1 / 14

Logic Bombs: A closer look

Jamie Lyle (Cpsc 620) December 6, 2007. Logic Bombs: A closer look. Overview. Logic Bombs The story of Roger Duronio and UBS PaineWebber Defenses against logic bombs. Definition. Malicious program designed to violate security policy when some outside criteria is met.

ike
Download Presentation

Logic Bombs: A closer look

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jamie Lyle (Cpsc 620) December 6, 2007 Logic Bombs: A closer look

  2. Overview • Logic Bombs • The story of Roger Duronio and UBS PaineWebber • Defenses against logic bombs

  3. Definition • Malicious program designed to violate security policy when some outside criteria is met

  4. Example external critera • Certain amount of time passes without an event happening • Check of a database reveals a certain state • Just a certain time • Lack of deactivation • Any combination you can think of

  5. Roger Duronio - the story • Systems administrator at UBS PaineWebber in New Jersey • Dissatisfied with wages and bonuses • Resigned Feb. 22, 2002

  6. UBS PaineWebber – the story • March 4, 2002 • Servers went down • Backups were unavailable • Files were lost • Over 400 branch offices around the nation were affected

  7. The Bomb - the story • Logic bomb had been installed on 2/3 of the company’s 1,500 machines • Purpose: to delete all the files in the host server in the central data centre and then every server in every branch • Estimated $3.1 million in damage from the attack

  8. Back to Roger – the story • Duronio’s user account used to develop and install the crippling logic bomb • Direct link between Duronio’s home computer and the creation of the bomb • Follow the money

  9. Still Roger – the story • Went to his broker’s office, fuming to get even • Purchased $23,000 worth of stock options in UBS PaineWebber • Stood to gain a lot of money if the stock dropped

  10. UBS PaineWebber – the story • Managed to keep news of the successful attack from spreading • Stock prices didn’t drop

  11. Conclusion of the story • July 2006 • Duronio denies all charges • Accuses UBS PaineWebber and its investigators of destroying evidence • Jury found Duronio guilty of one count of securities fraud and one count of computer fraud

  12. Conclusion of the story • Sentenced to 97 months in prison • $3.1 million in restitution to UBS PaineWebber

  13. Defenses • Hire the right people and treat them right • Technologies also available • Monitoring programs • Network surveillance programs • Properly enforced policies and procedures on software development • Proper backups for recovery

  14. Wrap up • It’s hard to stop a determined individual who has access to the system. • Any Questions?

More Related