UBS Trial: Parts Of Attack Code Found At Defendant's Home - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance

UBS Trial: Parts Of Attack Code Found At Defendant's Home

A U.S. Secret Service agent testified that a search of Roger Duronio's home turned up part of a logic bomb on two of his home computers and in a printout found lying on top of a bedroom dresser. The defense, meanwhile, pounded away at UBS PaineWebber's security lapses.

Newark, N.J. --- Efforts by the defense in the UBS PaineWebber computer sabotage trial to foist blame elsewhere, took a hit Friday, after testimony from a U.S. Secret Service agent revealed that parts of the code used to bring down the UBS network four years ago, was found on two of the defendant's home computers, as well as in a hardcopy printout lying on top of his bedroom dresser.

The Secret Service testimony ended what had been a week of contentious arguments on a strong note for the prosecution

Secret Service agents executed a warrant and searched the Bogota, N.J. home of Roger Duronio, on March 21, 2002 -- 17 days after the financial giant was hit by what prosecutors are calling a logic bomb. The segment of coding found in his home was part of the 50 to 70 lines of malicious code that was used to take down about 2,000 servers, including UBS' main host server in its Weehawkin, N.J. data center, along with branch servers in about 370 offices around the country in the March 4, 2002 incident.

Duronio, 63, is facing four federal criminal charges, including computer sabotage, securities fraud and mail fraud. The government contends he crippled the company's network in a vengeful plot aimed at making money by buying stock options that would pay off if the company's stock dropped " something he allegedly tried to make happen by shutting down UBS' ability to do business for anywhere between a day and several weeks, depending on the location.

While cross-examining other witnesses in court this past week, Chris Adams, Duronio's defense attorney hammered away at what he's calling significant weaknesses in UBS' security. He says the network was riddled with holes that could have allowed a hacker or another system administrator to plant the malicious code.

Adams has thrown a slew of possible who-done-it theories at the jury, including repeated suggestions that the damage was caused by Cisco Systems, Inc. during a planned penetration test of the UBS network that month, or that there was some impropriety by @Stake, Inc., the first forensic team called in on the case.

However, in his testimony Thursday, Secret Service Special Agent Gregory O'Neil said all trails led to Duronio.

He told the jury that a team of 14 agents conducted the four-hour search that led them to a folded up piece of paper with scribbles on the back of it. The paper, which sat on the dresser in Duronio's master bedroom, had the code for the logic bomb's trigger mechanism printed out on it.

O'Neil said several pieces of the coding on the paper quickly jumped out at him: mon; hour >= 9; min >= 30; mrm.

''I knew UBS' computer system had gone down on a Monday at 9:30 [a.m.] and I knew 'mrm' was identified as part of the malicious code,'' he told the jury. ''It was the source code for the trigger of the logic bomb.'' There was a line at the very top of the printout: wait_tst.c.txt. Agent O'Neil also said the Secret Service seized four computers from Duronio's home that day. They subsequently found the wait_tst.c.txt file on two of the seven hard drives that were contained in the four machines. The code on the computer files was the ''identical'' chain of code that had been found printed out in the bedroom, he testified.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
White Papers
More White Papers
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll