Prosecution Witness: UBS PaineWebber Network Still Suffering Four Years After Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Prosecution Witness: UBS PaineWebber Network Still Suffering Four Years After Attack

The logic bomb had a "catastrophic impact," bringing operations to a standstill and wiping out servers around the country, according to testimony from an IT manager for the company.

Newark, N.J. -- The network at UBS PaineWebber is still suffering damage four years after a logic bomb attack, said an IT manager for the company in testimony Wednesday in a trial against the accused attacker.

While trading resumed in the days following the March 4, 2002, attack, some of the information on the approximately 2,000 Unix-based servers in the home office and 370 branch offices that were hit by the malicious code was never fully restored, according to Elvira Maria Rodriguez, the then-IT manager in charge of maintaining the stability of the company servers.

"I don't believe we were ever back to that point," said Rodriguez, who was the first witness called in the federal criminal trial against Roger Duronio, 63, a former systems administrator at UBS PaineWebber. "We were always having issues with these large-scale servers [after the attack]. We never had the luxury to focus on completely going over all the servers. We just didn't have the time."

She said it would have taken her a year to make all the servers right again, even if that was all she had to do every day. "We just had to learn to live with it," she said.

Rodriguez said the attack had a "catastrophic impact," bringing operations to a standstill and wiping out servers not just in the central data center, but around the country.

Duronio faces four counts, including computer sabotage, securities fraud, and mail fraud, in connection with the incident, which left about 8,000 of the company's brokers without the ability to trade for a day or more, and 9,000 other workers without the ability to access their desktops. It also leveled servers in the company's home office in Weehawken, N.J., and in nearly every branch office around the country.

The trial was in its second day in U.S. District Court on Wednesday.

Chris Adams, Duronio's defense attorney and a partner at Walder, Hayden & Brogan in Roseland, N.J., says his client isn't to blame for what he called the "unsophisticated and sophomoric" code that, he added, was most likely planted as a prank. Adams says the company network was riddled with security holes that allowed people to "walk around in the system undetected and masquerade as someone else."

The Plot

In his opening statement Tuesday, Assistant U.S. Attorney V. Grady O'Malley laid out the government's case against Duronio, whose own lawyer describe him as an experienced computer programmer. O'Malley told jurors Duronio sought revenge against his employer by building and disseminating the logic bomb, which was designed to delete all the files in the host server in the central data center and in every server in every U.S. branch office. Duronio was allegedly also looking to make up for some of the money he felt he'd been denied.

The government contends Duronio wanted to take home $175,000 a year. He had a base salary of $125,000 and stood to get a maximum annual bonus of $50,000. But the bonus came in $18,000 shy of his expectations.

When he didn't receive the full bonus, he went to his supervisor to make his case for more money. When that move was rejected, O'Malley says Duronio quit his job, leaving the malicious code in place to wreak havoc on the preplanned date and time.

But Duronio didn't end his plan there, according to prosecutors. He wanted revenge, but he also wanted to make some money off his endeavor. Duronio left UBS for the last time and went to a broker's office, where he spent the money he got from cashing out his and his wife's $20,000 IRA on several "put" options. This is a type of investment that only pays out if the company's stock drops in value.

Duronio, according to O'Malley, raised the stakes on this bet by putting a short time frame on it--he risked everything on UBS's stock taking a dive within 11 days.

Despite the damage, UBS's stock didn't drop, and Duronio's investments didn't pay off.

Sleepless In Weehawken

In the second day of her testimony, which lasted a total of five hours, Rodriguez told jurors that she spent a full night on a conference call with a slew of the 200 IBM tech workers who were called in to help restore the branch servers.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Conversational AI Comes of Age
Guest Commentary, Guest Commentary,  8/7/2020
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll