The trial of a systems administrator found guilty last week of attacking the network he was supposed to protect sent a clear message: No matter what security you have in place, it's probably not enough to protect your network from one of your own.
That was the case for UBS PaineWebber, which was hit by a logic bomb in March 2004. A jury found Roger Duronio guilty of computer sabotage for building, planting, and distributing the malicious code that brought down nearly 2,000 servers. Prosecutors maintained that Duronio, who had worked at UBS for about three years, was unhappy because his annual bonus was lower than he'd expected.
The jury also found Duronio guilty of securities fraud because he bought nearly $25,000 worth of put options on UBS stock in the weeks before the attack. Put options pay only if the stock takes a dive. Duronio was counting on the attack pushing UBS's stock price down, giving him a windfall that would make up for his bonus shortfall and fix his reported financial problems, prosecutors said.
Duronio was acquitted on two charges of mail fraud.
Assistant U.S. Attorney Mauro Wolfe, the lead prosecutor on the case, says he will push for the maximum sentence of six and a half to eight years in federal prison because of the "egregiousness" of the crime. Duronio is set to be sentenced on Oct. 30.