Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack

Prosecutors claim the defendant, a former systems administrator for the company, set off a logic bomb designed to crash the network to get revenge for not being paid what he thought he was worth. But the defense argues anyone could have made the "sophomoric" attack.

NEWARK, N.J.--Federal prosecutors opened their case against former UBS PaineWebber systems administrator Roger Duronio on Tuesday by calling to the stand a woman who had to clean up the logic bomb he allegedly set off.

IT manager Elvira Maria Rodriguez told the court she arrived at work at the company's Escalation Center in Weehawkin, N.J., at 8:30 or 9 a.m. on March 4, 2002, expecting nothing out of the ordinary. She logged into the system and phoned into the weekly Monday-morning conference call.

But just as it turned 9:30 and the stock market was opening for the day, Rodriguez, who was in charge of maintaining the stability of the servers in the company's branch offices, heard her computer beep. She turned to look at it and saw the words "cannot find" on her screen. She hit "enter" to see the message again but her screen was frozen.

Then she glanced at her phone and saw that 60 calls had come in all at once.

On any other day, she might have two or three calls on hold at one time.

But this wasn't going to be any other day.

This was the day when 2,000 of the company's servers went down, leaving about 17,000 brokers across the country unable to make trades. Nearly 400 branch offices were affected. Files were deleted. Backups went down within minutes of being run. The system was offline for more than a day, and UBS PaineWebber -- which was renamed UBS Wealth Management USA in 2003 -- spent about $3.1 million in assessing and restoring the network. Executives at the company haven't reported how much was lost in business downtime.

"It was pretty unbelievable," said Rodriguez, who was the first witness for the prosecution. "It was the magnitude of it. How on earth were we going to bring them all back up? How was this going to affect the company? If I had a scale of one to 10, this would be a 10-plus."

The Prosecution's Case

Federal prosecutors charge that Duronio, a former systems administrator at UBS PaineWebber, planted malicious code -- what they're calling a logic bomb -- on the company's network.

Assistant U.S. Attorney V. Grady O'Malley told jurors that Duronio, 63, of Bogota, N.J., sought revenge against his employer by building, planting, and disseminating the logic bomb, which was designed to delete all the files in the host server in the central data center and in every server in every U.S. branch office. But more importantly, according to O'Malley, was the fact that Duronio was looking to make up for some of the cash he felt he'd been denied.

Duronio allegedly wanted to take home $175,000 a year. The government says he had a base salary of $125,000 and stood to get a maximum annual bonus of $50,000. But the bonus came in shy of his expectations -- $18,000 shy.

"If he wasn't going to receive that, he was going to level a catastrophe against UBS that would rock their financial stability -- and that would get him the biggest payday of his life," O'Malley told the jury at U.S. District Court in Newark.

Duronio is facing federal charges, including mail fraud, securities fraud, and computer sabotage. If convicted, he could be sentenced to a maximum 30 years, fines of up to $1 million, and restitution for the money UBS spent on recovery. Opening statements kicked off in his trial Tuesday morning.

Bet The IRA

The government contends Duronio built and planted the malicious code months ahead of time and then bought stock options -- using money that he got cashing out his and his wife's $20,000 IRA -- that would only pay out if the company's stock took a dive within 11 days. By laying out a short expiration date -- 11 days instead of maybe a year or two -- the gain from any payout would be much greater.

O'Malley said Duronio planned on making sure that that's exactly what would happen, by crippling the company's network.

"He knew something everyone else didn't know," O'Malley told the jury. "As he was escorted out the door [on the day he quit], there was working in the UBS system a time bomb. Within an hour or so, he was in a broker's office making bets that UBS would take a dive."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll