Editing Logic bomb

{{Short description|Intentional delayed sabotage of a computer program with activation subject to conditions}}
{{Use dmy dates|date=March 2014}}
A '''logic bomb''' is a piece of [[source code|code]] intentionally inserted into a [[software]] system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting [[computer file|files]] (such as a salary [[database trigger]]), should they ever be terminated from the company.

Software that is inherently malicious, such as [[computer virus|viruses]] and [[computer worm|worms]], often contain logic bombs that execute a certain [[Payload (software)|payload]] at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as [[Friday the 13th]] or [[April Fools' Day]]. [[Trojan horse (computing)|Trojans]] and other [[computer viruses]] that activate on certain dates are often called "[[time bomb (software)|time bombs]]".

To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that [[Crippleware|disables certain functionality]] after a set time are not normally regarded as logic bombs.

== Successful ==
*In June 2006 Roger Duronio, a [[system administrator]] for [[UBS AG|UBS]], was charged with using a logic bomb to damage the company's computer network, and with securities fraud for his failed plan to drive down the company's stock with activation of the logic bomb.<ref>[https://www.theregister.co.uk/2006/06/08/ubs_hack_attack Man accused of crashing UBS servers | The Register]</ref><ref>{{Cite web |url=http://www.informationweek.com/showArticle.jhtml?articleID=188702216 |title=Nightmare On Wall Street: Prosecution Witness Describes 'Chaos' In UBS PaineWebber Attack - News by InformationWeek |access-date=8 December 2006 |archive-date=28 October 2007 |archive-url=https://web.archive.org/web/20071028151137/http://www.informationweek.com/showArticle.jhtml?articleID=188702216 |url-status=dead }}</ref> Duronio was later convicted and sentenced to 8 years and 1 month in prison, as well as a $3.1 million restitution to UBS.<ref>[http://www.usdoj.gov/usao/nj/press/files/pdffiles/duro1213rel.pdf Former UBS Computer Systems Manager Gets 97 Months for Unleashing "Logic Bomb" on Company Network] {{webarchive |url=https://web.archive.org/web/20070930064933/http://www.usdoj.gov/usao/nj/press/files/pdffiles/duro1213rel.pdf |date=30 September 2007 }}</ref>
*On 20 March 2013, in an attack launched against [[South Korea]], a logic bomb struck machines and "wiped the hard drives and [[master boot record]]s of at least three banks and two media companies simultaneously."<ref>{{cite magazine | title=Government waging 'war' against people: Kim Zetter | url= https://www.wired.com/threatlevel/2013/03/logic-bomb-south-korea-attack/ | magazine=[[Wired (magazine)|Wired]]|access-date=3 April 2013}}</ref><ref>{{cite news | title=South Korea raises alert after hackers attack broadcasters, banks: Se Young Lee | date= 20 March 2013 | url= https://www.reuters.com/article/net-us-korea-cyber-outage-idUSBRE92J06F20130320 | work=[[Reuters]]|access-date=3 April 2013| last1= Lee | first1= Se Young }}</ref> [[NortonLifeLock|Symantec]] reported that the malware also contained a component that was capable of wiping Linux machines.<ref>{{cite web | title=Remote Linux Wiper Found in South Korean Cyber Attack | url= http://www.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack | archive-url= https://web.archive.org/web/20130324015507/http://www.symantec.com/connect/blogs/remote-linux-wiper-found-south-korean-cyber-attack | url-status= dead | archive-date= 24 March 2013 | publisher=[[NortonLifeLock|Symantec]]|access-date=3 April 2013}}</ref><ref>{{cite web | title=South Korean Banks and Broadcasting Organizations Suffer Major Damage from Cyber Attack | url= http://www.symantec.com/connect/blogs/south-korean-banks-and-broadcasting-organizations-suffer-major-damage-cyber-attack | archive-url= https://web.archive.org/web/20130324013008/http://www.symantec.com/connect/blogs/south-korean-banks-and-broadcasting-organizations-suffer-major-damage-cyber-attack | url-status= dead | archive-date= 24 March 2013 | publisher=[[NortonLifeLock|Symantec]]|access-date=3 April 2013}}</ref>
*On 19 July 2019, David Tinley, a contract employee, pleaded guilty for programming logic bombs within the software he created for [[Siemens]] Corporation.<ref>{{cite web |title=Siemens Contract Employee Intentionally Damaged Computers by Planting Logic Bombs into Programs He Designed |url=https://www.justice.gov/usao-wdpa/pr/siemens-contract-employee-intentionally-damaged-computers-planting-logic-bombs-programs |website=www.justice.gov |publisher=United States Department of Justice |access-date=9 September 2019 |language=en |date=19 July 2019}}</ref> The software was intentionally made to malfunction after a certain amount of time, requiring the company to hire him to fix it for a fee. The logic bombs went undetected for two years, but were then discovered while he was out of town and had to hand over the administrative password to his software.<ref>{{cite news |last1=Cimpanu |first1=Catalin |title=Siemens contractor pleads guilty to planting logic bomb in company spreadsheets |url=https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/ |access-date=9 September 2019 |work=ZDNet |language=en}}</ref>
*In 2023, researchers discovered that some [[Newag]] trains were secretly programmed to deliberately break down after a certain distance, or during maintenance windows, or when onboard GPS confirmed they were located in rivals' workshops for repair.<ref>{{cite web |url=https://hackaday.com/2023/12/06/the-deere-disease-spreads-to-trains/ |title=The Deere Disease Spreads To Trains |last1=List |first1=Jenny |work=Hackaday |access-date=2023-12-06 |date=2023-12-06 }}</ref><ref>{{cite web |url=https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow|title=O trzech takich, co zhakowali prawdziwy pociąg – a nawet 30 pociągów|access-date=2023-12-06|date=2023-12-05|website=Zaufana Trzecia Strona|language=pl}}</ref>

== Attempted ==
*In February 2000, Tony Xiaotong Yu, indicted before a [[grand jury]], was accused of planting a logic bomb during his employment as a programmer and securities trader at [[Morgan, Grenfell & Co.|Deutsche Morgan Grenfell]]. The bomb, planted in 1996, had a trigger date of 20 July 2000, but was discovered by other programmers in the company. Removing and cleaning up after the bomb allegedly took several months.<ref>{{Cite news
  | title = Man Indicted in Computer Case
  | newspaper = [[The New York Times]]
  | pages = C.7
  | date = 10 February 2000
  }}
</ref>
*On 2 October 2003 Yung-Hsun Lin, also known as Andy Lin, changed code on a server at [[Medco Health Solutions]] Inc.'s [[Fair Lawn, New Jersey]] headquarters, where he was employed as a Unix administrator, creating a logic bomb set to go off on his birthday in 2004. It failed to work due to a programming error, so Lin corrected the error and reset it to go off on his next birthday, but it was discovered and disabled by a Medco computer systems administrator a few months before the trigger date. Lin pleaded guilty and was sentenced to 30 months in jail in a federal prison in addition to $81,200 in [[restitution]]. The charges held a maximum sentence of 10 years and a fine of US$250,000.<ref>{{cite web | url = http://www.pcworld.com/article/id,137479/article.html | title = Unix Admin Pleads Guilty to Planting Logic Bomb | access-date = 22 September 2007 | work = PC World | author = Vijayan, Jaikumar | archive-date = 28 October 2007 | archive-url = https://web.archive.org/web/20071028154112/http://www.pcworld.com/article/id,137479/article.html | url-status = dead }}</ref><ref>{{cite web | url = http://it.slashdot.org/article.pl?sid=08/01/09/1328251&from=rss | title = 2.5 Years in Jail for Planting 'Logic Bomb' | work = Slashdot | date = 9 January 2008 }}</ref>
*On 29 October 2008 a logic bomb was discovered at American mortgage giant [[Fannie Mae]].  The bomb was planted by Rajendrasinh Babubhai Makwana, an IT contractor who worked at Fannie Mae's [[Urbana, Maryland]] facility.  The bomb was set to activate on 31 January 2009 and could have wiped all of Fannie Mae's 4000 servers. Makwana had been terminated around 1:00{{nbsp}}p.m. on 24 October 2008 and managed to plant the bomb before his network access was revoked. Makwana was indicted in a Maryland court on 27 January 2009 for unauthorized computer access,<ref>{{Cite web |url=http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=212903521 |title=Fannie Mae Contractor Indicted For Logic Bomb |access-date=29 January 2009 |archive-date=20 June 2009 |archive-url=https://web.archive.org/web/20090620063204/http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=212903521 |url-status=dead }}</ref><ref>[http://baltimore.fbi.gov/dojpressrel/pressrel10/ba100410a.htm Former Employee of Fannie Mae Contractor Convicted of Attempting to Destroy Fannie Mae Computer Data] {{Webarchive|url=https://web.archive.org/web/20101007234329/http://baltimore.fbi.gov/dojpressrel/pressrel10/ba100410a.htm |date=7 October 2010 }} 4 October 2010</ref> convicted on 4 October 2010, and sentenced to 41 months in prison on 17 December 2010.<ref>{{cite news |title=Programmer jailed three years over plot to wipe out all of Fannie Mae's financial data |author=Stephen C. Webster |url=http://www.rawstory.com/rs/2010/12/31/indian-programmer-jailed-years-plot-destroy-fannie-maes-financial-data/ |newspaper=[[The Raw Story]] |date=31 December 2010 |access-date=26 May 2012 |archive-date=8 May 2014 |archive-url=https://web.archive.org/web/20140508134557/http://www.rawstory.com/rs/2010/12/31/indian-programmer-jailed-years-plot-destroy-fannie-maes-financial-data/ |url-status=dead }}</ref>
*In October 2009, Douglas Duchak was terminated from his job as data analyst at the Colorado Springs Operations Center (CSOC) of the U.S. [[Transportation Security Administration]].  Surveillance cameras captured images of Duchak entering the facility after hours and loading a logic bomb onto a CSOC server that stored data from the U.S. Marshals.  In January 2011, Duchak was sentenced to two years in prison, $60,587 in fines, and three years on probation.<ref>[https://www.wired.com/threatlevel/2011/01/tsa-worker-malware/ TSA Worker Gets 2 Years for Planting Logic Bomb in Screening System] 12 January 2011</ref>  At his sentencing, Duchak tearfully apologized as his lawyer noted that at the time of the incident, Duchak's wife was pregnant with their second child.  The judge at the sentencing mentioned that this logic bomb planting "incident was an anomaly in an otherwise untarnished work history."<ref>[http://www.gazette.com/articles/damage-110969-judge-springs.html Springs man sent to prison for hacking into TSA computer] {{Webarchive|url=https://web.archive.org/web/20121215163242/http://www.gazette.com/articles/damage-110969-judge-springs.html |date=15 December 2012 }} 11 January 2011</ref>

== Alleged ==
[[Thomas C. Reed]] wrote in his 2004 book ''[[At the Abyss: An Insider's History of the Cold War]]'' that in 1982, a sabotage occurred on the [[Trans-Siberian Pipeline]] because of a logic bomb. According to Reed, a [[KGB]] operative stole the plans for a sophisticated control system and its software from a Canadian firm, for use on its Siberian pipeline. The [[Central Intelligence Agency]] (CIA) was tipped off by documents in the [[Farewell Dossier]], and had the company insert a logic bomb in the program for [[sabotage]] purposes.<ref>{{cite book |last=Reed |first=Thomas C. |author-link=Thomas C. Reed |date=2004 |title=[[At the Abyss: An Insider's History of the Cold War]] |publisher=Random House Pub. |isbn=978-0-8914-1821-4 }}</ref><ref>{{Cite web|title=Tech sabotage during the Cold War|website=Federal Computer Week|publisher=1105 Media|first=Matthew|last=French|date=26 April 2004|url=http://fcw.com/Articles/2004/04/26/Tech-sabotage-during-the-Cold-War.aspx?Page=1|access-date=18 December 2013|archive-date=3 April 2019|archive-url=https://web.archive.org/web/20190403232636/https://fcw.com/Articles/2004/04/26/Tech-sabotage-during-the-Cold-War.aspx?Page=1|url-status=dead}}</ref> Critics have contested the authenticity of this account,<ref>{{cite news|first=Anatoly |last=Medetsky |url=http://www.themoscowtimes.com/news/article/kgb-veteran-denies-cia-caused-82-blast/232261.html |title=KGB Veteran Denies CIA Caused '82 Blast|newspaper=The Moscow Times|date=18 March 2004 |access-date=30 July 2015 |archive-url=https://web.archive.org/web/20160131204755/http://www.themoscowtimes.com/news/article/kgb-veteran-denies-cia-caused-82-blast/232261.html |archive-date= 31 January 2016 |url-status=dead}}</ref><ref name="Bloomberg Business; 10 October 2014">{{cite news |last1=Hesseldahl  |first1=Arik |author-link1=Arik Hesseldahl |last2=Kharif  |first2=Olga |date=10 October 2014 |title=Cyber Crime and Information Warfare: A 30-Year History |url=https://www.bloomberg.com/ss/10/10/1014_cyber_attacks/1.htm |newspaper=Bloomberg Business |page=2 |access-date=30 July 2015}}</ref> and it was reported that the story may be a hoax.<ref>Mackeown, Patrick (10 August 2006). [https://web.archive.org/web/20101113072603/http://www.bookscape.co.uk/short_stories/computer_hoaxes.php "Bookscape: Short Story - Famous Computer Hoaxes"]. Bookscape. Archived on 13 November 2010.</ref>

==See also==
* [[Time bomb (software)]]
* [[Backdoor (computing)]]
* [[Easter egg (media)]]
* [[Cyberwarfare]]
* [[Stuxnet]]
* [[Fork bomb]]

==References==
{{reflist}}

{{Computer security}}

[[Category:Types of malware]]
[[Category:Cyberwarfare]]