Information week has been covering the trial of a sysadmin accused of sabotaging 1,000 UBS Paine Webber servers. There is an abundance of circumstantial evidence in this case. Investigators found a printout of malicious code in the defendant’s bedroom, and the defendant bought an outstanding amount of stock puts that would benefit from a drop in UBS's price. Direct evidence, however, is from the ephemeral world of 1s and 0s: VPN logs, tape backups, and server audit trails. The defense called all these technologies into question.
Wolfe also used his closing arguments to attempt to rebut defense theories. Chris Adams, Duronio's attorney, has argued that hackers could have been responsible for the attack. He also argued that another systems administrator … did the attack, or that it was a penetration test gone awry by Cisco Systems. The attorney at different times went after the first forensics company to work on the case, @Stake Inc., saying that they couldn't be trusted because hackers worked for the company. Then he claimed the U.S. Secret Service, called in to investigate the case, did sloppy investigative work, as did the government's forensics expert. The defense's forensics expert … testified that he couldn't be sure that the logic bomb was responsible for the damage to the UBS system.
The defense went wild with conspiracy theories. When 40 people have the root password it’s easy to raise a shadow of a doubt. Even if the systems recorded biometric information, would you still trust an audit log? A rouge admin could alter any bit on a computer. The jury in this case found the defendant guily of securities and computer fraud on Wednesday. He'll face a maximum sentence of 6.5 to 8 years.
If you had to decide the fate of a person, what technologies would you trust as reliable sources of evidence?