UBS Trial Puts Insider Security Threats At Center Stage

Prosecutors say the accused caused chaos by planting simple code. The defense says dozens of people had the access to cause the problem without being identified
Chaos After the Attack
What's beyond dispute are the problems caused by the attack, and the trial offers a rare glimpse into an IT team in full crisis mode.

Rodriguez, who was in charge of maintaining the stability of the branch servers, got on a conference call that night with some of the 200 IBM tech workers who immediately were sent to the company's branch offices. Rodriguez didn't go to bed that night; she stayed on the conference call the rest of the night. She had plenty of company.

Rajeev Khanna, manager for UBS's Unix systems group at the time of the attack, also didn't go home the night of March 4, 2002. Khanna, who oversaw the recovery process, didn't go home for three days, as his team redirected 400 to 500 UBS workers--application developers, project managers, systems administrators, and database administrators--from their normal jobs to work on the restoration.

"The most important thing was for users to be able to log in to their desktops," he testified. "They couldn't log in. They couldn't do the work they do on a daily basis, in terms of pulling data on their clients, making trades, and checking market data."

Prosecutors Wolfe (left) and O'Malley say money and revenge were the motive.

Prosecutors Wolfe (left) and O'Malley say money and revenge were the motive.
The problem wasn't just downed servers. There was mounting chaos in the data center and the Escalation Center, as system administrators and other IT workers flooded in, yelling out questions and suggestions. A room where six or seven people usually work teemed with 20 or 30 by midmorning. By noon, 50 people were working on the downed network, and just an hour later, hundreds were involved across the country.

The problem led to a grim annual ritual for the IT team. To avoid a repeat of the incident, for the next two or three years Rodriguez prepared to fend off a similar attack before every March 4--taking critical servers offline so that if any malicious code still lurked on the network, at least those servers wouldn't be affected. "We had to make sure there was no more business impact," she said.

Beware the Inside Job
Computer attacks by insiders, even by IT professionals, aren't uncommon. With only slight variation from year to year, inside jobs occur as frequently as highly publicized external attacks. Insiders can be more dangerous because of their access privileges and because they're not suspected. "Your system administrators have a lot of power because it's part of the job," says Burton Group analyst Eric Maiwald. "You have some general expectation that they're not trying to cause you harm. If you put too many controls on them, they can't do their jobs.''

Put too few, however, and many sleepless nights may lie ahead.

Continue to the sidebar:
Software Bombs: Simply Tricky

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing