Slashdot Mirror
2.5 Years in Jail for Planting 'Logic Bomb'
cweditor writes "A former Medco Health systems administrator was sentenced to 30 months in federal prison and ordered to pay $81,200 in restitution for planting a logic bomb on a network that held customer health care information. The code was designed to delete almost all information on about 70 company servers. This may be longest federal prison sentence for trying to damage a corporate computer system, although Yung-Hsun Lin faced a maximum of 10 years." How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
Attempted Physics? I think not!
How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
:D
Maybe then they'll fear us MWUAHAHAHAHAHHAA
This is the sig that says NI (again)
Ehm, I don't think the disgruntled sysadmin will ever really enter the zeitgeist. If a company has good IT policies and practices in place, the disgruntled sysadmin really isn't that big of a problem.
In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.
What I want to know is: Why would a sysadmin do things like planting a logic bomb anyway? I mean, we're talking about your PROFESSIONAL REPUTATION here. This guy's never gonna work in IT again.
My blog
Why so destructive? I would be way more effective to place a "corrupter" on the network. Instead of destroying the data, let it gradually corrupt the data. Way more damage, and probably much harder to recover from with backups.
so would everyone in the blast radius of this 'logic bomb' be hit with a blast of reason and common sense?
would those affected begin acting rationally?
maybe the courts would wake up and start letting the common people win for a change.
i think we need more of these logic bombs.
live long and prosper, logic bomber...
-I only code in BASIC.-
...part of a sysadmin's job description?
GetOuttaMySpace - The Anti-Social Network
We all have thought about planting a Dead Man Switch. The difference between us and this guy is the same difference between saying you want to kill someone and actually doing it. This guy sucks and deserves prison and to be banned from the workplace. As a Unix Engineer who has survived and been part of layoffs in the past, this type of person is not fair to the rest of the team. If you aren't gonna be the best, don't put scripts in place to punish the people that are.
The saving grace in this case was not the guy who found the script(he of course milked it for what it was worth), but the fact that this guy did things half-assed. His original script had a bug in it(not tested)... these are the same reasons that he probably lost his job to the better people on the team when the cuts came.
Label me a troll if you want... but this guy was trash and is where he belongs.
I would like to give this admin credit for not just walking into the place with a high-powered assault rifle and shooting at random.
I've heard some tales of the disgruntled from back in the day. The most common "I quit" sabotage was taking the reel-to-reel's from the library and dumping them in a sink with water. But the worst worst worst one I heard of, one that could even be an urban legend because of how evil it is, it was the revenge of an angry admin who wanted the company to pay dearly for the evils visited upon him. He sets up this program that doesn't run until several months after he leaves the company. Note, this is back in the days of tapes and computer operators who worked the night shift and moved the tapes from one drive to another, 1970-somethings. Anyway, what his program did was step through EVERY tape in the library. He shuffled it in a random order so nobody would become suspicious. The operator just follows the prompting on his terminal, never the wiser. By the time the sequence is complete, every tape has been erased. As the story goes, the company had no offsite backups and was ruined.
Revenge fantasies are fun but seriously, a job is a job. If you go out in a blaze of glory at one, it will make finding the next one a lot more difficult, especially with a felony on your record. But I guess if he was thinking clearly we wouldn't be reading about this in the first place.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
I'm an anesthesiologist. It's virtually impossible for judges and the lay public to determine, really, whether I committed malpractice (absent blatantly criminal acts). In fact, most doctors would probably need a fair amount of exposition to determine whether or not I committed malpractice (as I would, in turn, if faced with a case from another specialty). And yet we are judged by twelve people who could not escape jury duty. Yes, I'd prefer if I were judged only by my colleagues, and so would you. But if that were the case, nobody would ever trust us. It's the price you pay for having a society.
Only when disgruntled sysadmins start damaging meatspace.
When someone blows away the contents of 70 servers, they ARE damaging meatspace. Real time, stress, cash, and possibly very serious side-effects to real meat can result (especially in health care operations and record keeping). We just need more people to be aware of how the things that they pay money for, and get or don't get with the fruits of their labor, are diminished by the acts of crooks and vandals of ALL sorts. Inside IT jackasses, retail store theft/shrinkage - all of that. People don't want to think about it, not least because it's a reminder that there really are just plain bad people out there, and that they cost us all a little (and sometimes not so little) piece of our lives. I don't know about you, but the only life I'm getting is in meatspace. Chip away at that - however indirectly - and you're messing with the only thing that matters. And there are thousands of people chipping away, every day. Disgruntled IT guys aren't any different than disgruntled anyone else, but they can cause damage in unique ways, given their reach and the subtlety of their line of work.
Don't disappoint your bird dog. Go to the range.
Yes, but in this case, we are talking about dead people.
The result of the bomb on the server infrastructure would have caused patients to not have their life-saving prescriptions delivered thus putting their health at risk. So, if it had gone off, it is possible there could have been deaths due to his actions.
Fear and appease the mighty systems administrator, lest he make your CD tray eject at random and hit thy knee, causing grave distress and injury.
because you didn't submit the story when it was hot
ITSALLYOURFAULTFUCKER
Right but the question was "When will going sysadmin replace going postal" and the answer is never because they are fundamentally different entities. Yes, this is a total ass clown thing to do and yes it does lots of REAL damage. People do not end up dead with bullet holes in them; people may be dead because some health services group isn't able to pull their record and gives them medication that they are allergic to but that won't capture the imagination of the American public. Walking in to a public building and opening up with fire arms, has, unfortunately caught the imagination of our society.
Apples and oranges...
"""
Liebermann noted that if the bomb had taken down Medco's network, people using a Medco prescription card would not have been able to fill any new prescriptions. "That could be very serious, maybe even life-threatening, depending on the need for that medication," Liebermann said.
"""
So what happens when they have a network failure for some other reason? Bad hardware, power outage, building fire, comet impact...
Faulty DRM and "software activation" schemes are logic bombs, too.
There is of course a a very important difference, in that they are not intended to do anything but enforce the bombers' legal rights. Or, at any rate, what the bombers credibly believe to be their legal rights.
But when a malfunctioning Microsoft server trips the "kill" switch on legitimate copies of Vista, I think it's fair to call that a logic bomb of sorts.
No, I don't think Bill Gates should do 2.5 years of jail time, but it is disappointing that Microsoft was not held accountable for this beyond a few weeks' of mildly embarrassing publicity.
"How to Do Nothing," kids activities, back in print!
On a separate subject entirely, that ComputerWorld web page is exactly what's gone wrong with the web: The content I wanted to see (the article) is spread out over three pages, and each page only contains approx. 10% of the content I want to see. The other 90% of the page contains shit, and probably blinky shit if I wasn't using Firefox and Adblock Plus. I don't know why web sites do that. Do they actually think they're adding value? Another one on the list of web sites to avoid...
A clever person solves a problem, A wise person avoids it. -Einstein
Fear and appease the mighty systems administrator, lest he make thy coffee holder retract at random and spilleth thy coffee all over thy desk and thy pants, causing much consternation and stains that are really hard to get out.
Floating face-down in a river of regret...and thoughts of you...
IANAAIAAC (I am not an anesthesiologist, I am a cardiologist), and I agree.
There are things that you really need a great deal of training to understand, that expert witnesses cannot really stress to a jury. When I get sued for malpractice, I would much rather have a jury of my peers and a physician-judge than 12 guys that were picked up off the street, with jury selection involving a prosecuting attorney that wants to get all the educated individuals eliminated from the jury pool.
Help! I'm a slashdot refugee.
Actually, it may get much more spectacular than wrong medications served to patients.
Flight control hacking
Railway tracks control
Time bombs in firmware of cars (in all cars of given model, after given date, once the speed is over 60mph, disable brakes and force power steering all the way to the left)
huge chemical industry factory manufacturing systems
municipal gas networks
oil pipelines control
Nuclear power plants
halon dump release system firmware
top secret strategical plans posted to usenet
military devices control systems
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
1: Get crossbow and bolt. 2: Aim crossbow at Xeno. 3: Fire. If the bolt moves to Xeno, then it is proved that movement is possible. Also, Xeno will be dead. Win win situation.
This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
There are data backups which can be restored
If you trash 70 servers, you are seriously down and out of business for a while. And someone with that degree of access may also have corrupted data that goes way back into your backups. You don't know. You have to check. And for many businesses, being down and out for, say, 48 hours... it's a death sentence. Just-in-time manufacturers, retailers... they can wind up in contract breach, lose customers... if that happened to some retailers during the peak of their holiday sales season, it would bankrupt them. And when an IT person who KNOWS that chooses to shut down a business - and possibly kill it, costing everyone who works there their jobs, and everyone who invested in the business their money, and every customer who uses the vendor a resource - then that's not a bit different than torching their warehouse or otherwise acting to ruin the operations and the people who depend on it and have worked to build it. Three years in prison for deliberately, methodically attempting to ruin other people's lives and livehihood? You think that's too much? Your moral compass is way off, friend.
Don't disappoint your bird dog. Go to the range.
Xeno will be dead. Win win situation. Xeno IS dead, you insensitive clod.
I once worked for a guy who had to maintain some code that a consultant had written several months before. (Ironically this was at a place that handled medical records.) He stumbled across a logic bomb in the consultant's code that hadn't gone off yet. I forget the details but he said it was some sort of obfuscated routine that used a number of inputs, including the timestamp, to produce its outputs, and the timestamp was a legitimate input needed by the routine for real reasons. It was being manipulated with some goofy number in some way to cause an overflow on a certain date, which was still several months away.
So he figures, oh, it's a logic bomb, and not being terribly intrigued by it enough to study it, he just kicked up the number to push the deadline back by a century and left it at that.
Three or four days after the bomb was set to go off, they got a phone call from the guy asking if they had any work for him.
The real panic for the public happens only when individuals fear for their lives.
This is basically the exact reason that Homeland Security is the biggest terrorist organization in the US.(The news media is right up there though...)
How can they be more private than "deleted"?
Method of processing duck feet
But I agree with you, I was a CS graduate that decided to head for the Network Engineering/Sys Admin field because the work was more interesting to me. Not saying that dev work isn't interesting, it is just not my cup o tea.
Every once in a while I consider heading back to dev work when I get tired of everyone watching every thing I do and having an opinion on it. Devs seem to have the enigma feel in the departments I have worked in. No one really knows what they do on an hour by hour basis except for their peers, they get to test things before they are live and if they make a mistake it is just considered standard debugging. Whereas as a Sysadmin, if someone's e-mail gets routed to junk mail you get put on the most wanted list for months.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Depending on 70 servers to support a business--health care or otherwise--and presuming that someone will simply support them is worse than presuming that your car will simply work if your maintenance is limited to keeping gas in the tank. Worse yet, most of those who employ systems support personnel for important systems tend to treat them like replaceable parts. I am presently engaged in a surreal conversation with a group of people who express shock and dismay that the previous sysadmins here didn't document their procedures--so now there is no one to set up the 20-odd people they've just hired for the expensive and vital business application for which they are responsible. After three meetings, they seem ready to move from denial to anger and bargaining. I doubt that they'll ever consider the management who keep turning over their systems staff to save a little money in the short term. I'm wondering how to break it to them that I'll be out of here before Q2 arrives.
Sure, there are idiot sysadmins out there who think that the job is all online. It's not: it includes a lot of clerical work, from recording serial numbers to negotiating maintenance agreements. On top of that, there are myriad fools who think it's easy, and more than a few who think it's cute to bash the profession.
Further, it's not the kind of job you can just leave at the office. Even if you're not on call--which you kind of are all the time--the problems you're solving tend to stay with you. Conversely, this defines the personality of the career sysadmin: We don't like to let go of unsolved problems.
Developers know very well that software is never perfected--it's just abandoned. Consider that systems software is no different.
IMHO, the penalty we're discussing was handed out by the same type of cluelessly fearful magistrate who thinks s/he can "send a message to hackers everywhere." I presume that most of us here feel the same mix of superiority and dread that the technology we're familiar with--earn our livings with--is far beyond the scope of the law of the land.
On the bright side, systems administration can be awesomely satisfying. You get the chance to save the day, sometimes with a bit of trivial knowledge. You can feel secure in the knowledge that you are a member of a group so elite that there is no training for what you do. It was a sysadmin who figured out that broken computer in the Apollo 13 command module was exactly the same as the intact one in the Lunar Excursion Module.
Consider that systems administrators are only contacted when something is broken, or needs improvement. Try phoning your sysadmin to tell him/her that things are running smoothly, and that you appreciate glad for what s/he does every day and night.
"Press to test."
(click)
"Release to detonate."