[ISN] Ex-Boss Describes Sys Admin's Anger During PaineWebber Sabotage Trial

From: InfoSec News (isn@private)
Date: Mon Jun 12 2006 - 01:27:24 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=188703100

By Sharon Gaudin 
InformationWeek 
Jun 8, 2006

Newark, N.J. -- On the day a system administrator at UBS PaineWebber
learned his annual bonus had fallen short by about $15,000, he leveled
an ultimatum at his boss: give him a written contract for more money
or he was walking out the door, according to testimony Thursday in the
federal criminal computer sabotage trial.

But prosecutors charge that quitting his job wasn't the only thing on
his mind in late February of 2002. They say Roger Duronio, a
three-year employee in the financial giant's IT department, had
already hatched a plan to plant malicious code on the network that
would wipe out critical data across the country and drive down the
company's stock price.

Once Duronio packed up and was escorted out the building that day, he
headed straight to a broker's office to buy stock options that would
pay out if UBS suffered a setback. And that, the government contends,
put the final stages of Duronio's plot into action.

"On the day the actual bonuses were paid out.... Roger came into my
office and, in somewhat of an upset tone, said he wanted a written
contract for his compensation," Rajeev Khanna, manager for UBS's Unix
Systems Group at the time of the attack, told the jury in his second
day of testimony in U.S. District Court before Judge Joseph Greenaway.  
"He said if he did not have a contract by the end of the day, he was
going to start packing.... He was visibly upset. It was his tone and
there was some redness on his face."

Duronio faces four counts, including computer sabotage, securities
fraud, and mail fraud, in connection with the incident, which left
about 8,000 of the company's brokers without the ability to trade for
a day or more, and 9,000 other workers without the ability to access
their desktops. It also leveled servers in the company's home office
in Weehawkin, N.J., and in nearly every branch office around the
country.

Duronio reportedly wanted to take home $175,000 a year. At the time he
quit his job at UBS, he was making a base salary of $125,000 and had
an opportunity for a maximum bonus of $50,000.

It was the loss of that $15,000 that pushed Duronio to walk away from
his job and try to make bigger money by investing in short-term "put
options," which are a type of investment that only pay out if the
company's stock price falls. The shorter the term--in this case 11
days--the bigger the payout.

The prosecution says Duronio started building components of the
malicious code " what they're calling a logic bomb " the previous
November.

By the time Duronio found out for sure in February that he wasn't
getting the bonus he'd been expecting, the logic bomb was already
built and loaded onto the main host server in UBS's data center in
Weehawkin, N.J., and on about 370 branch servers around the country.  
When he quit his job that day, the government says, the code was
already sitting quietly on the servers just waiting for 9:30 a.m. on
March 4 to go off.

In earlier testimony at the trial, PaineWebber employees described how
the network still hasn't recovered, four years later.

But Chris Adams, Duronio's defense attorney and a partner at Walder,
Hayden & Brogan in Roseland, N.J., says his client not only didn't
commit the crime, he was a valuable employee at UBS PaineWebber, which
changed its name to UBS Wealth Management USA in 2003.

UBS' network was riddled with security holes that left them wide open
to attack, Adams said in his opening statements Tuesday. The network
also left Duronio wide open to someone else using his ID and passwords
to masquerade as the system administrator and move around undetected
in the system.

On cross examination Thursday, Adams asked Khanna, who had been
Duronio's supervisor, if the defendant had been a good worker and
integral to the IT team.

Khanna replied that he "would not say" Duronio had been outstanding.  
But he agreed with Adams that he had marked Duronio as someone who
"consistently meets and sometimes exceeds" expectations.

Khanna described Duronio as a valuable worker even in his main
testimony in front of the prosecutor, Assistant U.S. Attorney Mauro
Wolfe. "Overall, I gave him a satisfactory rating," he testified. "He
did what he was asked to do and he did it well."

Khanna said that's why he went to bat for Duronio and sought a raise
for him in 2000, not long after the defendant started work at UBS.  
Duronio's pay went up $10,000 that year. "He expressed some concerns
about cash flow and not having enough money coming in on a monthly
basis," said Khanna.

But by the fall of 2001, it became clear that the drooping economy and
the troubled market were taking a toll on UBS. Khanna said he simply
had a much smaller pool of bonus money to work with that year. As the
manager of a few people himself, Duronio was even in on some of the
conversations about having to lessen workers' bonuses that year,
Khanna added.

And even when Duronio threatened to quit on the spot if he wasn't
given a contract that day, Khanna says he went to his supervisor and
to Human Resources to see if anything could be done. Later, when
Khanna escorted Duronio back to his desk to collect his things, he
said he had already packed them up into a box.

The defense will continue its cross-examination of Khanna on Friday
morning.

Copyright © 2006 CMP Media LLC, All rights reserved.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jun 12 2006 - 02:00:19 PDT