Sponsored By

Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack

Prosecutors claim the defendant, a former systems administrator for the company, set off a logic bomb designed to crash the network to get revenge for not being paid what he thought he was worth. But the defense argues anyone could have made the "sophomoric" attack.

Sharon Gaudin

June 6, 2006

4 Min Read

While the network did go down, UBS's stock didn't, and the gamble didn't pay off, said O'Malley.

The prosecutor told the jury he'll put on the stand a computer forensics expert who will show that Duronio's password and user account information were used to gain remote access to the areas where the malicious code was built inside the UBS network. And he'll also call to the stand the U.S. Secret Service agent who investigated the case. The agent executed a warrant on March 21, 2002, and allegedly found hard copy of the logic bomb's source code on the defendant's bedroom dresser. The Secret Service also allegedly found the source code on two of his four home computers.

'Unsophisticated, Sophomoric Prank'

Chris Adams, Duronio's defense attorney and a partner at Walder Hayden & Brogan in Roseland, N.J., says the government has it all wrong. In his opening statements, Adams said not only does the government have the wrong man, but he added that what he called the "unsophisticated and sophomoric" code was most likely planted as a prank -- and definitely by someone else.

"Its only goal was to be a nuisance, like a virus," said Adams, who also said the UBS system was riddled with security holes and backdoors that could have offered easy access to attackers.

"UBS computer security had considerable holes," Adams told the jury. "There are flaws in the system that compromise the ability to determine what is and isn't true. Does the ability to walk around in the system undetected and masquerade as someone else affect your ability to say what has happened?"

Adams went a step further in his opening statements, saying UBS and @Stake, the first forensic company called in to work on the problem, withheld some information from the government and even "destroyed" some of the evidence.

As for the stock options that Duronio bought, Adams said they weren't risky bets or part of a scheme. "They are a common investment practice," he added. "It's not betting."

The Day Of The Attack

On the day of the attack, Rodriguez said that at one point there was "chaos" in the UBS Escalation Center. Systems administrators and other IT workers were streaming into the offices there, asking questions and making suggestions. A room that normally sees six or seven workers was suddenly teeming with 20 or 30 by midmorning. By noon, she says there were maybe 50 people working on the downed network. Just an hour later, there were hundreds involved across the country.

Rodriguez said while trying to run a backup to get a main server up and running again, she discovered a piece of code (MRM -r) that seemed to hang the system up every time it ran. ''We renamed the command so the system wouldn't find it," she explained. "We let the server reboot then and it came back up and didn't delete anything."

Once she had the code isolated, she tested her theory and started pushing the change out to all the branch offices. Two thousand servers needed to be brought back up using the backup tapes and cutting out this line of code. And it was going to take a lot of time. To restore one type of server, it might take 30 to 60 minutes. To restore another type -- which actually made up two-thirds of the downed servers -- it took closer to two hours. If there were problems, that timeframe was extended to four or six hours.

To get the job done as soon as possible, UBS called in 200 IBM techs to head out to all the branch offices.

"Every branch was having problems," she said. "Every single broker was complaining. They couldn't log on to their desktops and [get to] their applications because the servers were down. The brokers might have been able to make some calls to friend brokers, but my understanding was that trading was not doable."

Many of the servers were down that whole day and part of the next. Some servers in remote locations were down for weeks.

Arguments in the case will continue Wednesday morning.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights