ubs painewebber

Company escapes close call with logic bomb

Wed, 20 Dec 2006 19:01:39 -0500

As many security experts have warned, the greatest danger to data and networks is the human element, especially with regards to those in the know about systems and infrastructure. A systems administrator is being charged with trying to set off a logic bomb within his company's network but was thwarted by a colleague who discovered the nasty code before any damage could be done. The allegations come close on the heels of another case where another IT professional was given an eight-year sentence for detonating a logic bomb at UBS PaineWebber.

For more on the latest bomb incident:
- read the news at TechWeb

The need for employee background checks

Sun, 10 Dec 2006 19:01:35 -0500

If you don't conduct background checks on new IT hires, you might want to change that--given the lessons learned by one enterprise that failed to do its due diligence on a newly hired IT systems admin. UBS PaineWebber learned the hard way what damage a tech expert can do if they're aiming to sabotage a company. The employee, angered over what he considered too small of a bonus, set off a logic bomb that crashed 2,000 servers and brought a halt to trading by the company's 17,000 brokers. It seems that even a quick review of the employee's background likely would have thwarted his hiring and saved the company a lot of money and grief.

For more on the need for background checks:
- read the article at InformationWeek

Lessons learned from an internal hack event

Sun, 23 Jul 2006 20:01:35 -0400

The recent trial and last week's conviction of an systems admin charged with hacking the network at employer UBS PaineWebber was prominent in the news for the past month or so. As experts relate, however, the most interesting aspect of the criminal case is hitting home now as the logic bomb event that crashed 2,0000 servers on the trading company's network is bringing some good lessons learned and best practices into play. Security pundits say the case illustrates how internal threats are just as dangerous and require just as much attention as external threats and that poor internal security can actually help malcontents pull off such malicious attacks. Companies need to shore up monitoring and auditing of network administrator's work and keep a good close eye on those who have the power, access and the skills to do such damage.

For more on beefing up internal security walls:
- read this article at InformationWeek

The scoop on stopping software bombing

Tue, 13 Jun 2006 20:01:35 -0400

The ongoing prosecution case against a man who allegedly hacked and tried to decimate UBS PaineWebber's network in 2002 is evidence that software bombing is a valid concern to today's enterprises. Yet software bombs haven't appeared much on the security radar, probably because they're typically planted by an internal malcontent. The key to stopping the threat is realizing that the bombs are usually right within sight and feature a trigger and a payload. As experts advise, more security diligence within the everyday software environment and better process control can go a long way to diffusing the risk.

For more about software bombs:
- read this article at InformationWeek