Ex-UBS Sys Admin Found Guilty, Prosecutors To Seek Maximum Sentence
Prosecutors will seek an eight-year prison sentence for 63-year-old Roger Duronio, once a systems administrator for UBS PaineWebber, convicted Wednesday of launching an attack that brought down the company network.
The systems administrator found guilty Wednesday of launching an attack on UBS PaineWebber four years ago now faces a maximum of 6-1/2 to eight years in federal prison. And federal prosecutors say they will be asking for the maximum sentence.
After about 20 hours of deliberation, the jury returned a guilty verdict on two out of four charges for Roger Duronio, 63, of Bogota, N.J. Duronio was found guilty of computer sabotage and securities fraud. He was acquitted on two counts of mail fraud. He will be sentenced at a later date.
Karina Byrne, a spokeswoman for UBS, said executives at the company appreciate the hard work the entire prosecution team put into the case and are just happy to get the incident behind them.
"UBS is committed to ensuring the safety and security of our computer system," she read from a prepared statement. "We're grateful for the hard work of the jury."
UBS was hit on March 4, 2002, at 9:30 in the morning, just as the stock market opened for the day. Files were deleted from up to 2,000 servers in both the central data center in Weehawken, N.J., and in branch offices around the country. Company representatives never reported the cost of lost business but did say it cost the company more than $3.1 million to get the system back up and running.
Duronio worked at UBS as a systems administrator until he quit a few weeks before the attack. Witnesses testified that he quit because he was angry that he didn't receive as large an annual bonus as he expected. Investigators found copies of the malicious code on two of his home computers and on a printout sitting on his bedroom dresser.
The defense argued that the UBS network was riddled with security holes that would have allowed any number of people to masquerade as Duronio and move around the network unnoticed. They also argued that the evidence available--in the form of backup tapes for the damaged servers--was incomplete, leaving holes in the picture of what happened in the months before the security incident.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.