2.5 Years in Jail for Planting 'Logic Bomb' 303
cweditor writes "A former Medco Health systems administrator was sentenced to 30 months in federal prison and ordered to pay $81,200 in restitution for planting a logic bomb on a network that held customer health care information. The code was designed to delete almost all information on about 70 company servers. This may be longest federal prison sentence for trying to damage a corporate computer system, although Yung-Hsun Lin faced a maximum of 10 years." How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
Disgruntled sysadmins? (Score:4, Insightful)
In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.
What I want to know is: Why would a sysadmin do things like planting a logic bomb anyway? I mean, we're talking about your PROFESSIONAL REPUTATION here. This guy's never gonna work in IT again.
I don't get this... (Score:5, Insightful)
Dead man switch (Score:5, Insightful)
The saving grace in this case was not the guy who found the script(he of course milked it for what it was worth), but the fact that this guy did things half-assed. His original script had a bug in it(not tested)... these are the same reasons that he probably lost his job to the better people on the team when the cuts came.
Label me a troll if you want... but this guy was trash and is where he belongs.
Bugs cost for real (Score:2, Insightful)
Re:Disgruntled sysadmins? (Score:3, Insightful)
Re:Here's my logic bomb! (Score:3, Insightful)
Re:Disgruntled sysadmins? (Score:5, Insightful)
I've been in security for over 10 years and I tell you know, if you have an employee with enough access and dedication to bring down the company down to its knees, they will probably succeed.
IT policies and practices won't save a company against criminal activity, the law handles that just fine.
Re:a logic bomb? (Score:5, Insightful)
If it was financial data I might agree with you, but this guy destroyed medical records. How would you feel if all your medical records were destroyed? Especially if you were right in the middle of chemo, or radio, or treatment for AIDS?
This guy's sentence was not only just, I think it should have been longer. I have a freind in Dwight Correctional Center [slashdot.org] (a maximum security women's prison in Illinois) for selling a couple of joints to an undercover cop. Are you telling me that destroying medical records is less harmful that marijuana?
Re:seems fair, but... (Score:5, Insightful)
Re:meatspace (Score:5, Insightful)
When someone blows away the contents of 70 servers, they ARE damaging meatspace. Real time, stress, cash, and possibly very serious side-effects to real meat can result (especially in health care operations and record keeping). We just need more people to be aware of how the things that they pay money for, and get or don't get with the fruits of their labor, are diminished by the acts of crooks and vandals of ALL sorts. Inside IT jackasses, retail store theft/shrinkage - all of that. People don't want to think about it, not least because it's a reminder that there really are just plain bad people out there, and that they cost us all a little (and sometimes not so little) piece of our lives. I don't know about you, but the only life I'm getting is in meatspace. Chip away at that - however indirectly - and you're messing with the only thing that matters. And there are thousands of people chipping away, every day. Disgruntled IT guys aren't any different than disgruntled anyone else, but they can cause damage in unique ways, given their reach and the subtlety of their line of work.
Re:meatspace (Score:5, Insightful)
Apples and oranges...
Re:I don't get this... (Score:5, Insightful)
Malfunctioning DRM and other logic bombs (Score:5, Insightful)
There is of course a a very important difference, in that they are not intended to do anything but enforce the bombers' legal rights. Or, at any rate, what the bombers credibly believe to be their legal rights.
But when a malfunctioning Microsoft server trips the "kill" switch on legitimate copies of Vista, I think it's fair to call that a logic bomb of sorts.
No, I don't think Bill Gates should do 2.5 years of jail time, but it is disappointing that Microsoft was not held accountable for this beyond a few weeks' of mildly embarrassing publicity.
Sounds about right (Score:5, Insightful)
On a separate subject entirely, that ComputerWorld web page is exactly what's gone wrong with the web: The content I wanted to see (the article) is spread out over three pages, and each page only contains approx. 10% of the content I want to see. The other 90% of the page contains shit, and probably blinky shit if I wasn't using Firefox and Adblock Plus. I don't know why web sites do that. Do they actually think they're adding value? Another one on the list of web sites to avoid...
How long? (Score:3, Insightful)
Well, I think first a sysadmin has to, you know, kill someone. This incident does not even remotely compare with postal shootings. I'm all for hyperbole, but, fuck, it has to be within a couple of orders of magnitude.
Re:wow, that's harsh (Score:5, Insightful)
I have been angry at work. I took a more reasonable approach: I quit and found a different job.
Re:meatspace (Score:5, Insightful)
If you trash 70 servers, you are seriously down and out of business for a while. And someone with that degree of access may also have corrupted data that goes way back into your backups. You don't know. You have to check. And for many businesses, being down and out for, say, 48 hours... it's a death sentence. Just-in-time manufacturers, retailers... they can wind up in contract breach, lose customers... if that happened to some retailers during the peak of their holiday sales season, it would bankrupt them. And when an IT person who KNOWS that chooses to shut down a business - and possibly kill it, costing everyone who works there their jobs, and everyone who invested in the business their money, and every customer who uses the vendor a resource - then that's not a bit different than torching their warehouse or otherwise acting to ruin the operations and the people who depend on it and have worked to build it. Three years in prison for deliberately, methodically attempting to ruin other people's lives and livehihood? You think that's too much? Your moral compass is way off, friend.
Re:meatspace (Score:2, Insightful)
And if a doctor says fuckit and goes ahead with a life saving procedure because their health records are inaccessible due to some asshat fucking up the servers which would have denied the procedure?
Professional / Trade (Score:3, Insightful)
I say that and yet I feel for the guy. I've been disrespected by suits and have gone to sleep fantasizing about wiping a system. It felt good. But in the morning, I got up and went to work to get a job done.
Many in IT are bitter for good reason. Most of the IT in my area was layed off 9/12/2001 and a week later offered their jobs back at half what they were making. A few of my friends have trained their Indian offshore replacements. I see jobs advertised that want 5-7 years expert experience in 12 different programming languages, 10 different platforms and a four year degree with a starting salary less than a manager at McDonnalds would make.
What do you do... We're a new profession with growing pangs. It took a centry for doctors to fight off the mid-wife. Eventually, the world will come to accept that computers are important enough that they want the best people and will treat the Admin with the importance that work entails. It's starting. Google does it. Others do too. We'll get there.
-[d]-
Re:I don't get this... (Score:2, Insightful)
Except that you are wrong. He didn't want them to be sorry they laid him off. He just wanted them in a complete panic. If you had read TFA, you'd know that:
1) He wrote the script,
2) It failed to "go off" on his birthday,
3) He modified the script to "go off" on his following birthday, and
4) The script was discovered by somebody else before it went off on his following birthday.
This guy is a malicious weenie, and deserves time in PMITA prison. I mean, what kind of stupid, setting it to go off on your birthday?
Re:I don't get this... (Score:5, Insightful)
A number of reasons. A top reason is that a slow burn corruption doesn't make any impact. This guy is trying to make a statement, and you don't make a statement if no one finds out that someone fucked them over. He wants to show them that they "messed with the wrong guy". A slow burn sort of corruption is something a calculating, mercenary industrial saboteur would do. That pro's motivation is probably a payoff and he wants to stay in business, while this guy is just acting out his feelings of being unappreciated and underestimated.
Secondly, if you do it the slow way, it takes time and he could have only had a short window before he expected his access to be revoked or a fix to be applied without actually doing much damage.
Mostly though, for a slow insidious sort of attack, you have to be a cold, calculating sort of customer, and those sorts tend to realize that you will end up paying fines and in a federal "pound me in the ass" prison if they get caught. It generally takes someone who is a hothead who simmers for awhile and then explodes to actually execute these sorts of acts.
meatheadspace (Score:5, Insightful)
The real panic for the public happens only when individuals fear for their lives.
(The news media is right up there though...)
Re:meatspace (Score:3, Insightful)
Re:meatspace (Score:5, Insightful)
Sure, there are idiot sysadmins out there who think that the job is all online. It's not: it includes a lot of clerical work, from recording serial numbers to negotiating maintenance agreements. On top of that, there are myriad fools who think it's easy, and more than a few who think it's cute to bash the profession.
Further, it's not the kind of job you can just leave at the office. Even if you're not on call--which you kind of are all the time--the problems you're solving tend to stay with you. Conversely, this defines the personality of the career sysadmin: We don't like to let go of unsolved problems.
Developers know very well that software is never perfected--it's just abandoned. Consider that systems software is no different.
IMHO, the penalty we're discussing was handed out by the same type of cluelessly fearful magistrate who thinks s/he can "send a message to hackers everywhere." I presume that most of us here feel the same mix of superiority and dread that the technology we're familiar with--earn our livings with--is far beyond the scope of the law of the land.
On the bright side, systems administration can be awesomely satisfying. You get the chance to save the day, sometimes with a bit of trivial knowledge. You can feel secure in the knowledge that you are a member of a group so elite that there is no training for what you do. It was a sysadmin who figured out that broken computer in the Apollo 13 command module was exactly the same as the intact one in the Lunar Excursion Module.
Consider that systems administrators are only contacted when something is broken, or needs improvement. Try phoning your sysadmin to tell him/her that things are running smoothly, and that you appreciate glad for what s/he does every day and night.
Re:Ummm.... (Score:2, Insightful)
An apt metaphor given that crap that most programmers produce. For every 1 decent program there's a few thousand "code monkeys" randomly banging on keyboards until something that passes QA lurches out. Sysadmins are they ones stuck figuring out how build adobe houses out of what they produce.
I know I'm feeding trolls, but it seemed such an apt metaphor, sysadmins cleaning up the crap programmers produce, and the code monkeys thinking that makes them better than the zookeepers.
Blue-collar crime versus white-collar crime (Score:3, Insightful)
This is kind of like the difference between blue-collar and white-collar crime. If I physically break into your house and steal a thousand dollars of property, it's blue-collar. If I intentionally falsify tax documents and earnings statements in order to pump up my company's stock value, then cash out for millions of dollars while you and the other stockholders are left holding the bag, it's white-collar.
Both are crimes. The first appears more "meatspace" than the second, but the consequences of the second are much broader and longer lasting -- even in the physical world. If I lose thousands of dollars in investments, it's as good as you stealing it out of my house. If I die because you destroy my medical data, leading to some kind of fatal treatment, you might as well have shot me. And even if nobody would have died, there are still other Very Bad Consequences, like patients becoming developing new conditions as the result of wrong medication (possibly leading to lifelong problems). And there is the small issue of all the MedCo employees losing their jobs, and thousands of hospitals and clinics become snarled up in treatment schedules. This one little thing could easily impact millions of people overnight.
I agree that planting a logic bomb is not the same thing as shooting somebody. It is a different thing; in fact, it's a new kind of sinister that was not even possible a hundred years ago. But it might be just as bad as "going postal."