UBS Trial: Defense Attacks 'Sloppy' Investigation
A U.S. Secret Service agent came under intense cross-examination in a computer sabotage trial Tuesday. Days after testifying that agents found a printout of malicious code in the defendant's bedroom, the defense spent most of the day hammering the lead investigator.
Newark, N.J. -- After taking it on the chin last Friday, the defense in a computer sabotage trial here pounded away at the Secret Service agent on the stand, riding him on missteps in the investigation, and once again attacking the fact that hackers worked at one of the computer forensics companies involved in the case.
Special Agent Gregory O'Neil of the U.S. Secret Service was repeated questioned by defense attorney Chris Adams about an initial forensic report with a missing page, an unidentified latent fingerprint on a key piece of evidence, and some incorrect dates on a Secret Service report.
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Quick Tips for Managing Mobile Users
White PapersMore >>
- Strategy: 3 Steps to a Hands-Free Cloud
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
O'Neil, who was a lead investigator in the matter, took the stand as a witness for the prosecution in the federal computer sabotage case.
Adams, a partner at Walder Hayden & Brogan in Roseland, N.J., is the lead defense lawyer for Roger Duronio, the 63-year-old former systems administrator accused of planting a logic bomb that crippled the network at UBS PaineWebber four years ago.
Duronio is facing four charges in connection with allegedly writing and planting malicious code on the Unix-based network at UBS PaineWebber, where he had been working for three years. The attack effectively took down about 2,000 of the company's servers, some of which were brought back up in a day, but others remained down for two to three weeks.
In his cross examination of O'Neil, Adams also focused his sights on one specific forensic investigator who had been a hacker before working at @Stake, Inc., the security company that UBS first called in to check out the March 4, 2002 incident.
Karl Kasper, known in the industry as John Tan, identified himself to the federal agent as John Tan, and signed documents with that name. The defense asked O'Neal why he would trust the word, or the work, of someone who gave a false name to the Secret Service. O'Neal replied that he didn't regard it as a false name, simply a name Kasper uses in the trade.
And last Friday, O'Neil said that all roads in the investigation led back to Duronio. First off, he had pointed out that a digital trail led from Duronio's home IP address through the corporate VPN and into the company's servers, on exactly the same dates and times that the malicious code was planted or modified.
O'Neil also told the jury that during the execution of a search warrant on the Duronio home, Secret Service agents found parts of the malicious code on two of his home computers, as well as printed out in a hardcopy that was found on his bedroom dresser.