Newark, N.J. -- The network at UBS PaineWebber is still suffering damage four years after a logic bomb attack, said an IT manager for the company in testimony Wednesday in a trial against the accused attacker.
While trading resumed in the days following the March 4, 2002, attack, some of the information on the approximately 2,000 Unix-based servers in the home office and 370 branch offices that were hit by the malicious code was never fully restored, according to Elvira Maria Rodriguez, the then-IT manager in charge of maintaining the stability of the company servers.
"I don't believe we were ever back to that point," said Rodriguez, who was the first witness called in the federal criminal trial against Roger Duronio, 63, a former systems administrator at UBS PaineWebber. "We were always having issues with these large-scale servers [after the attack]. We never had the luxury to focus on completely going over all the servers. We just didn't have the time."
She said it would have taken her a year to make all the servers right again, even if that was all she had to do every day. "We just had to learn to live with it," she said.
Rodriguez said the attack had a "catastrophic impact," bringing operations to a standstill and wiping out servers not just in the central data center, but around the country.
Duronio faces four counts, including computer sabotage, securities fraud, and mail fraud, in connection with the incident, which left about 8,000 of the company's brokers without the ability to trade for a day or more, and 9,000 other workers without the ability to access their desktops. It also leveled servers in the company's home office in Weehawken, N.J., and in nearly every branch office around the country.
The trial was in its second day in U.S. District Court on Wednesday.
Chris Adams, Duronio's defense attorney and a partner at Walder, Hayden & Brogan in Roseland, N.J., says his client isn't to blame for what he called the "unsophisticated and sophomoric" code that, he added, was most likely planted as a prank. Adams says the company network was riddled with security holes that allowed people to "walk around in the system undetected and masquerade as someone else."
In his opening statement Tuesday, Assistant U.S. Attorney V. Grady O'Malley laid out the government's case against Duronio, whose own lawyer describe him as an experienced computer programmer. O'Malley told jurors Duronio sought revenge against his employer by building and disseminating the logic bomb, which was designed to delete all the files in the host server in the central data center and in every server in every U.S. branch office. Duronio was allegedly also looking to make up for some of the money he felt he'd been denied.
The government contends Duronio wanted to take home $175,000 a year. He had a base salary of $125,000 and stood to get a maximum annual bonus of $50,000. But the bonus came in $18,000 shy of his expectations.
When he didn't receive the full bonus, he went to his supervisor to make his case for more money. When that move was rejected, O'Malley says Duronio quit his job, leaving the malicious code in place to wreak havoc on the preplanned date and time.
But Duronio didn't end his plan there, according to prosecutors. He wanted revenge, but he also wanted to make some money off his endeavor. Duronio left UBS for the last time and went to a broker's office, where he spent the money he got from cashing out his and his wife's $20,000 IRA on several "put" options. This is a type of investment that only pays out if the company's stock drops in value.
Duronio, according to O'Malley, raised the stakes on this bet by putting a short time frame on it--he risked everything on UBS's stock taking a dive within 11 days.
Despite the damage, UBS's stock didn't drop, and Duronio's investments didn't pay off.
Sleepless In Weehawken
In the second day of her testimony, which lasted a total of five hours, Rodriguez told jurors that she spent a full night on a conference call with a slew of the 200 IBM tech workers who were called in to help restore the branch servers.