The state prosecutor has convincing evidence that a former system administrator at the UBS PaineWebber finance company installed a malicious piece of code he has written on over a thousand of the company’s computers – including the back-up system – and programmed his “logic bomb” to go off at a set time and date. When the giant company was brought to a standstill – due to every single computer ceasing to function – the insider tried to make money on the company’s falling value on the stock market. The company had to pay out 3.2 million USD on restoring the computers alone. InfoWatch experts consider that UBS PaineWebber can consider itself fortunate that it did not go out of business altogether, since the central office and its branch offices were knocked out for days or even weeks.
The former system administrator of UBS PaineWebber is accused of computer sabotage. Information Week reports that the prosecutor maintains that the insider caused two-thirds of the company network to cease working with the intention of making money on the company’s falling share price.
The charge is that sixty-year-old Roger Duronio created and installed a malicious program onto over a thousand computers at the central UBS PaineWebber office, as well as at 370 branch offices. The “logic bomb” was set to go off on March 4th, 2002, when the malicious code kicked in and started deleting the company’s data. This brought the company to a standstill for several days at some of its offices, and for several weeks at others.
The attack cost UBS PaineWebber (renamed UBS Wealth Management in 2003) 3 million USD. This sum represents only the costs of managing the damage to the computer system and does not include damages arising from computer downtime or lost share value.
Roger Duronio is accused on four counts – one count of computer intrusion, one count of mail fraud, and two counts of securities fraud. The government contends that in the months leading up to the planting of the logic bomb and the subsequent attack, Duronio, using the U.S. postal system, bought more than 21,000 USD-worth of ‘put option’ contracts for PaineWebber's parent company. A put option is a type of stock that actually increases in value when the stock price drops. According to the prosecutor, Duronio was betting the attack would cripple the company's network, and its stock would fall in the aftermath, allowing him to cash in. Because of this part of his alleged plan, Duronio is being charged with mail and securities fraud.
This was a concerted attack. All the company computers went down at once. On the morning of March 4th, 2002, system administrators began receiving calls complaining that computers were not working. Hundreds of calls. By 10 o’clock, it was clear that the problem affected the entire company. However, the state prosecutor does not believe in coincidences and since Duronio had supported the system for three years and knew all of its foibles, he naturally fell under suspicion. Moreover, the prosecution believes that Duronio was motivated not only by greed, but also by dissatisfaction with the pay deal he contracted with the company the previous year – a full 13,000 USD short of the 175,000 USD he had wanted.
The prosecution maintains that Duronio was a “trusted insider” and had full access and maximum privileges on the system. He created the logic bomb and planted it on a UNIX machine at the central office before spreading it to over a thousand computers across the company. The malicious program was made up of 50-70 lines of code and was designed to delete every file on the computer. In addition, he installed the logic bomb on the back-up server in order to destroy all the data held on magnetic tape. Several weeks before the logic bomb went off, Duronio quit the company. The attack was set to happen at 9.30 each Monday morning over the months of March, April and May, 2002 – 9.30 on Monday morning is when the stock market opens.
Specialists from the US Secret Service were called in to help with the investigation. It turned out that the logic bomb was installed remotely, moreover, log analysis showed that someone remotely got onto the computers where the logic bomb was found using Roger Duronio’s name and password. In addition, on the 21st of March, 2002, a police search of Mr. Duronio’s home turned up a hard disk in a cupboard which contained the malicious code. The code was also found on two of his four home computers.
Computer sabotage is a federal offense if it affects a computer used in interstate commerce and causes more than 5,000 USD worth of damage to the company over a 12-month span. Duronio faces a maximum sentence of 30 years, fines of up to 1 million USD and restitution of the 3.2 million USB PaineWebber spent on recovery.
Denis Zenkin, InfoWatch’s Marketing Director said, “Sabotage is an extremely dangerous kind of insider crime since just one incident can cost a company tens of millions of dollars, if not its entire business. The only protection is an automatic monitoring system which records employees’ actions and flags up suspicious or dangerous operations.”
Source: Information Week