Paine Webber – Logic Bomb
In the Summer of 2006, Roger Duronio, a 63 year old systems administrator was convicted of and found guilty of computer sabotage and securities fraud. While this may sound like the fodder for a grade B movie like “The Office”, his actions showed all too clearly the damage that a disgruntled employee can do. When Mr. Duronio was denied the bonus that he had anticipated, he planted a “logic bomb.”
A logic bomb is a program or even merely small sections of code that may be embedded into a much larger body of code. The program is fairly innocuous, tends not to be noticed and will do no hard until the triggering event occurs.
This event can be time, as in after a certain amount of time the program will trigger. It can be triggered by activity or inactivity. Say for instance an employee doesn’t log into his or her account for a prolonged period of time, this can be a triggering event.In the Duronio case, when he was fired, he put in place lines of code that would cripple the servers and networks of the investment firm Paine Webber.With Mr. Duronio being aware of the impact that the breakdown of Paine Webber’s network would cause, he invested his IRA and had planned to profit from the declining stock prices.
However, while the attack brought down over 1,000 of the firm’s 1,500 computers it did not do the damage that Mr. Duronio had planned, as the company did not divulge the system failures and there wasn’t the ensuing panic that Mr. Duronio had planned on.
Mr. Duronio was subsequently sentenced to 97 months in federal prison, and ordered to pay restitution.