Forensics Investigation: The investigation uncovered the trigger mechanism for the logic bomb installed on machines across the company's national network, and the government's expert claimed he was able to connect Duronio's user name and home computer directly to its creation, modification, distribution, and execution.
The Defense's Case
Security Holes: Defense Attorney Chris Adams contends there were so many holes in UBS' network security that anyone could have gotten into the system and caused the damage.
Logic Bomb?: The Defense's forensics expert testified he could not tell if the logic bomb, which he did find on the system, was the actual cause of the system crash.
Hackers: Former hackers work at @Stake, Inc., the company that UBS initially brought in to do forensic work immediately after the incident. The defense questioned the morality of hackers and repeatedly questioned whether any of the evidence, including backup tapes, could be trusted because they had been touched by hackers.
Penetration Test Gone Awry: Never actually coming out and accusing Cisco Systems directly of the take-down, the defense repeatedly made the point that Cisco had been hired to do a penetration test between February and March of 2002.
A Different Inside Attack: The defense also suggested that it may well have been a systems administrator who planted the logic bomb, but it wasn't Duronio. The defense claimed that UBS' network security troubles left Duronio wide open to someone else using his ID and passwords to masquerade as the system administrator, and move around undetected in the system. Adams repeatedly pointed to Charles Richards, a systems administrator and a friend of Duronio's, as the possible attacker. @Stake reported finding simple strings from the malicious code on Richards' workstation, but also said there was no criminal evidence. Richards was put on leave, and then let go the next year.
A Sloppy Search: Adams repeatedly asked the secret service agent on the stand why he removed Duronio's computers from the house before taking images of them, as opposed to copying the systems onsite. He also asked about a latent fingerprint not belonging to Duronio that was found on the hardcopy printout of the code trigger that was found in his house.
A Sloppy Forensics Investigation: The defense attorney also repeatedly questioned whether the government's forensics investigator had altered critical information on the backup tapes he had examined.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.