NEWARK, N.J.--Federal prosecutors opened their case against former UBS PaineWebber systems administrator Roger Duronio on Tuesday by calling to the stand a woman who had to clean up the logic bomb he allegedly set off.
IT manager Elvira Maria Rodriguez told the court she arrived at work at the company's Escalation Center in Weehawkin, N.J., at 8:30 or 9 a.m. on March 4, 2002, expecting nothing out of the ordinary. She logged into the system and phoned into the weekly Monday-morning conference call.
But just as it turned 9:30 and the stock market was opening for the day, Rodriguez, who was in charge of maintaining the stability of the servers in the company's branch offices, heard her computer beep. She turned to look at it and saw the words "cannot find" on her screen. She hit "enter" to see the message again but her screen was frozen.
Then she glanced at her phone and saw that 60 calls had come in all at once.
On any other day, she might have two or three calls on hold at one time.
But this wasn't going to be any other day.
This was the day when 2,000 of the company's servers went down, leaving about 17,000 brokers across the country unable to make trades. Nearly 400 branch offices were affected. Files were deleted. Backups went down within minutes of being run. The system was offline for more than a day, and UBS PaineWebber -- which was renamed UBS Wealth Management USA in 2003 -- spent about $3.1 million in assessing and restoring the network. Executives at the company haven't reported how much was lost in business downtime.
"It was pretty unbelievable," said Rodriguez, who was the first witness for the prosecution. "It was the magnitude of it. How on earth were we going to bring them all back up? How was this going to affect the company? If I had a scale of one to 10, this would be a 10-plus."
The Prosecution's Case
Federal prosecutors charge that Duronio, a former systems administrator at UBS PaineWebber, planted malicious code -- what they're calling a logic bomb -- on the company's network.
Assistant U.S. Attorney V. Grady O'Malley told jurors that Duronio, 63, of Bogota, N.J., sought revenge against his employer by building, planting, and disseminating the logic bomb, which was designed to delete all the files in the host server in the central data center and in every server in every U.S. branch office. But more importantly, according to O'Malley, was the fact that Duronio was looking to make up for some of the cash he felt he'd been denied.
Duronio allegedly wanted to take home $175,000 a year. The government says he had a base salary of $125,000 and stood to get a maximum annual bonus of $50,000. But the bonus came in shy of his expectations -- $18,000 shy.
"If he wasn't going to receive that, he was going to level a catastrophe against UBS that would rock their financial stability -- and that would get him the biggest payday of his life," O'Malley told the jury at U.S. District Court in Newark.
Duronio is facing federal charges, including mail fraud, securities fraud, and computer sabotage. If convicted, he could be sentenced to a maximum 30 years, fines of up to $1 million, and restitution for the money UBS spent on recovery. Opening statements kicked off in his trial Tuesday morning.
Bet The IRA
The government contends Duronio built and planted the malicious code months ahead of time and then bought stock options -- using money that he got cashing out his and his wife's $20,000 IRA -- that would only pay out if the company's stock took a dive within 11 days. By laying out a short expiration date -- 11 days instead of maybe a year or two -- the gain from any payout would be much greater.
O'Malley said Duronio planned on making sure that that's exactly what would happen, by crippling the company's network.
"He knew something everyone else didn't know," O'Malley told the jury. "As he was escorted out the door [on the day he quit], there was working in the UBS system a time bomb. Within an hour or so, he was in a broker's office making bets that UBS would take a dive."
While the network did go down, UBS's stock didn't, and the gamble didn't pay off, said O'Malley.
The prosecutor told the jury he'll put on the stand a computer forensics expert who will show that Duronio's password and user account information were used to gain remote access to the areas where the malicious code was built inside the UBS network. And he'll also call to the stand the U.S. Secret Service agent who investigated the case. The agent executed a warrant on March 21, 2002, and allegedly found hard copy of the logic bomb's source code on the defendant's bedroom dresser. The Secret Service also allegedly found the source code on two of his four home computers.
'Unsophisticated, Sophomoric Prank'
Chris Adams, Duronio's defense attorney and a partner at Walder Hayden & Brogan in Roseland, N.J., says the government has it all wrong. In his opening statements, Adams said not only does the government have the wrong man, but he added that what he called the "unsophisticated and sophomoric" code was most likely planted as a prank -- and definitely by someone else.
"Its only goal was to be a nuisance, like a virus," said Adams, who also said the UBS system was riddled with security holes and backdoors that could have offered easy access to attackers.
"UBS computer security had considerable holes," Adams told the jury. "There are flaws in the system that compromise the ability to determine what is and isn't true. Does the ability to walk around in the system undetected and masquerade as someone else affect your ability to say what has happened?"
Adams went a step further in his opening statements, saying UBS and @Stake, the first forensic company called in to work on the problem, withheld some information from the government and even "destroyed" some of the evidence.
As for the stock options that Duronio bought, Adams said they weren't risky bets or part of a scheme. "They are a common investment practice," he added. "It's not betting."
The Day Of The Attack
On the day of the attack, Rodriguez said that at one point there was "chaos" in the UBS Escalation Center. Systems administrators and other IT workers were streaming into the offices there, asking questions and making suggestions. A room that normally sees six or seven workers was suddenly teeming with 20 or 30 by midmorning. By noon, she says there were maybe 50 people working on the downed network. Just an hour later, there were hundreds involved across the country.
Rodriguez said while trying to run a backup to get a main server up and running again, she discovered a piece of code (MRM -r) that seemed to hang the system up every time it ran. ''We renamed the command so the system wouldn't find it," she explained. "We let the server reboot then and it came back up and didn't delete anything."
Once she had the code isolated, she tested her theory and started pushing the change out to all the branch offices. Two thousand servers needed to be brought back up using the backup tapes and cutting out this line of code. And it was going to take a lot of time. To restore one type of server, it might take 30 to 60 minutes. To restore another type -- which actually made up two-thirds of the downed servers -- it took closer to two hours. If there were problems, that timeframe was extended to four or six hours.
To get the job done as soon as possible, UBS called in 200 IBM techs to head out to all the branch offices.
"Every branch was having problems," she said. "Every single broker was complaining. They couldn't log on to their desktops and [get to] their applications because the servers were down. The brokers might have been able to make some calls to friend brokers, but my understanding was that trading was not doable."
Many of the servers were down that whole day and part of the next. Some servers in remote locations were down for weeks.
Arguments in the case will continue Wednesday morning.
Become a member to take advantage of more features, like commenting and voting.
Register or sign in today!