A sysadmin who took revenge on his former employer by launching a crippling virus on to its network, has been sent to prison for eight years.
Roger Duronio had been accused of infecting between 1,000 and 2,000 PCs at US stock-broker PaineWebber, part of the Swiss banking group UBS. The attack, carried out in the form of a virus "Logic bomb", stopped the company’s 17,000 traders from being able to access their systems for the whole of the day that attack took place, 4 March 2002.
Duronio's apparent motivation had been dissatisfaction with his annual bonus, which at $32,000, was $18,000 less that he had expected on top of his annual salary of $125,000. It later emerged that he had also placed a number of "put" options on UBS stock designed to make him a profit in the event of the company’s shares falling. In the event, they didn’t.
Losses from that attack were estimated by the company to be $3.1 million from the repairs alone, with a further unknown sum to cover trading losses. As well as spending time in jail, the 64-year old network engineer has been ordered by the judge to pay an equivalent sum of $3.1 million in compensation to the bank.
"Duronio acted out of misplaced vengeance and greed. He sought to do financial harm to a company and to profit from that, but he failed on both counts. The jury recognised this, and the judge did too by imposing a sentence at the top of the applicable range," attorney Christopher Christie said.
Ironically, this is also the week in which it was announced that the same US wing of UBS is to be sued by New York attorney General for alleged brokerage fraud.
In a separate case that reinforces the perils for sysadmins who decide to take out their frustration on a former employer, one Ryan Fisher has been handed two years in prison for disrupting the services of his former employer, Utah-based wireless service provider SBT Internet.
The twenty-four year old engineer was alleged to have hacked into his former employer’s network using old passwords in order to disconnect the service of 170 wireless access point customers. He was also ordered to pay $65,000 in damages to the company.