Business & Finance
News
6/21/2006
11:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Defense Hammers At Investigator In UBS Computer Sabotage Trial

As the trial continues for an ex-UBS systems administrator charged with sabotaging the company's networks, the defense attorney called into question the investigator's evidence and means of collecting it, as well as information and people who weren't investigated.

Part of Adams's barrage of questions for O'Neil focused on Charles Richards and William (Rob) Robertson, two other systems administrators who were put on leave in the month following the attack and then ultimately let go from their jobs at UBS. The attorney asked the agent why the Secret Service didn't seize the two men's work computers or weave them into the official investigation, especially when a small string of the code was found in the swap space of one of Richards' two computers. Swap space is where data is stored for programs running in memory.

O'Neil testified that he and other agents interviewed each man for one to two hours and considered them nothing more than fact witnesses. Both men, who reportedly were friends with Duronio, were systems administrators who worked to help recover the network after the attack.

In a report from @Stake, Inc., the computer forensics company UBS hired in the days after the attack, experts noted that they had examined the men's computers but didn't find criminal evidence, despite finding two short, but related, strings in the one computer. "The surrounding information did not lead us to believe it existed in the system," according to the report. "It was clear they were not direct entries Based on the evidence collected, @Stake believes it is unlikely CR and RR were directly involved in any malicious activity against UBS PaineWebber."

Adams has repeatedly argued against UBS using @Stake for forensic work because @Stake, now owned by Symantec Corp., employed well-known hackers.

Adams also grilled O'Neil about the fact that other computer code was found in Duronio's home but O'Neil was only specifically alerted about what ultimately turned out to be a portion of the malicious code that was on the printout found on a dresser in the master bedroom. ''Is it your testimony that prior to the search you were never shown a copy of the logic bomb or its components?" Adams said. "Yes," O'Neil responded.

Adams questioned how the agents, who had not yet seen the malicious code, could quickly identify the code on the dresser as potential evidence. "Because [an agent] found a piece of paper with some type of gibberish on it, that caused him, without knowing anything about Unix, to say, 'Get Agent O'Neil up here'?" Adams continued. "After all, the other agents found computer code in the house but they only alerted you to this one?"

O'Neil responded that this piece of paper did stand out. "It was the only paper with code on it on the dresser," he said. "There was nothing else like this."

On Tuesday, Adams had a similar string of questions surrounding a latent fingerprint found on the hardcopy of the code. When questioned, O'Neil said they had found an identifiable print on the paper but it didn't belong to Duronio or to either agent who handled it at the scene.

"The agent wasn't wearing gloves, but he still didn't leave fingerprints on it?" Adams asked. O'Neil said that he had handled it without gloves on, as well.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.