User Account

All Pages

Security standards have on the rise of cyber attacks

Assignment Help Operation Management
Reference no: EM131729749

Closing Case UBS PAINEWEBBER’S BUSINESS OPERATIONS DEBILITATED BY MALICIOUS CODE Employee (Allegedly) Planned to Crash All Computer Networks In June 2006, a former systems administrator at UBS PaineWebber, Roger Duronio, 63, was charged with building, planting, and setting off a software logic bomb designed to crash the network. His alleged motive was to get revenge for not being paid what he thought he was worth. He designed the logic bomb to delete all the files in the host server in the central data center and in every server in every U.S. branch office. Duronio was looking to 380 381 make up for some of the cash he felt he had been denied. He wanted to take home $175,000 a year. He had a base salary of $125,000 and a potential annual bonus of $50,000, but the actual bonus was $35,000. Duronio quit his job, went to a broker within hours, and bought stock options that would only pay out if the company’s stock plunged within 11 days. By setting a short expiration date of 11 days instead of a year, the gain from any payout would be much greater. He tried to ensure a stock price crash by crippling the company’s network to rock their financial stability. His “put” options expired worthless because the bank’s national network did go down, but not UBS stock. Discovering the Attack In a federal court, UBS PaineWebber’s IT manager Elvira Maria Rodriguez testified that on March 4, 2002, at 9:30 A.M. when the stock market opened for the day, she saw the words cannot find on her screen at the company’s Escalation Center in Weehawken, New Jersey. She hit the enter key to see the message again, but her screen was frozen. Rodriguez was in charge of maintaining the stability of the servers in the company’s branch offices. When the company’s servers went down that day in March 2002, about 17,000 brokers across the country were unable to make trades; the incident affected nearly 400 branch offices. Files were deleted. Backups went down within minutes of being run. Rodriguez, who had to clean up after the logic bomb, said, “How on earth were we going to bring them all back up? How was this going to affect the company? If I had a scale of 1 to 10, this would be a 10-plus.” The prosecutor, Assistant U.S. Attorney V. Grady O’Malley, told the jury: “It took hundreds of people, thousands of man hours and millions of dollars to correct.” The system was offline for more than a day, and UBS PaineWebber (renamed UBS Wealth Management USA in 2003) spent about $3.1 million in assessing and restoring the network. The company did not report how much was lost in business downtime and disruption. Tracking Down the Hacker A computer forensics expert testified that Duronio’s password and user account information were used to gain remote access to the areas where the malicious code was built inside the UBS network. The U.S. Secret Service agent who had investigated the case found a hard copy of the logic bomb’s source code on the defendant’s bedroom dresser. A computer forensics investigator found electronic copies of the code on two of his four home computers. Defense Blames UBS Security Holes Chris Adams, Duronio’s defense attorney, offered another scenario. Adams claimed that the code was planted by someone else to be a nuisance or prank. Adams also said the UBS system had many security holes and backdoors that gave easy access to attackers. Adams told the jury: UBS computer security had considerable holes. There are flaws in the system that compromise the ability to determine what is and isn’t true. Does the ability to walk around in the system undetected and masquerade as someone else affect your ability to say what has happened? He also claimed that UBS and @Stake, the first computer forensics company to work on the incident, withheld some information from the government and even destroyed some of the evidence. As for the stock options, Adams explained that they were neither risky bets nor part of a scheme, but rather a common investment practice. Disaster Recovery Efforts While trying to run a backup to get a main server up and functional, Rodriguez discovered that a line of code (MRM-r) was hanging up the system every time it ran. She renamed the command to hide it from the system and rebooted the server. This action stopped the server from deleting anything else. After testing to confirm the fix, backup tapes brought up the remaining 2,000 servers, and the line of code was deleted from each one. Restoring each server took from 30 minutes to 2 hours unless there was a complication. In those cases, restoration took up to 6 hours. UBS called in 200 IBM technicians to all the branch offices to expedite the recovery. Many of the servers were down a day and a half, but some servers in remote locations were down for weeks. The incident impacted all the brokers who were denied access to critical applications because the servers were down. 381 382 Minimizing Residual Damages UBS asked the judge to bar the public from Duronio’s trial to avoid “serious embarrassment” and “serious injury” to the bank and its clients and possibly reveal sensitive information about the UBS network and operations. UBS argued that documents it had provided to the court could help a criminal hack into the bank’s computer systems to destroy critical business information or to uncover confidential client information. Duronio faced federal charges, including mail fraud, securities fraud, and computer sabotage, which carry sentences of up to 30 years in jail, $1 million in fines, and restitution for recovery costs. Sources: Compiled from Gaudin (2006) and Whitman (2006). Class, the UBS PaineWebber Case is an example of what can happen when an employee (or someone who has inside access) decides to harm a business. Too many news stories contain similar situation, as such, we should be aware of the potential and prepare to prevent or mitigate adverse effects.

Questions 1. Do you agree with the defense lawyer's argument that anyone could have planted the logic bomb because UBS's computer security had considerable holes.

2. Given the breadth of known vulnerabilities, what sort of impact will any set of security standards have on the rise of cyber attacks?

Reference no: EM131729749

Questions Cloud

Specific language about transportation requirements : You write a contract that contains specific language about transportation requirements,
Differentiate between the various tools and tactics : Differentiate between the various tools and tactics for attacking network security monitoring and the considerations involved in incident response.
Are the ties in this network of yours primarily strong-weak : Are the ties in this network of yours primarily strong or weak? Explain.
Discuss problem related to industrial marketing management : Humor in magazine ads. Industrial Marketing Management (1993) published the results of a study of humor in trade magazine advertisements.
Security standards have on the rise of cyber attacks : Given the breadth of known vulnerabilities, what sort of impact will any set of security standards have on the rise of cyber attacks?
Confidence and convince the jury that you are correct : Even if you are technically proficient, if you cannot speak with confidence and convince the jury that you are correct, you will fail in your task as an expert.
How often he tells his employees how to do their jobs : Shravan, President of Apex Door, has a problem. No matter how often he tells his employees how to do their jobs,
The lines of communication and encourage inclusive : The president asks you to create an action plan. She feels that the college needs to open the lines of communication and encourage inclusive,
Why the experimental design is a randomized block design : Mosquito insecticide study. A species of Caribbean mosquito is known to be resistant against certain insecticides. The effectiveness of five different types.

Reviews

Write a Review

Operation Management Questions & Answers

  Layout design problem encountered

identify states A and B for layout design problem encountered in one of the following situations of the following situations

  Discuss current supply chain system at dimco

Independent caterers have more flexibility than o r types of businesses offering catering services. Discuss current supply chain system at DIMCO.

  What is your estimate of the stock current price

A company currently pays a dividend of $3.5 per share (D0 = $3.5). It is estimated that the company's dividend will grow at a rate of 17% per year for the next 2 years, then at a constant rate of 8% thereafter. The company's stock has a beta of 1.5, ..

  Your evaluation should do which of the following things

Your evaluation should do which of the following things (check all that apply):

  Leave personal comment

Leave a personal comment. Make a connection with a person with whom you have a professional interest. Then, visit their profile and see what the other person has to offer. Leave a professional comment about them. If a person is a real estate agent, t..

  Workstation must operate to breakeven

Calculate the hours per year that this workstation must operate to breakeven.

  Research the impact of global shipping

Research the impact of global shipping and receiving at ports around the world. What policy has been added to this field? What laws have been changed? Describe best practices in global shipping and receiving at ports in your own words, supported b..

  Erp system to integrate health care and financial data

Hospital is Implementing new ERP system to integrate Health Care-Financial data. Identify three different types of architecture that hospital can put in place

  Identify multiple business pressures on xerox

Identify multiple business pressures on Xerox. Describe some of the company's response strategies. Identify the role of IT as a contributor to the business technology pressures

  Characteristics included in establish self-directed

Identify and explain the successful characteristics included in establishing self-directed, high-performing teams.

  Demand is normally distributed with a standard deviation

The manager of the Quick Stop convenience store (which never closes) sells 24 six packs of Fizzy soda each day. Order costs are $8.00 per order, and Fizzy soda costs $4.00 per six-pack. Holding costs are $1 per six pack. Orders arrive five days from ..

  Important for there to be collaboration among universities

Why do you think that it is important for there to be collaboration among universities today? Please provide at least three reasons. What are the competitive problems of the United States today? Please explain why each is a problem.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd