UBS Trial: Parts Of Attack Code Found At Defendant's Home
A U.S. Secret Service agent testified that a search of Roger Duronio's home turned up part of a logic bomb on two of his home computers and in a printout found lying on top of a bedroom dresser. The defense, meanwhile, pounded away at UBS PaineWebber's security lapses.
Newark, N.J. --- Efforts by the defense in the UBS PaineWebber computer sabotage trial to foist blame elsewhere, took a hit Friday, after testimony from a U.S. Secret Service agent revealed that parts of the code used to bring down the UBS network four years ago, was found on two of the defendant's home computers, as well as in a hardcopy printout lying on top of his bedroom dresser.
The Secret Service testimony ended what had been a week of contentious arguments on a strong note for the prosecution
Secret Service agents executed a warrant and searched the Bogota, N.J. home of Roger Duronio, on March 21, 2002 -- 17 days after the financial giant was hit by what prosecutors are calling a logic bomb. The segment of coding found in his home was part of the 50 to 70 lines of malicious code that was used to take down about 2,000 servers, including UBS' main host server in its Weehawkin, N.J. data center, along with branch servers in about 370 offices around the country in the March 4, 2002 incident.
Duronio, 63, is facing four federal criminal charges, including computer sabotage, securities fraud and mail fraud. The government contends he crippled the company's network in a vengeful plot aimed at making money by buying stock options that would pay off if the company's stock dropped " something he allegedly tried to make happen by shutting down UBS' ability to do business for anywhere between a day and several weeks, depending on the location.
While cross-examining other witnesses in court this past week, Chris Adams, Duronio's defense attorney hammered away at what he's calling significant weaknesses in UBS' security. He says the network was riddled with holes that could have allowed a hacker or another system administrator to plant the malicious code.
Adams has thrown a slew of possible who-done-it theories at the jury, including repeated suggestions that the damage was caused by Cisco Systems, Inc. during a planned penetration test of the UBS network that month, or that there was some impropriety by @Stake, Inc., the first forensic team called in on the case.
However, in his testimony Thursday, Secret Service Special Agent Gregory O'Neil said all trails led to Duronio.
He told the jury that a team of 14 agents conducted the four-hour search that led them to a folded up piece of paper with scribbles on the back of it. The paper, which sat on the dresser in Duronio's master bedroom, had the code for the logic bomb's trigger mechanism printed out on it.
O'Neil said several pieces of the coding on the paper quickly jumped out at him:
hour >= 9;
min >= 30;
''I knew UBS' computer system had gone down on a Monday at 9:30 [a.m.] and I knew 'mrm' was identified as part of the malicious code,'' he told the jury. ''It was the source code for the trigger of the logic bomb.'' There was a line at the very top of the printout: wait_tst.c.txt.
Agent O'Neil also said the Secret Service seized four computers from Duronio's home that day. They subsequently found the wait_tst.c.txt file on two of the seven hard drives that were contained in the four machines. The code on the computer files was the ''identical'' chain of code that had been found printed out in the bedroom, he testified.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.