It was 9:30 on the morning of March 4, 2002, and something was terribly wrong at the offices of PaineWebber UBS. Computers in branches all over the country began showing disc errors. A logic bomb buried deep within the machines had wiped their hard drives clean, preventing 17,000 brokers from making trades.
"It was six months after 9/11," says Keith Jones, co-principal of Jones Dykstra and Associates, a computer forensics and expert witness firm. "Back then if anyone so much as sneezed, you thought 'terrorism.'"
The IT staff located the backups and restored the first batch of machines. They got wiped again. The logic bomb had propagated to the backups. The brokers gave up on their computers and went to their other backup plan: paper and pencils. UBS tech staff ultimately figured out how to bypass the bomb and restore computer access, but it was weeks before the company was back to normal. More than $3 million in damage had been done.
The culprit: Roger Duronio, a 60-year-old systems administrator. Unhappy about not receiving compensation he'd been promised, Duronio planted the logic bomb on more than 1,000 Unix machines throughout the company. He then shorted the company's stock, hoping to capitalize financially as PaineWebber's share price dropped. Instead he was convicted of computer sabotage and securities fraud. He's now serving an eight-year sentence.
Other cases speak less of revenge and more of IT workers simply cracking under stress -- such as the saga of Terry Childs, a network administrator for the city of San Francisco who became frustrated by his manager's lack of technical expertise and withheld administrative access to parts of the city's network. That particular incident appears to have been a freak-out rather than a premeditated criminal act. But either way, disgruntled IT workers -- battered by interminable hours and impossible demands -- pose a greater threat than ever.
For every Duronio or Childs that makes it into the press, there are 98 others you never hear about, says Jones, who was a key government witness in the Duronio case.
"People don't realize just how much access senior IT people have," says his partner Brian Dykstra. "The vast majority of system admins don't abuse their privileges -- even if they wanted to, they're too busy. But when someone does go over the edge, they have the ability to do a great deal of damage."
And the consequences can be devastating.
Many Millennials unaware of or ignoring corporate IT rules
Struggling Sun faces difficult choices about future
Citigroup's 52,000 layoffs will impact IT
With Sun's job cuts, tech sector layoffs in '08 hit 140,000
MIT's JoAnne Yates on information overload, 'CrackBerry' addicts and the 'always online' life
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Your organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
Buying Guides
Latest Products
