Systems Administrator Jailed for Developing ‘Logic Bomb’

Yung-Hsun Lin, an ex-computer systems administrator in Medco Health Solutions Inc., N.J., admitted his crime in U.S. District Court in Newark, N.J., for developing malicious code, which, if transmitted, could damage critical data placed on about 70 servers, said U.S. Attorney Christopher J. Christie. TechNews published this on September 19, 2007.

According to federal prosecutors, the code could have caused potential risks to the health of consumers and enormous financial damages. The servers managed several functions, one of which determined suitability of new prescriptions, and another ensured that patients would not receive medications that could have side effects with the drugs they might be already using.

Lin admitted guilt before prosecutors of transmitting harmful computer code to cause damage of more than $5,000 intentionally. He got a statutory penalty for up to 10 years in jail and a fine of $250,000. Lin's sentencing is scheduled for January 8, 2008.

Christie also pointed out that the prosecution had been possible only with Medco's cooperation, which drew the prosecutors' attention to Mr. Lin as soon as the company discovered his activities. Unfortunately, the dangers from an occasionally disgruntled employee, who could cause this kind of trouble and potential damage to the company, was evident from the case, reported TechNews on September 19, 2007.

Lin admitted of having designed the malicious code in October 2003 at the time when Medco was excluded from Merck & Co., fearing that staff dismissal might have an effect on him. In the same year in September, Lin and other employees circulated e-mails amongst themselves discussing the likely retrenchment of system administrators at Medco. On 2nd October 2003, Lin modified the existing computer code and inserted it into the Medco's system, thus creating the 'Logic Bomb'. The new computer code that Lin programmed contained a script that would automatically install the logic bomb on April 23, 2004- the day he was born.

Assistant U.S. Attorney Erez Liebermann said that if the bomb had exploded, it could have damaged Medco's reputation terribly. He regarded this as the greatest computer sabotage case because it was capable of more than financial damage. InformationWeek published Liebermann's statement on September 19, 2007.

Related article: Saskatoon Police Warn Against Fake Financial E-Mail Scam

» SPAMfighter News - 10/6/2007