2.5 Years in Jail for Planting 'Logic Bomb' 303
cweditor writes "A former Medco Health systems administrator was sentenced to 30 months in federal prison and ordered to pay $81,200 in restitution for planting a logic bomb on a network that held customer health care information. The code was designed to delete almost all information on about 70 company servers. This may be longest federal prison sentence for trying to damage a corporate computer system, although Yung-Hsun Lin faced a maximum of 10 years." How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
Do they give Nobel prizes for (Score:5, Funny)
Re: (Score:2, Informative)
Insightful? Pah!
I'm a sysadmin and I came to become one after working as a developer for a good many years.
There are the same interesting bits involved being a sysadmin, along with debugging plus you get to have a hell of a better budget!
The best part is I can still write code to automate jobs across the machines I maintain via puppet/cfengine..
Re:Let's face it (Score:4, Interesting)
But I agree with you, I was a CS graduate that decided to head for the Network Engineering/Sys Admin field because the work was more interesting to me. Not saying that dev work isn't interesting, it is just not my cup o tea.
Every once in a while I consider heading back to dev work when I get tired of everyone watching every thing I do and having an opinion on it. Devs seem to have the enigma feel in the departments I have worked in. No one really knows what they do on an hour by hour basis except for their peers, they get to test things before they are live and if they make a mistake it is just considered standard debugging. Whereas as a Sysadmin, if someone's e-mail gets routed to junk mail you get put on the most wanted list for months.
Let me guess (Score:3, Funny)
Re: (Score:2)
Anyone else think of Dark Star? Or would that be 'Logical Bomb'?
Re: (Score:2, Funny)
Re:Let me guess (Score:5, Funny)
1: Get crossbow and bolt. 2: Aim crossbow at Xeno. 3: Fire. If the bolt moves to Xeno, then it is proved that movement is possible. Also, Xeno will be dead. Win win situation.
Re:Let me guess (Score:4, Funny)
Xeno will be dead. Win win situation. Xeno IS dead, you insensitive clod.
meatspace (Score:3, Interesting)
Re:meatspace (Score:5, Insightful)
When someone blows away the contents of 70 servers, they ARE damaging meatspace. Real time, stress, cash, and possibly very serious side-effects to real meat can result (especially in health care operations and record keeping). We just need more people to be aware of how the things that they pay money for, and get or don't get with the fruits of their labor, are diminished by the acts of crooks and vandals of ALL sorts. Inside IT jackasses, retail store theft/shrinkage - all of that. People don't want to think about it, not least because it's a reminder that there really are just plain bad people out there, and that they cost us all a little (and sometimes not so little) piece of our lives. I don't know about you, but the only life I'm getting is in meatspace. Chip away at that - however indirectly - and you're messing with the only thing that matters. And there are thousands of people chipping away, every day. Disgruntled IT guys aren't any different than disgruntled anyone else, but they can cause damage in unique ways, given their reach and the subtlety of their line of work.
Re:meatspace (Score:5, Insightful)
Apples and oranges...
Re:meatspace (Score:4, Interesting)
Flight control hacking
Railway tracks control
Time bombs in firmware of cars (in all cars of given model, after given date, once the speed is over 60mph, disable brakes and force power steering all the way to the left)
huge chemical industry factory manufacturing systems
municipal gas networks
oil pipelines control
Nuclear power plants
halon dump release system firmware
top secret strategical plans posted to usenet
military devices control systems
Re: (Score:2)
Now that's what I'm talking about! Don't forget about
meatheadspace (Score:5, Insightful)
The real panic for the public happens only when individuals fear for their lives.
(The news media is right up there though...)
Re: (Score:2)
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
Re:meatspace (Score:4, Funny)
Re: (Score:2)
Manslaughter charges bring a whole lot more than a couple of years. As does attempted murder, and the argument (for better or worse) can be made for either of those charges. I think 30 months is reasonable to make the person very aware of the potential damage he could have done to real people, not just data, without being overly oppressive.
Re: (Score:2, Insightful)
And if a doctor says fuckit and goes ahead with a life saving procedure because their health records are inaccessible due to some asshat fucking up the servers which would have denied the procedure?
Re: (Score:2)
You might just as well charge him with genocide or crimes against humanity.
There are more important lessons to be learnt here . Like , who could this have happend ? Was the security lacking ? Was the person given to much trust ? And more to the point , how can we prevent this from happening ever again.
Re:meatspace (Score:5, Insightful)
If you trash 70 servers, you are seriously down and out of business for a while. And someone with that degree of access may also have corrupted data that goes way back into your backups. You don't know. You have to check. And for many businesses, being down and out for, say, 48 hours... it's a death sentence. Just-in-time manufacturers, retailers... they can wind up in contract breach, lose customers... if that happened to some retailers during the peak of their holiday sales season, it would bankrupt them. And when an IT person who KNOWS that chooses to shut down a business - and possibly kill it, costing everyone who works there their jobs, and everyone who invested in the business their money, and every customer who uses the vendor a resource - then that's not a bit different than torching their warehouse or otherwise acting to ruin the operations and the people who depend on it and have worked to build it. Three years in prison for deliberately, methodically attempting to ruin other people's lives and livehihood? You think that's too much? Your moral compass is way off, friend.
Re:meatspace (Score:5, Insightful)
Sure, there are idiot sysadmins out there who think that the job is all online. It's not: it includes a lot of clerical work, from recording serial numbers to negotiating maintenance agreements. On top of that, there are myriad fools who think it's easy, and more than a few who think it's cute to bash the profession.
Further, it's not the kind of job you can just leave at the office. Even if you're not on call--which you kind of are all the time--the problems you're solving tend to stay with you. Conversely, this defines the personality of the career sysadmin: We don't like to let go of unsolved problems.
Developers know very well that software is never perfected--it's just abandoned. Consider that systems software is no different.
IMHO, the penalty we're discussing was handed out by the same type of cluelessly fearful magistrate who thinks s/he can "send a message to hackers everywhere." I presume that most of us here feel the same mix of superiority and dread that the technology we're familiar with--earn our livings with--is far beyond the scope of the law of the land.
On the bright side, systems administration can be awesomely satisfying. You get the chance to save the day, sometimes with a bit of trivial knowledge. You can feel secure in the knowledge that you are a member of a group so elite that there is no training for what you do. It was a sysadmin who figured out that broken computer in the Apollo 13 command module was exactly the same as the intact one in the Lunar Excursion Module.
Consider that systems administrators are only contacted when something is broken, or needs improvement. Try phoning your sysadmin to tell him/her that things are running smoothly, and that you appreciate glad for what s/he does every day and night.
Re: (Score:3, Insightful)
Re:meatspace (Score:5, Funny)
No, no... (Score:5, Funny)
Blue-collar crime versus white-collar crime (Score:3, Insightful)
This is kind of like the difference between blue-collar and white-collar crime. If I physically break into your house and steal a thousand dollars of property, it's blue-collar. If I intentionally falsify tax documents and earnings statements in order to pump up my company's stock value, then cash out for millions of dollars while you and the other stockholders are left holding the bag, it's white-collar.
Both are crimes. The first appears more "meatspace" than the second, but the consequences of the sec
Well.. (Score:5, Funny)
Maybe then they'll fear us MWUAHAHAHAHAHHAA
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I think in the UK right now [bbc.co.uk] that'd get you some kind of public service medal.
Re:Well.. (Score:5, Funny)
Re:Well.. (Score:5, Funny)
More like quad damage!
Yeah (Score:2)
Hmmm, let's just get through today and I'll get back to you.
Disgruntled sysadmins? (Score:4, Insightful)
In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.
What I want to know is: Why would a sysadmin do things like planting a logic bomb anyway? I mean, we're talking about your PROFESSIONAL REPUTATION here. This guy's never gonna work in IT again.
Re:Disgruntled sysadmins? (Score:4, Interesting)
Your plan sounds good in theory, but unfortunately, it rarely works in practice. Distinct separation of duties and powers requires a great deal of discipline on the organization. It took an act of congress to force get public companies, and in particular, the executive board, to take responsibility over accounting practices.
Besides, little ot todays software lets you seperate duties in a meaningful way or to require double authorization for critical actions.
2 1/2 years is a light sentence compared to the damage this guy could do. Thankfully, most sysadmins are honest ethical people.
Re: (Score:2, Funny)
Never read BOFH?
Re: (Score:3, Insightful)
Re:Disgruntled sysadmins? (Score:5, Insightful)
I've been in security for over 10 years and I tell you know, if you have an employee with enough access and dedication to bring down the company down to its knees, they will probably succeed.
IT policies and practices won't save a company against criminal activity, the law handles that just fine.
The biggest threat is phyiscal damage of assets (Score:2)
Why resort to a "logic bomb" which they will know who did it to just being direct?
Don't think so, many places I have been I could appear as a Heating and Cooling worker, electrician, or even trash disposal, and get unescorted access into the data center. All the security in the world doesn't do diddly when half of the IT department will let you in with "can you let me back in, my buddy can't hear me over the fans"
Re: (Score:2)
In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.
There's the way things should be done and the way things are done. For a company of this size, the story should be a non-issue, even if the sabotage was successful. "Pull the binder for disaster scenario 454 off the shelf, start at step 1." Maybe lose a day or two getting the restores in place, no problem. But what's the reality? Probably something more like "Gee, I think we might have the backup from two months ago. Yeah, we needed more tapes, more SAN's, whatever, but the board wouldn't approve our budge
Re: (Score:2)
I don't get this... (Score:5, Insightful)
Re:I don't get this... (Score:5, Insightful)
Re: (Score:2, Insightful)
Except that you are wrong. He didn't want them to be sorry they laid him off. He just wanted them in a complete panic. If you had read TFA, you'd know that:
1) He wrote the script,
2) It failed to "go off" on his birthday,
3) He modified the script to "go off" on his
Re:I don't get this... (Score:4, Funny)
Re:I don't get this... (Score:5, Insightful)
A number of reasons. A top reason is that a slow burn corruption doesn't make any impact. This guy is trying to make a statement, and you don't make a statement if no one finds out that someone fucked them over. He wants to show them that they "messed with the wrong guy". A slow burn sort of corruption is something a calculating, mercenary industrial saboteur would do. That pro's motivation is probably a payoff and he wants to stay in business, while this guy is just acting out his feelings of being unappreciated and underestimated.
Secondly, if you do it the slow way, it takes time and he could have only had a short window before he expected his access to be revoked or a fix to be applied without actually doing much damage.
Mostly though, for a slow insidious sort of attack, you have to be a cold, calculating sort of customer, and those sorts tend to realize that you will end up paying fines and in a federal "pound me in the ass" prison if they get caught. It generally takes someone who is a hothead who simmers for awhile and then explodes to actually execute these sorts of acts.
Re: (Score:4, Funny)
seems fair, but... (Score:2)
Re:seems fair, but... (Score:5, Insightful)
Re: (Score:2)
Re:seems fair, but... (Score:4, Informative)
There are things that you really need a great deal of training to understand, that expert witnesses cannot really stress to a jury. When I get sued for malpractice, I would much rather have a jury of my peers and a physician-judge than 12 guys that were picked up off the street, with jury selection involving a prosecuting attorney that wants to get all the educated individuals eliminated from the jury pool.
Re: (Score:3, Informative)
My guess is you're a very good cardiologist, because otherwise you'd know that malpractice is a civil matter and that a prosecuting attorney is not involved in your case at all (at least in the United States).
Or, you're a really bad one, and your malpractice rose to the level of criminal negligence, which is when a prosecutor would get involved. :-P
As an anecdotal counterpoint to your jury selection process: I was on a jury for a medical malpractice case against the surgeon (an appendectomy that went w
Re: (Score:2)
How is this any different from complex fiscal issues, medical malpractise cases, or claims arising from alleged building construction errors? Courts and jurors are no experts in any of these fields, that's why they (or rather, the plaintiff and defense) bring in expert witnesses.
I suppose that you could fairly assert that the law itself i
a logic bomb? (Score:5, Funny)
would those affected begin acting rationally?
maybe the courts would wake up and start letting the common people win for a change.
i think we need more of these logic bombs.
live long and prosper, logic bomber...
Re: (Score:2, Funny)
Re:a logic bomb? (Score:5, Insightful)
If it was financial data I might agree with you, but this guy destroyed medical records. How would you feel if all your medical records were destroyed? Especially if you were right in the middle of chemo, or radio, or treatment for AIDS?
This guy's sentence was not only just, I think it should have been longer. I have a freind in Dwight Correctional Center [slashdot.org] (a maximum security women's prison in Illinois) for selling a couple of joints to an undercover cop. Are you telling me that destroying medical records is less harmful that marijuana?
Re: (Score:2)
Re: (Score:2)
It was...a JOKE! DUM DUM DUM!
Re: (Score:3, Funny)
I'm going to plead the 5th on this particular incident, though....
Isn't being disgruntled... (Score:5, Funny)
...part of a sysadmin's job description?
Going Sysadmin (Score:2)
I, for one, would rather see dead servers than dead people. And, to put things in a different perspcctive, a friend's brother spent five years in a federal prison in the 1980s for loaning money to a dope dealer; the charge was "conspiracy to distribute cocaine".
What does more damage, loaning monsy to a drug dealer or wiping hundreds of people's medical records? If it had been financial data I might be a bit more
Re:Going Sysadmin (Score:4, Informative)
The result of the bomb on the server infrastructure would have caused patients to not have their life-saving prescriptions delivered thus putting their health at risk. So, if it had gone off, it is possible there could have been deaths due to his actions.
Re: (Score:2)
Re: (Score:2)
Dead man switch (Score:5, Insightful)
The saving grace in this case was not the guy who found the script(he of course milked it for what it was worth), but the fact that this guy did things half-assed. His original script had a bug in it(not tested)... these are the same reasons that he probably lost his job to the better people on the team when the cuts came.
Label me a troll if you want... but this guy was trash and is where he belongs.
Re: (Score:2)
Not only that, the loser had the "D Day" set to his own birthday. I'm not condoning or defending this type of thing, but if you're going to do it, do it well and for crying out loud, don't leave a trail of friggin' bread crumbs leading right to you.
Re: (Score:2)
Re: (Score:2)
I don't want to take issue with the main gist of your post, with which I agree 100%. But I think it would be a mistake to assume that surviving a round of layoffs necessarily means that you're one of "the best." I've seen plenty of competent folks get laid off while incompetent ones stay on for one reason or another.
Re: (Score:3, Interesting)
What is interesting, perhaps even mind boggling, is that it appears that he hadn't lost his job. When his birthday rolled around in 2004 and the logic bomb didn't fire due to the bug, he was able to apply a fix and reset it for his birthday in 2005! You'd think that he wouldn't want to be around when it went off.
Bugs cost for real (Score:2, Insightful)
wow, that's harsh (Score:5, Interesting)
I've heard some tales of the disgruntled from back in the day. The most common "I quit" sabotage was taking the reel-to-reel's from the library and dumping them in a sink with water. But the worst worst worst one I heard of, one that could even be an urban legend because of how evil it is, it was the revenge of an angry admin who wanted the company to pay dearly for the evils visited upon him. He sets up this program that doesn't run until several months after he leaves the company. Note, this is back in the days of tapes and computer operators who worked the night shift and moved the tapes from one drive to another, 1970-somethings. Anyway, what his program did was step through EVERY tape in the library. He shuffled it in a random order so nobody would become suspicious. The operator just follows the prompting on his terminal, never the wiser. By the time the sequence is complete, every tape has been erased. As the story goes, the company had no offsite backups and was ruined.
Revenge fantasies are fun but seriously, a job is a job. If you go out in a blaze of glory at one, it will make finding the next one a lot more difficult, especially with a felony on your record. But I guess if he was thinking clearly we wouldn't be reading about this in the first place.
Re:wow, that's harsh (Score:5, Insightful)
I have been angry at work. I took a more reasonable approach: I quit and found a different job.
Probably never (Score:2, Funny)
First, people would need to know they exist. Second, they'd need a vague, rudimentary knowledge of what a sysadmin does.
So, probably never.
How long will it take? (Score:2)
Exactly as long as it takes for someone at ABC to go postal and delete Barbara Walter's files.
life-threatening? (Score:4, Interesting)
Liebermann noted that if the bomb had taken down Medco's network, people using a Medco prescription card would not have been able to fill any new prescriptions. "That could be very serious, maybe even life-threatening, depending on the need for that medication," Liebermann said.
"""
So what happens when they have a network failure for some other reason? Bad hardware, power outage, building fire, comet impact...
Re: (Score:2)
Malfunctioning DRM and other logic bombs (Score:5, Insightful)
There is of course a a very important difference, in that they are not intended to do anything but enforce the bombers' legal rights. Or, at any rate, what the bombers credibly believe to be their legal rights.
But when a malfunctioning Microsoft server trips the "kill" switch on legitimate copies of Vista, I think it's fair to call that a logic bomb of sorts.
No, I don't think Bill Gates should do 2.5 years of jail time, but it is disappointing that Microsoft was not held accountable for this beyond a few weeks' of mildly embarrassing publicity.
Disgruntled sysadmins vs. disgruntled postmen (Score:2)
What, sysadmins show up with with a flash drive instead of a firearm?
Sounds about right (Score:5, Insightful)
On a separate subject entirely, that ComputerWorld web page is exactly what's gone wrong with the web: The content I wanted to see (the article) is spread out over three pages, and each page only contains approx. 10% of the content I want to see. The other 90% of the page contains shit, and probably blinky shit if I wasn't using Firefox and Adblock Plus. I don't know why web sites do that. Do they actually think they're adding value? Another one on the list of web sites to avoid...
Re: (Score:2)
So, They are only giving you 30% of the content total? You missed out on more than 2/3 of the article? Ouch.
> Do they actually think they're adding value?
If those extra ad-views are generating enough revenue to allow them to continue publishing the articles and pay the authors, then the answer would be yes, they think they are.
At least they're nice enough to
The bastard should've gotten the max sentence (Score:2)
Proficient? (Score:2)
Obviously not...
How long? (Score:3, Insightful)
Well, I think first a sysadmin has to, you know, kill someone. This incident does not even remotely compare with postal shootings. I'm all for hyperbole, but, fuck, it has to be within a couple of orders of magnitude.
to answer your question... (Score:2)
Just wait until someone dies because an important piece of their medical history was missing at a critical time. I think that'll get the ball rolling.
(And no, I'm not looking forward to that.)
hmmm (Score:2)
Professional / Trade (Score:3, Insightful)
I say that and yet I feel for the guy. I've been disrespected by suits and have gone to sleep fantasizing about wiping a system. It felt good. But in the morning, I got up and went to work to get a job done.
Many in IT are bitter for good reason. Most of the IT in my area was layed off 9/12/2001 and a week later offered their jobs back at half what they were making. A few of my friends have trained their Indian offshore replacements. I see jobs advertised that want 5-7 years expert experience in 12 different programming languages, 10 different platforms and a four year degree with a starting salary less than a manager at McDonnalds would make.
What do you do... We're a new profession with growing pangs. It took a centry for doctors to fight off the mid-wife. Eventually, the world will come to accept that computers are important enough that they want the best people and will treat the Admin with the importance that work entails. It's starting. Google does it. Others do too. We'll get there.
-[d]-
Any sysadmin can be dangerous (Score:2)
in many data centers a small fire is enough to cause massive damage... smoke particles in hard drives, and (potentially) wet electronics
a "nicely" modified piece of cat5 can in some cases fry a switch
EPO button can be a pain to recover from
remove a drive
flash the bios with a bad bios-image
the opt
As opposed to the shoddy yet normal practices (Score:2)
BTW I'm a Medco customer and what they think is an equivalent lower cost subscripti
Nervous System Re-org..Excellent! Fast too. (Score:2)
This may be frustrating for the patient, who will be totally unable to accomplish anything for the 30 days leading up to and the 30 days following the re-org; but hell, its not like they were going to run a mara
Line between cyber/meat space is getting thinner (Score:2)
Seeing as how I'm currently on a commuter train headed into Seattle, imagine if the entire railway (tracks/trains) were automated by a central command center (which they aren't as each train has a human operator). A disgruntled employee who works at the command center leaves a program that causes damage to
Not gonna take it anymore (Score:2)
Whenever leaving such a job, I have always taken the high road. I did the worst thing possible, I left them without telling them the REAL reason for leaving. This way they can hire more sysadmins who will also leave. Those companies will never get their stuff together!
BRWAHAHAHAHA!!!
Nice work if you can get it (Score:5, Interesting)
So he figures, oh, it's a logic bomb, and not being terribly intrigued by it enough to study it, he just kicked up the number to push the deadline back by a century and left it at that.
Three or four days after the bomb was set to go off, they got a phone call from the guy asking if they had any work for him.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
ITSALLYOURFAULTFUCKER
Re: (Score:2)
Scary.