Jamie Lyle (Cpsc 620) December 6, 2007. Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs.

Slides:



Advertisements
Similar presentations
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Advertisements

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Cyber Crimes: Online Ticketing Fraud By: Erin Dobbs, Blaine Skrainka, Nick Worth, Kyle Stamper, Suzy Kiska.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Unit 18 Data Security 1.
Appendix B: Designing Policies for Managing Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Lecture 11 Reliability and Security in IT infrastructure.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Incident Response Updated 03/20/2015
Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.
General Awareness Training
Viruses.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Presented For Moana Co. March 1, 2013 NaluHou. Definition of standard application vs. cloud computing Pros and Cons of Microsoft Office vs. Google Apps.
Security Architecture
 a crime committed on a computer network, esp. the Internet.
Module 11: Remote Access Fundamentals
Viruses, Hacking and Backups By Katie Louise Bieber!
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Viruses Articles Article 1 - Computer virus hits second energy firm Article 2 - Online bank robbers face.
NETWORK ADMINISTRATOR. EXAMPLES OF SOME COMPUTING RELATED CAREERS Multimedia Artist / Graphics Artist Information System Manager Computer Scientist Network.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CPT 123 Internet Skills Class Notes Internet Security Session A.
Information: Policy, Strategy and Systems Module Overview
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
How to Aggressively Create Money!!! Gene Eller, Brian Finlay, Christine Tilling The WorldCom Way!!!
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
By Liam Wright Manga comic group Japan SAFETY on your computer.
INTERNAL CONTROLS What are they? Why should I care?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Network Topologies.
Chapter Two Introduction to Information Technology Prepared by: Eman Amer.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Creating and Managing Networks CSC February, 1999.
By: Ashley, Sabiha, and Roshaan. Software Piracy is the unauthorized copying of software. By buying the software, you become a licensed user rather than.
Whats it all about?.  C omputer crime refers to any crime that involves a computer and a network. The computer may have been used in the commission of.
Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
UNIT V Security Management of Information Technology.
Networking Objectives Understand what the following policies will contain – Disaster recovery – Backup – Archiving – Acceptable use – failover.
Answer the questions to reveal the blocks and guess the picture.
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Administering Your Network
Chapter 22: Malicious Logic
Bethesda Cybersecurity Club
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Incident response and intrusion detection
BACHELOR’S THESIS DEFENSE
Security week 1 Introductions Class website Syllabus review
Engineering Secure Software
Introduction to the PACS Security
Presentation transcript:

Jamie Lyle (Cpsc 620) December 6, 2007

Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs

Definition  Malicious program designed to violate security policy when some outside criteria is met

Example external critera  Certain amount of time passes without an event happening  Check of a database reveals a certain state  Just a certain time  Lack of deactivation  Any combination you can think of

Roger Duronio- the story  Systems administrator at UBS PaineWebber in New Jersey  Dissatisfied with wages and bonuses  Resigned Feb. 22, 2002

UBS PaineWebber – the story  March 4, 2002  Servers went down  Backups were unavailable  Files were lost  Over 400 branch offices around the nation were affected

The Bomb - the story  Logic bomb had been installed on 2/3 of the company’s 1,500 machines  Purpose: to delete all the files in the host server in the central data centre and then every server in every branch  Estimated $3.1 million in damage from the attack

Back to Roger – the story  Duronio’s user account used to develop and install the crippling logic bomb  Direct link between Duronio’s home computer and the creation of the bomb  Follow the money

Still Roger – the story  Went to his broker’s office, fuming to get even  Purchased $23,000 worth of stock options in UBS PaineWebber  Stood to gain a lot of money if the stock dropped

UBS PaineWebber – the story  Managed to keep news of the successful attack from spreading  Stock prices didn’t drop

Conclusion of the story  July 2006  Duronio denies all charges  Accuses UBS PaineWebber and its investigators of destroying evidence  Jury found Duronio guilty of one count of securities fraud and one count of computer fraud

Conclusion of the story  Sentenced to 97 months in prison  $3.1 million in restitution to UBS PaineWebber

Defenses  Hire the right people and treat them right  Technologies also available  Monitoring programs  Network surveillance programs  Properly enforced policies and procedures on software development  Proper backups for recovery

Wrap up  It’s hard to stop a determined individual who has access to the system.  Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.