From: InfoSec News (alertsinfosecnews.org)
Date: Tue Jul 11 2006 - 03:07:19 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.informationweek.com/news/showArticle.jhtml?articleID=190301972

By Sharon Gaudin
InformationWeek
July 10, 2006

Newark - In closing arguments, the prosecution told the jury Monday that
the former systems administrator accused of planting a logic bomb on the
UBS PaineWebber network four years ago thought he had committed the
perfect crime -- mixing revenge with a scheme to cash in on the
destruction he was causing.

Assistant U.S. Attorney Mauro Wolfe gave his closing arguments to the jury
in U.S. District Court here for more than two hours Monday. He told jurors
that Roger Duronio, the defendant in this computer sabotage case, was the
man with the motive, the means and the ability to do the crime. And on top
of that, copies of the trigger for the logic bomb were found in his home.

Duronio faces four federal criminal charges in connection with the March
4, 2002 attack on UBS that took down nearly 2,000 servers and crippled its
brokers' ability to do business. The trial has moved into its sixth week.
The defense will have its turn at closing arguments Tuesday morning, and
then the government will have an opportunity for a shorter rebuttal
argument.

"In [Duronio's] mind, this was a gold mine," Wolfe told the jury. "The
person who planted the logic bomb is the same person who intended to
profit from it.... Let's make it clear. We submit to you ... the person
who committed this crime is sitting right there. It's Roger Duronio."

Wolfe walked the jury through five weeks worth of witnesses and the
evidence they presented. Laying out the government's case, he said Duronio
was a dangerous combination of disgruntled employee and a man in financial
straits. And those two aspects intersected when Duronio learned in the
fall of 2001 that he would not be receiving the maximum annual bonus that
he had been expecting. Needing the money for his son's tuition at NYU, an
angry Duronio began building the code that would punish UBS at the same
time it created a windfall for him and his family.

"Roger Duronio believed he was entitled to a certain compensation, even
though the company wasn't doing well after Sept. 11," said Wolfe. "He
still felt he was entitled. He was better than everybody. He was smarter
than everybody."

Wolfe reminded the jury about the testimony of Rajeev Khanna, manager for
UBS's Unix Systems Group at the time of the attack. Khanna had told the
jury that Duronio went to him in 2000, saying he had "cash flow problems"
and asking for a pay increase. Khanna said he had liked Duronio and went
to bat for him, even though it was mid-year and an unusual time to ask
for, or give out, a pay raise. Khanna got Duronio a $10,000 bump in
salary. But Wolfe was quick Monday to remind the jury that Duronio had not
been satisfied with it.

"It wasn't good enough," Wolfe told the jury. "The seeds were planted. He
wasn't happy with what he was taking home."

Feb. 22, 2002 was the day the bonuses were handed out and for Duronio, it
was the last straw, according to Wolfe.

Duronio's bonus was about $15,000 shy of the maximum. While that meant he
would take home about $160,000 that year, it was not the full $175,000 he
had wanted. Angry, he went to Khanna and demanded a contract for the full
$175,000, telling his supervisor that without a contract that very day, he
would quit his job, Khanna testified earlier in the trial. The supervisor
tried to get Duronio the contract but it didn't go through and when he
went to tell the bad news to Duronio, Khanna saw that his systems
administrator had already packed his things and was ready to leave.

The discrepancy is Duronio's bonus was roughly the same as Duronio's son's
school tuition, Wolfe said. "Maybe that's why he's upset. That's the
motive, ladies and gentlemen," he said.

Pain and Profit

But Wolfe said Duronio had been expecting this day for many months before.
And he had been plotting out the course he would take.

The November and December before Duronio quit his job, he systematically
went to work building the logic bomb, according to the government.

Mainly working remotely on the UBS system from his home, Duronio allegedly
piece-by-piece built the four separate components of the malicious code.
He built the payload -- the destructive portion of the code that would
tell the servers to delete all files. He also allegedly built the
distribution component, which pushed the bomb from the central server in
the company's data center out to the 370 branch offices scattered across
the country; and the persistence component, which kept the bomb running
despite reboots and any loss of power. And then to make sure there was no
mistake, Wolfe said Duronio built not one, but two triggers for the logic
bomb. If one trigger was accidentally discovered and deleted off the
system, another one would be silently waiting to go off, setting a
destructive chain of events into motion.

But making the company suffer wasn't enough.

Wolfe said Duronio's was a two-pronged plan. Revenge was just the first
part. Profit was the second.

Duronio set off on what witnesses called a pricey and risky buying spree
in February 2002 - a month or less from the time the bomb would go off. He
bought "puts," a high-risk, high-payoff type of trade where the buyer
profits if the company stock goes down. Between Feb. 5 and the end of that
month, Duronio bought 330 puts - almost all of them against UBS. He had
never bought one before that month. And he never bought another one
afterward.

Wolfe said, in total, Duronio spent nearly $25,000 on the puts. To pay for
the puts, he even cashed out the IRA he shared with his wife. In his
closing, Wolfe pointed out to the jury that six business days before the
logic bomb went off, Duronio bought 20 more puts. Two days before it went
off, he bought 120. And then one business day before the attack, he bought
187 puts.

"His brokers basically said, 'Why don't you take out your cash and put it
on the fire?'" said Wolfe. "Why would he do that? Roger Duronio was 60
years old. He was a man with modest means. He had no trading history with
puts."

Wolfe added, "In his mind, he wasn't taking a risk.... In his mind, he
wasn't gambling. He was betting on a sure thing.... He had created the
perfect crime."

Dismissing Conspiracies

Wolfe also used his closing arguments to attempt to rebut defense
theories. Chris Adams, Duronio's attorney, has argued that hackers could
have been responsible for the attack. He also argued that another systems
administrator, Charles Richards, did the attack, or that it was a
penetration test gone awry by Cisco Systems. The attorney at different
times went after the first forensics company to work on the case, Stake,
Inc., saying that they couldn't be trusted because hackers worked for the
company. Then he claimed the U.S. Secret Service, called in to investigate
the case, did sloppy investigative work, as did the government's forensics
expert, Keith Jones.

The defense's forensics expert, Kevin Faulkner, even testified that he
couldn't be sure that the logic bomb was responsible for the damage to the
UBS system.

On Monday, Wolfe called each one of these theories red herrings, meant to
throw the jury off the trail.

"This case is not about Roger Duronio being the target of some conspiracy
or multiple conspiracies, as a matter of fact," said Wolfe. "Remember
[Adams saying] hackers are bad people? Hackers are unreliable. Hackers
steal your lunch money." He said the defense's theories -- blaming
hackers, Richards, Cisco and the Secret Service -- simply don't work
together. One cancels out another. ''It just can't be all of them,'' Wolfe
said. "But it just can't be all of them," Wolfe said.

Copyright 2005 CMP Media LLC

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]