http://www.informationweek.com/news/showArticle.jhtml?articleID=190301972 By Sharon Gaudin InformationWeek July 10, 2006 Newark - In closing arguments, the prosecution told the jury Monday that the former systems administrator accused of planting a logic bomb on the UBS PaineWebber network four years ago thought he had committed the perfect crime -- mixing revenge with a scheme to cash in on the destruction he was causing. Assistant U.S. Attorney Mauro Wolfe gave his closing arguments to the jury in U.S. District Court here for more than two hours Monday. He told jurors that Roger Duronio, the defendant in this computer sabotage case, was the man with the motive, the means and the ability to do the crime. And on top of that, copies of the trigger for the logic bomb were found in his home. Duronio faces four federal criminal charges in connection with the March 4, 2002 attack on UBS that took down nearly 2,000 servers and crippled its brokers' ability to do business. The trial has moved into its sixth week. The defense will have its turn at closing arguments Tuesday morning, and then the government will have an opportunity for a shorter rebuttal argument. "In [Duronio's] mind, this was a gold mine," Wolfe told the jury. "The person who planted the logic bomb is the same person who intended to profit from it.... Let's make it clear. We submit to you ... the person who committed this crime is sitting right there. It's Roger Duronio." Wolfe walked the jury through five weeks worth of witnesses and the evidence they presented. Laying out the government's case, he said Duronio was a dangerous combination of disgruntled employee and a man in financial straits. And those two aspects intersected when Duronio learned in the fall of 2001 that he would not be receiving the maximum annual bonus that he had been expecting. Needing the money for his son's tuition at NYU, an angry Duronio began building the code that would punish UBS at the same time it created a windfall for him and his family. "Roger Duronio believed he was entitled to a certain compensation, even though the company wasn't doing well after Sept. 11," said Wolfe. "He still felt he was entitled. He was better than everybody. He was smarter than everybody." Wolfe reminded the jury about the testimony of Rajeev Khanna, manager for UBS's Unix Systems Group at the time of the attack. Khanna had told the jury that Duronio went to him in 2000, saying he had "cash flow problems" and asking for a pay increase. Khanna said he had liked Duronio and went to bat for him, even though it was mid-year and an unusual time to ask for, or give out, a pay raise. Khanna got Duronio a $10,000 bump in salary. But Wolfe was quick Monday to remind the jury that Duronio had not been satisfied with it. "It wasn't good enough," Wolfe told the jury. "The seeds were planted. He wasn't happy with what he was taking home." Feb. 22, 2002 was the day the bonuses were handed out and for Duronio, it was the last straw, according to Wolfe. Duronio's bonus was about $15,000 shy of the maximum. While that meant he would take home about $160,000 that year, it was not the full $175,000 he had wanted. Angry, he went to Khanna and demanded a contract for the full $175,000, telling his supervisor that without a contract that very day, he would quit his job, Khanna testified earlier in the trial. The supervisor tried to get Duronio the contract but it didn't go through and when he went to tell the bad news to Duronio, Khanna saw that his systems administrator had already packed his things and was ready to leave. The discrepancy is Duronio's bonus was roughly the same as Duronio's son's school tuition, Wolfe said. "Maybe that's why he's upset. That's the motive, ladies and gentlemen," he said. Pain and Profit But Wolfe said Duronio had been expecting this day for many months before. And he had been plotting out the course he would take. The November and December before Duronio quit his job, he systematically went to work building the logic bomb, according to the government. Mainly working remotely on the UBS system from his home, Duronio allegedly piece-by-piece built the four separate components of the malicious code. He built the payload -- the destructive portion of the code that would tell the servers to delete all files. He also allegedly built the distribution component, which pushed the bomb from the central server in the company's data center out to the 370 branch offices scattered across the country; and the persistence component, which kept the bomb running despite reboots and any loss of power. And then to make sure there was no mistake, Wolfe said Duronio built not one, but two triggers for the logic bomb. If one trigger was accidentally discovered and deleted off the system, another one would be silently waiting to go off, setting a destructive chain of events into motion. But making the company suffer wasn't enough. Wolfe said Duronio's was a two-pronged plan. Revenge was just the first part. Profit was the second. Duronio set off on what witnesses called a pricey and risky buying spree in February 2002 - a month or less from the time the bomb would go off. He bought "puts," a high-risk, high-payoff type of trade where the buyer profits if the company stock goes down. Between Feb. 5 and the end of that month, Duronio bought 330 puts - almost all of them against UBS. He had never bought one before that month. And he never bought another one afterward. Wolfe said, in total, Duronio spent nearly $25,000 on the puts. To pay for the puts, he even cashed out the IRA he shared with his wife. In his closing, Wolfe pointed out to the jury that six business days before the logic bomb went off, Duronio bought 20 more puts. Two days before it went off, he bought 120. And then one business day before the attack, he bought 187 puts. "His brokers basically said, 'Why don't you take out your cash and put it on the fire?'" said Wolfe. "Why would he do that? Roger Duronio was 60 years old. He was a man with modest means. He had no trading history with puts." Wolfe added, "In his mind, he wasn't taking a risk.... In his mind, he wasn't gambling. He was betting on a sure thing.... He had created the perfect crime." Dismissing Conspiracies Wolfe also used his closing arguments to attempt to rebut defense theories. Chris Adams, Duronio's attorney, has argued that hackers could have been responsible for the attack. He also argued that another systems administrator, Charles Richards, did the attack, or that it was a penetration test gone awry by Cisco Systems. The attorney at different times went after the first forensics company to work on the case, @Stake, Inc., saying that they couldn't be trusted because hackers worked for the company. Then he claimed the U.S. Secret Service, called in to investigate the case, did sloppy investigative work, as did the government's forensics expert, Keith Jones. The defense's forensics expert, Kevin Faulkner, even testified that he couldn't be sure that the logic bomb was responsible for the damage to the UBS system. On Monday, Wolfe called each one of these theories red herrings, meant to throw the jury off the trail. "This case is not about Roger Duronio being the target of some conspiracy or multiple conspiracies, as a matter of fact," said Wolfe. "Remember [Adams saying] hackers are bad people? Hackers are unreliable. Hackers steal your lunch money." He said the defense's theories -- blaming hackers, Richards, Cisco and the Secret Service -- simply don't work together. One cancels out another. ''It just can't be all of them,'' Wolfe said. "But it just can't be all of them," Wolfe said. Copyright 2005 CMP Media LLC _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 11 2006 - 01:26:16 PDT