A 64 year old disgruntled employee planted a logic bomb, got caught and will spend the next 8 years in the slammer. That’s exactly the kind of attack that’s really tough to defend against. It’s a perfect example of how disgruntled employees can very easily cause major damage. In this case the guy wasn’t smart enough to cover his tracks but yet he still caused disruption to the company’s service.

How could this happen? Without knowing more about the case, I bet that he was most likely “root” on all the servers he compromised. Things like system based Role Based Access Control (RBAC) have been around for a long time but yet in most IT shops everybody is still running around with the root password. The results are story’s like the one below.

NEW YORK (Reuters) - A former UBS PaineWebber employee was sentenced to eight years in prison on Wednesday for planting a computer “logic bomb” on company networks and betting its stock would go down.

The investment scheme backfired when UBS stock remained stable after the computer attack and Roger Duronio lost more than $23,000.

A federal judge in New Jersey sentenced Duronio, 64, to 97 months in prison and ordered him to make $3.1 million in restitution to his former employer, the U.S. attorney’s office said in a statement.

Duronio was convicted on July 19 of one count of securities fraud and one count of computer fraud in the 2002 case.

Duronio quit his job as a systems administrator in February 2002 after repeatedly expressing dissatisfaction about his salary and bonuses, the statement said.

He then planted malicious computer code known as a “logic bomb” in about 1,000 of PaineWebber’s approximately 1,500 networked computers in branch offices. On March 4, 2002, the “bomb” detonated and began deleting files.

Duronio attempted to profit from the attack, the statement said. He bought more than $23,000 in put option contracts for UBS AG stock, betting the stock’s price would go down after his “logic bomb” went off.

But, according to testimony at his trial, the stock remained stable after the computer attack and Duronio lost all of his investment.

link to full story: http://news.yahoo.com/s/nm/20061213/us_nm/usa_crime_hacker_dc

Enter your email address to get Hack Report news via email:

No Comments

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a comment

Name (required)

Mail (will not be published) (required)

Website