Former UBS PaineWebber Systems Administrator Charged With Planting Logic Bomb - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Former UBS PaineWebber Systems Administrator Charged With Planting Logic Bomb

Attack highlights difficulties businesses face in securing systems from insiders who turn bad.

Roger Duronio, a former UBS PaineWebber Inc. systems administrator, was charged this week with planting a logic bomb on the financial-services company's network, once again highlighting the difficulties businesses face in securing systems from insiders who turn bad.

Federal prosecutors say Duronio bought UBS put options with the hope that the company's stock price would fall as a result of damage caused by the logic bomb, which is software code designed to harm computer systems. On March 4, the indictment contends, the bomb went off and damaged files on more than 1,000 of UBS's computers.

Duronio is being charged with securities fraud and one count of computer-related fraud, carrying a combined maximum sentence of 20 years prison and fines of more than $1.25 million. The logic bomb allegedly deleted files and led to $3 million in costs for PaineWebber to assess and repair the damage.

Chief security officers say it's very difficult to protect business-technology systems from trusted employees. "If someone on the inside is brazen enough, there's not much you can do. You've got to trust people," says a security officer at a major financial-services firm.

There have been plenty of examples in recent months of insiders and former employees committing computer crimes. Last month, federal investigators said they thwarted the largest identity-theft ring in U.S. history. It was led largely by a person who had access to customer credit reports and reportedly victimized more than 30,000 people, with losses expected to exceed $2.7 million. In September, a San Dimas, Calif., man pleaded guilty to illegally accessing the computer systems of his former employer to gain competitive advantage after taking a job with a rival firm.

Security and business-technology managers view attacks over the Internet as their greatest threat. For the fifth year in a row, respondents to the Computer Security Institute/FBI Computer Crime and Security Survey cited the Internet as the most frequent point of attack: 74% cited the Internet, while 33% cited internal systems.

Yet, "companies aren't spending enough, or doing enough, to protect their systems," says Mark Rasch, former head of the Justice Department's computer-crimes unit and senior VP and chief security counsel for security vendor Solutionary Inc. "It's still mostly just talk. The bad news is it's going to take a catastrophic event" to get companies to take security seriously, and Rasch believes that such an event "is going to happen."

And it may be caused by insiders, those who know a company's systems and weaknesses and can inflict serious damage. Solid technology, tough policies, and tight control over systems changes are needed to protect a company's electronic assets from malicious employees, security experts say.

"It's a matter of strong change control," says Peter Tippett, vice chairman and chief technologist for security-services company TruSecure Corp. "When it comes to administrators with access to servers, you have to have them watch each other. It should take two administrators present for any changes to the system." All server changes need to be logged to separate systems that the administrators can't access and change, Tippett says. "You start doing that, and they'll know they'll get caught. It's a deterrent."

That advice looks good on paper, says the chief security officer at a consumer-goods manufacturer in New Jersey. "I barely have the staff to keep up on maintenance and patches," he says. "I can't afford to have two administrators at every server for every update."

Still, it might be cheaper than dealing with the damage caused by a disgruntled staffer or former employee. While no company can totally protect its systems, especially from insiders, aggressive policies can cut the risk. "It will still happen from time to time," Tippett says. "But you can greatly reduce the likelihood."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
How to Fail: Digital Transformation Mistakes
Jessica Davis, Senior Editor, Enterprise Apps,  11/6/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll