Politics, Technology, and Language

If thought corrupts language, language can also corrupt thought — George Orwell

Computer logic bombs and journalistic logic flaws

Posted by metaphorical on 8 January 2007

What exactly is Yung-Hsun Lin guilty of, if anything?

Lin, a sysadmin at Medco Health Solutions Inc., an on-line and mail-order pharmacy based in Franklin Lakes, N.J., is accused of setting a computer “logic bomb” that “would have “wiped out critical data stored on more than 70 servers.”

According to a TechWeb story of 6 January,

Had the logic bomb gone off, prosecutors say, it would have eliminated pharmacists’ ability to know whether Medco customers’ new prescriptions would interact dangerously with their current prescriptions. It also would have damaged the company financially, they say.

The story says that a co-worker “found the so-called logic bomb before it went off.” A U.S. Dept of Justice news release back on 19 December says:

The logic bomb initially failed to “detonate” on the intended day, was allegedly modified by the defendant to execute again, but was then detected by the company and neutralized.

A look at the alleged facts, though, leaves one a bit puzzled. Lin may be guilty of a crime, but it’s not entirely clear what the crime is and how the government is picturing it to have occurred. Let’s look first at exactly what Lin is accused of. From the DOJ release:

Lin is charged with two counts of fraud related to activity in connection with computers—one count for exceeding authorized access with intent to cause damage in excess of $5,000, the other for the impairment, or potential impairment, of the medical examination, diagnosis, treatment or medical care of one or more individuals.

That’s a nice chunk of legalese to parse, but it seems that an essential precondition of each count is that the “logic bomb” was active and set to go off on a particular date.

But was the bomb active, and, if so, when?

A look at the Feds’ case, represented in a very nice timeline in the TechWeb story, makes one wonder.

The timeline, which is entitled “The Feds’ Case” says:

  • Oct. 3, 2003

     Lin allegedly creates malicious code, days before a Medco layoff, setting it to go off on April 23, 2004.

  • Oct. 6, 2003

     Lin is spared the ax.

  • April 23, 2004

     Alleged network sabotage fails because of a coding error. Lin later allegedly modifies the code to go off on April 23, 2005.

  • Jan. 1, 2005

     A co-worker stumbles across the malicious code. Medco IT security team “neutralizes” it.

  • Dec. 19, 2006

     FBI arrests Lin, who’s charged with two counts of computer fraud.

  • Jan. 3, 2007

     Lin pleads not guilty in federal court, is released on bail.

Does that really make sense? Assuming Lin planted an active logic bomb on 10/3/03, would he really have kept it intact after being “spared the ax” three days later? And then it turns out that the logic bomb was actually flawed?

Isn’t it far more likely that if Lin planted the bomb on 10/3, he deactivated it after 10/6, but left the now-inoperative code in place? Then, perhaps Lin fiddled with the code again, either making it operative, or just resetting the potential date to 2005? If that’s true, then Lin might be guilty of something like what the government alleges, at least for three days in October 2003, and perhaps for an additional stretch of time as well.

Logic bombs certainly exist and they’re a problem that has to be addressed by IT departments and, ultimately, by law enforcement. But lets be clear about what they are and are not.

Three weeks before the Lin indictment, also in N.J., Roger Duronio was convicted of computer fraud. In his case, Duronio, while working at UBS Paine Webber, planted code that would delete files, set it go off at a future date, resigned, and then played the company’s stock short expecting the price to go down when the files were deleted. That’s a logic bomb of sorts, but it’s different from ones set for revenge or blackmail.

In the Lin case, if the government’s account is wrong in its dates, and perhaps in the so-called “neutralization by other Medco employees, maybe it’s also wrong in its understanding of the consequences of Lin’s code. And if there the TechWeb timeline inspires these obvious questions, why isn’t TechWeb asking them?


One Response to “Computer logic bombs and journalistic logic flaws”

  1. JoAnne said

    I can buy that Lin didn’t disable the bomb because there could be more layoffs. He probably thought he disarmed it, but failed, just as he failed to code the bomb correctly to do the damage it was supposed to do.

    Why would the co-worker see the code on January 1? Most people aren’t even working on that day. I wonder if it tried to execute again and someone noticed it. Or if it was poorly coded again and when the year changed to 2005 the code tried to execute, but the credentials it tried to use were expired or incorrect.

    The author probably isn’t a programmer, so will not see the obvious holes or questions. Tech writing is most often now done by non-techs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: