Witness: Angry PaineWebber Defendant Said 'God Only Knows What I Could Do'

Newark -- About an hour after quitting his job at UBS PaineWebber, the man who is now on trial for allegedly planting a logic bomb that crippled the company's network told his financial advisor he was so angry at the company that "God only knows what I could do," according to testimony in the trial Friday.

Gerard Speziale, who worked as a financial advisor for UBS at the time of the attack, told a jury in U.S. District Court that Roger Duronio, a former systems administrator at UBS who stands accused of four federal criminal charges, came to his office looking to buy stock options shortly after packing up and walking out of his job.

Speziale, who handled stock for UBS employees including Duronio, said he told Duronio he was surprised Duronio quit his job.

"He told me he had just quit his job, and he told me he wanted to buy 'put' contracts," Speziale said. "I went back to the issue of why he quit his job... He said he was upset about the amount of his bonus, he said he was very angry."

Duronio, 63, of Bogota, N.J., is facing four counts, including securities fraud and mail fraud, in the computer sabotage case. He's accused of building and disseminating malicious code for a logic bomb in his employer's central host server and the Unix-based servers running the company's 370 branch offices.

When the malicious code was triggered on March 4, 2002, at 9:30 a.m., just as the stock market opened for the day, about 2,000 of the company's critical servers went down, leaving about 8,000 brokers unable to do business for the day, and in some cases, several weeks. Four years later, the company network is still damaged by the attack, according to testimony from this week's trial.

UBS reported to the government that the company spent $3.1 million mopping up and restoring the servers. Executives there have never reported the cost of lost business.

In testimony Thursday, Duronio's former manager described how Duronio was very angry when he failed to get the compensation he felt he deserved.

Chris Adams, Duronio's defense attorney, contends his client is innocent of the charges. The problem, he said, is the security holes that riddled UBS's computer network, allowing users to "masquerade" as other employees and enabling people to move around on the network undetected and untraceable.

Betting Against The Company

During his testimony, Speziale said he was surprised at the "risky" investment that Duronio said he wanted to make.

Duronio, he said, wanted to buy put options on UBS stock, which would only pay off if the company's stock price dropped down below a certain point before a preselected date. The shorter the expiration date--only 11 days in this case--the greater the potential payout and the greater the risk. If the company's stock doesn't drop to the specific level in that time frame, the investor loses everything.

"I thought the investments he was making didn't make much sense," said Speziale. "They were risky. The stock price was remaining stable. I told them he was burning good money after bad... The only person who would buy that is someone who expects that stock to drop in a specific period of time."

Assistant U.S. Attorney V. Grady O'Malley, who is prosecuting the case along with Assistant U.S. Attorney Mauro Wolfe, said in his opening statement that Duronio wasn't just hoping UBS's stock would drop, he had taken steps to make it happen.

O'Malley and Wolfe contend that, suspecting his annual bonus would come in under his expectations, the disgruntled Duronio began building and planting the malicious code the November before. When he received his bonus on Feb. 2, 2002, it came in $15,000 below the maximum it could have been. That's when he decided to walk out on his job, leaving the ticking logic bomb to wreak havoc a few weeks later, O'Malley told the jury this past week.

Attacking UBS's Security

Adams told the jury that UBS's security was the real problem, not his client, whom he described as a "valuable" employee who had received positive performance reviews during his three years with the company. The problem, Adams said during his cross-examination of Rajeev Khanna, an IT manager at UBS at the time of the attack, was that 40 systems administrators in the company's data center all used the same password when gaining root access to the Unix-based network. Khanna acknowledged that IT workers logged on to the system using their own usernames and passwords and then all used the same security code for root access.

That means, Adams pointed out, that the system was unable to digitally distinguish between any of the 40 root users once they were in the system. And Khanna also agreed that a root user could manipulate the server's history file to change the log of who came into the system and when they entered and exited.

The defense attorney also pointed to the report from a penetration test that UBS hired Cisco to do between Feb. 7, 2002, and March 22 of the same year. Though he wouldn't release the document, Adams said it reported that Cisco was able to penetrate the company's system. He showed a line from the report on a screen to the jury: "Malicious long-term exploitation of the UBS PaineWebber internal and external network from the Internet is a realistic threat."

The trial will go into its second week when Speziale returns to the stand Tuesday morning.