Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jamie Lyle (Cpsc 620) December 6, 2007. Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs.

Published byJulianna Conley Modified over 8 years ago

Similar presentations

Presentation on theme: "Jamie Lyle (Cpsc 620) December 6, 2007. Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs."— Presentation transcript:

1 Jamie Lyle (Cpsc 620) December 6, 2007

2 Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs

3 Definition  Malicious program designed to violate security policy when some outside criteria is met

4 Example external critera  Certain amount of time passes without an event happening  Check of a database reveals a certain state  Just a certain time  Lack of deactivation  Any combination you can think of

5 Roger Duronio- the story  Systems administrator at UBS PaineWebber in New Jersey  Dissatisfied with wages and bonuses  Resigned Feb. 22, 2002

6 UBS PaineWebber – the story  March 4, 2002  Servers went down  Backups were unavailable  Files were lost  Over 400 branch offices around the nation were affected

7 The Bomb - the story  Logic bomb had been installed on 2/3 of the company’s 1,500 machines  Purpose: to delete all the files in the host server in the central data centre and then every server in every branch  Estimated $3.1 million in damage from the attack

8 Back to Roger – the story  Duronio’s user account used to develop and install the crippling logic bomb  Direct link between Duronio’s home computer and the creation of the bomb  Follow the money

9 Still Roger – the story  Went to his broker’s office, fuming to get even  Purchased $23,000 worth of stock options in UBS PaineWebber  Stood to gain a lot of money if the stock dropped

10 UBS PaineWebber – the story  Managed to keep news of the successful attack from spreading  Stock prices didn’t drop

11 Conclusion of the story  July 2006  Duronio denies all charges  Accuses UBS PaineWebber and its investigators of destroying evidence  Jury found Duronio guilty of one count of securities fraud and one count of computer fraud

12 Conclusion of the story  Sentenced to 97 months in prison  $3.1 million in restitution to UBS PaineWebber

13 Defenses  Hire the right people and treat them right  Technologies also available  Monitoring programs  Network surveillance programs  Properly enforced policies and procedures on software development  Proper backups for recovery

14 Wrap up  It’s hard to stop a determined individual who has access to the system.  Any Questions?

Download ppt "Jamie Lyle (Cpsc 620) December 6, 2007. Overview  Logic Bombs  The story of Roger Duronio and UBS PaineWebber  Defenses against logic bombs."

Similar presentations

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Cyber Crimes: Online Ticketing Fraud By: Erin Dobbs, Blaine Skrainka, Nick Worth, Kyle Stamper, Suzy Kiska.

Cyber Crimes: Online Ticketing Fraud By: Erin Dobbs, Blaine Skrainka, Nick Worth, Kyle Stamper, Suzy Kiska.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.

Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.

Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.
General Awareness Training

General Awareness Training
Viruses.

Viruses.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Similar presentations

Ads by Google