UBS Trial: Parts Of Attack Code Found At Defendant's Home
A U.S. Secret Service agent testified that a search of Roger Duronio's home turned up part of a logic bomb on two of his home computers and in a printout found lying on top of a bedroom dresser. The defense, meanwhile, pounded away at UBS PaineWebber's security lapses.
Newark, N.J. --- Efforts by the defense in the UBS PaineWebber computer sabotage trial to foist blame elsewhere, took a hit Friday, after testimony from a U.S. Secret Service agent revealed that parts of the code used to bring down the UBS network four years ago, was found on two of the defendant's home computers, as well as in a hardcopy printout lying on top of his bedroom dresser.
The Secret Service testimony ended what had been a week of contentious arguments on a strong note for the prosecution
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Quick Tips for Managing Mobile Users
White PapersMore >>
- Strategy: 3 Steps to a Hands-Free Cloud
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
Secret Service agents executed a warrant and searched the Bogota, N.J. home of Roger Duronio, on March 21, 2002 -- 17 days after the financial giant was hit by what prosecutors are calling a logic bomb. The segment of coding found in his home was part of the 50 to 70 lines of malicious code that was used to take down about 2,000 servers, including UBS' main host server in its Weehawkin, N.J. data center, along with branch servers in about 370 offices around the country in the March 4, 2002 incident.
Duronio, 63, is facing four federal criminal charges, including computer sabotage, securities fraud and mail fraud. The government contends he crippled the company's network in a vengeful plot aimed at making money by buying stock options that would pay off if the company's stock dropped " something he allegedly tried to make happen by shutting down UBS' ability to do business for anywhere between a day and several weeks, depending on the location.
While cross-examining other witnesses in court this past week, Chris Adams, Duronio's defense attorney hammered away at what he's calling significant weaknesses in UBS' security. He says the network was riddled with holes that could have allowed a hacker or another system administrator to plant the malicious code.
Adams has thrown a slew of possible who-done-it theories at the jury, including repeated suggestions that the damage was caused by Cisco Systems, Inc. during a planned penetration test of the UBS network that month, or that there was some impropriety by @Stake, Inc., the first forensic team called in on the case.
However, in his testimony Thursday, Secret Service Special Agent Gregory O'Neil said all trails led to Duronio.
He told the jury that a team of 14 agents conducted the four-hour search that led them to a folded up piece of paper with scribbles on the back of it. The paper, which sat on the dresser in Duronio's master bedroom, had the code for the logic bomb's trigger mechanism printed out on it.
O'Neil said several pieces of the coding on the paper quickly jumped out at him: mon; hour >= 9; min >= 30; mrm.
''I knew UBS' computer system had gone down on a Monday at 9:30 [a.m.] and I knew 'mrm' was identified as part of the malicious code,'' he told the jury. ''It was the source code for the trigger of the logic bomb.'' There was a line at the very top of the printout: wait_tst.c.txt. Agent O'Neil also said the Secret Service seized four computers from Duronio's home that day. They subsequently found the wait_tst.c.txt file on two of the seven hard drives that were contained in the four machines. The code on the computer files was the ''identical'' chain of code that had been found printed out in the bedroom, he testified.