Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

2.5 Years in Jail for Planting 'Logic Bomb'

CmdrTaco posted more than 6 years ago | from the well-that-seems-fairly-light dept.

Security 303

cweditor writes "A former Medco Health systems administrator was sentenced to 30 months in federal prison and ordered to pay $81,200 in restitution for planting a logic bomb on a network that held customer health care information. The code was designed to delete almost all information on about 70 company servers. This may be longest federal prison sentence for trying to damage a corporate computer system, although Yung-Hsun Lin faced a maximum of 10 years." How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?

Sorry! There are no comments related to the filter you selected.

Do they give Nobel prizes for (5, Funny)

Trigun (685027) | more than 6 years ago | (#21967626)

Attempted Physics? I think not!

Let's face it (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21968066)

The sys admin is the guy who couldn't hack CS grad school. Generally he is bitter. He is really impressed with himself, since he knows a few command line tricks. I've seen them brag that they know how to use TWO editors, whereas most people only use one. He's interested in security and cryptography, and likes to talk about how much he knows, but in fact he just knows the rudiments of ssh options. He has Bruce Schneir's book on his shelf, and maybe a volume of Knuth, but can't understand a word of either. (Although Schneir's book is terrible and he is really a moron himself.)

Let me guess (2, Funny)

Daimanta (1140543) | more than 6 years ago | (#21967632)

They replaced everyones desktops with a picture of Xeno's paradox?

Re:Let me guess (1)

squidfood (149212) | more than 6 years ago | (#21967810)

'Logic Bomb'

Anyone else think of Dark Star? Or would that be 'Logical Bomb'?

Re:Let me guess (2, Funny)

Opie812 (582663) | more than 6 years ago | (#21968320)

Nope. Just you.

Re:Let me guess (4, Funny)

HUADPE (903765) | more than 6 years ago | (#21968648)

Xeno's paradox is easily disproved in three steps.

1: Get crossbow and bolt. 2: Aim crossbow at Xeno. 3: Fire. If the bolt moves to Xeno, then it is proved that movement is possible. Also, Xeno will be dead. Win win situation.

There's an interesting story... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21967640)

That I read about on the ContactLog Blog [contactlog.net] - a couple of days ago. Why is /. so behind lately?

Re:There's an interesting story... (3, Funny)

Anonymous Coward | more than 6 years ago | (#21967942)

because you didn't submit the story when it was hot

ITSALLYOURFAULTFUCKER

Re:There's an interesting story... (0, Offtopic)

sm62704 (957197) | more than 6 years ago | (#21968318)

I read this same comment yesterday in the RIAA story. Why is Anonymous Coward so behind lately?

Re:There's an interesting story... (0)

Anonymous Coward | more than 6 years ago | (#21968410)

minicity spam

meatspace (2, Interesting)

qwertphobia (825473) | more than 6 years ago | (#21967644)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
Only when disgruntled sysadmins start damaging meatspace. Really, it's possible, but only then will people start waking up.

Re:meatspace (5, Insightful)

ScentCone (795499) | more than 6 years ago | (#21967920)

Only when disgruntled sysadmins start damaging meatspace.

When someone blows away the contents of 70 servers, they ARE damaging meatspace. Real time, stress, cash, and possibly very serious side-effects to real meat can result (especially in health care operations and record keeping). We just need more people to be aware of how the things that they pay money for, and get or don't get with the fruits of their labor, are diminished by the acts of crooks and vandals of ALL sorts. Inside IT jackasses, retail store theft/shrinkage - all of that. People don't want to think about it, not least because it's a reminder that there really are just plain bad people out there, and that they cost us all a little (and sometimes not so little) piece of our lives. I don't know about you, but the only life I'm getting is in meatspace. Chip away at that - however indirectly - and you're messing with the only thing that matters. And there are thousands of people chipping away, every day. Disgruntled IT guys aren't any different than disgruntled anyone else, but they can cause damage in unique ways, given their reach and the subtlety of their line of work.

Re:meatspace (4, Insightful)

CFTM (513264) | more than 6 years ago | (#21968058)

Right but the question was "When will going sysadmin replace going postal" and the answer is never because they are fundamentally different entities. Yes, this is a total ass clown thing to do and yes it does lots of REAL damage. People do not end up dead with bullet holes in them; people may be dead because some health services group isn't able to pull their record and gives them medication that they are allergic to but that won't capture the imagination of the American public. Walking in to a public building and opening up with fire arms, has, unfortunately caught the imagination of our society.

Apples and oranges...

Re:meatspace (3, Interesting)

SharpFang (651121) | more than 6 years ago | (#21968496)

Actually, it may get much more spectacular than wrong medications served to patients.

Flight control hacking
Railway tracks control
Time bombs in firmware of cars (in all cars of given model, after given date, once the speed is over 60mph, disable brakes and force power steering all the way to the left)
huge chemical industry factory manufacturing systems
municipal gas networks
oil pipelines control
Nuclear power plants
halon dump release system firmware
top secret strategical plans posted to usenet
military devices control systems

Re:meatspace (2, Funny)

zehaeva (1136559) | more than 6 years ago | (#21968448)

All this talk of meat is making me thirsty [archive.org]

Re:meatspace (1)

beckerist (985855) | more than 6 years ago | (#21968484)

Yep. Also a little thing known as privacy laws [hhs.gov] that make it a TINY bit illegal to mess around with health care records.

Re:meatspace (1)

bkr1_2k (237627) | more than 6 years ago | (#21968748)

As opposed to shooting them (going postal), which is okay?

Re:meatspace (0)

Anonymous Coward | more than 6 years ago | (#21968694)

When someone blows away the contents of 70 servers, they ARE damaging meatspace. Real time, stress, cash, and possibly very serious side-effects to real meat can result (especially in health care operations and record keeping).

I just cannot agree with 3 years of federal pound-me-in-the-ass prison. There are data backups which can be restored. Particularly in the post-HIPAA world of data driven health care. Granted, it may take a little time and a little expense to hit the undo button, but I think the punishment does not fit the crime.

To think eighty grand and three years in a dark cell is appropriate smacks of proud, tin badge-wearing member of a modern "kill 'em all" lynchmob.

Re:meatspace (1)

bkr1_2k (237627) | more than 6 years ago | (#21968828)

I'll remind you of that when someone you love dies because their health records are inaccessible due to some asshat fucking up the servers.

Manslaughter charges bring a whole lot more than a couple of years. As does attempted murder, and the argument (for better or worse) can be made for either of those charges. I think 30 months is reasonable to make the person very aware of the potential damage he could have done to real people, not just data, without being overly oppressive.

Re:meatspace (4, Insightful)

ScentCone (795499) | more than 6 years ago | (#21968834)

There are data backups which can be restored

If you trash 70 servers, you are seriously down and out of business for a while. And someone with that degree of access may also have corrupted data that goes way back into your backups. You don't know. You have to check. And for many businesses, being down and out for, say, 48 hours... it's a death sentence. Just-in-time manufacturers, retailers... they can wind up in contract breach, lose customers... if that happened to some retailers during the peak of their holiday sales season, it would bankrupt them. And when an IT person who KNOWS that chooses to shut down a business - and possibly kill it, costing everyone who works there their jobs, and everyone who invested in the business their money, and every customer who uses the vendor a resource - then that's not a bit different than torching their warehouse or otherwise acting to ruin the operations and the people who depend on it and have worked to build it. Three years in prison for deliberately, methodically attempting to ruin other people's lives and livehihood? You think that's too much? Your moral compass is way off, friend.

Re:meatspace (0)

Anonymous Coward | more than 6 years ago | (#21968784)

I believe you have my stapler.

Re:meatspace (4, Funny)

daeg (828071) | more than 6 years ago | (#21967936)

Fear and appease the mighty systems administrator, lest he make your CD tray eject at random and hit thy knee, causing grave distress and injury.

No, no... (4, Funny)

johndiii (229824) | more than 6 years ago | (#21968332)

Fear and appease the mighty systems administrator, lest he make thy coffee holder retract at random and spilleth thy coffee all over thy desk and thy pants, causing much consternation and stains that are really hard to get out.

Well.. (4, Funny)

Killjoy_NL (719667) | more than 6 years ago | (#21967652)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?

Maybe then they'll fear us MWUAHAHAHAHAHHAA :D

Re:Well.. (1)

somersault (912633) | more than 6 years ago | (#21967768)

It wouldn't take much to make the average user fear you beyond pretending (or actually doing so I guess) you've recorded their bank details and stuff like that. Quite why you want your users to fear you, I don't know :P

Re:Well.. (1)

Killjoy_NL (719667) | more than 6 years ago | (#21967786)

The feeling of impending doom counts for a lot when I take over the world in a few years :)

Re:Well.. (1)

FredFredrickson (1177871) | more than 6 years ago | (#21967978)

Remember when Stewie was cool and just wanted to take over the world?

Now he's just gay.

And I couldn't stretch anything, my bad. Sorry guys. Back on topic. 2.5 years is pretty short in my opinion. Imagine if 10 years ago you broke into a doc's office and shredded all their paper records. I don't feel that'd go over well...

Re:Well.. (1)

stranger_to_himself (1132241) | more than 6 years ago | (#21968062)

Imagine if 10 years ago you broke into a doc's office and shredded all their paper records. I don't feel that'd go over well...

I think in the UK right now [bbc.co.uk] that'd get you some kind of public service medal.

Re:Well.. (1)

somersault (912633) | more than 6 years ago | (#21968166)

Less talk, more action! As a fellow sysadmin I hope I'll see some benefit out of this?

Re:Well.. (4, Funny)

Alioth (221270) | more than 6 years ago | (#21968258)

I am a post office system administrator. Double power!

Re:Well.. (4, Funny)

soulsteal (104635) | more than 6 years ago | (#21968830)

I am a post office system administrator. Double power!

More like quad damage!

Yeah (1)

suso (153703) | more than 6 years ago | (#21967670)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?

Hmmm, let's just get through today and I'll get back to you.

Re:Yeah (0, Offtopic)

suso (153703) | more than 6 years ago | (#21967726)

Actually, I think its time for a Seinfeld reference. Anyone want to make one? I'm too disgruntled to think.

Disgruntled sysadmins? (4, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#21967680)

Ehm, I don't think the disgruntled sysadmin will ever really enter the zeitgeist. If a company has good IT policies and practices in place, the disgruntled sysadmin really isn't that big of a problem.

In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.

What I want to know is: Why would a sysadmin do things like planting a logic bomb anyway? I mean, we're talking about your PROFESSIONAL REPUTATION here. This guy's never gonna work in IT again.

Re:Disgruntled sysadmins? (3, Interesting)

hal9000(jr) (316943) | more than 6 years ago | (#21967804)

Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.

Your plan sounds good in theory, but unfortunately, it rarely works in practice. Distinct separation of duties and powers requires a great deal of discipline on the organization. It took an act of congress to force get public companies, and in particular, the executive board, to take responsibility over accounting practices.

Besides, little ot todays software lets you seperate duties in a meaningful way or to require double authorization for critical actions.

2 1/2 years is a light sentence compared to the damage this guy could do. Thankfully, most sysadmins are honest ethical people.

Re:Disgruntled sysadmins? (2, Insightful)

Ruprecht the Monkeyb (680597) | more than 6 years ago | (#21967814)

For big business, that's fine. Most small businesses are lucky to have a single full-time IT person, and redundant systems just aren't going to happen. A week's downtime without customer records for billing, etc., while servers get rebuilt and data restored could kill them.

Re:Disgruntled sysadmins? (0)

Anonymous Coward | more than 6 years ago | (#21968696)

Would workers in a small businesses get disgruntled as much? I would think the variety of work and being "not just another faceless employee" would mean they'd be able to vent their anger in a different way - "the boss" isn't in company HQ 3000 miles away, and all your problems have faces on them instead of policy names.

Re:Disgruntled sysadmins? (4, Insightful)

nighty5 (615965) | more than 6 years ago | (#21967870)

The problem is, the common threat for most organisations is that an employee only needs full access to only one or a couple of critical assets, not all systems.

I've been in security for over 10 years and I tell you know, if you have an employee with enough access and dedication to bring down the company down to its knees, they will probably succeed.

IT policies and practices won't save a company against criminal activity, the law handles that just fine.

The biggest threat is phyiscal damage of assets (1)

Shivetya (243324) | more than 6 years ago | (#21968590)

I bet in most companies one baseball bat could bring most companies to their knees.

Why resort to a "logic bomb" which they will know who did it to just being direct?

Don't think so, many places I have been I could appear as a Heating and Cooling worker, electrician, or even trash disposal, and get unescorted access into the data center. All the security in the world doesn't do diddly when half of the IT department will let you in with "can you let me back in, my buddy can't hear me over the fans"

Re:Disgruntled sysadmins? (1)

jollyreaper (513215) | more than 6 years ago | (#21967940)

In my mind, this means that you should always have more than one admin, never giving anybody absolute authority over ALL systems. With offsite backups and redundant systems, the damage any single admin could do would be minimal. Maybe costly in terms of downtime, but nothing that's going to grind your business to a halt. Just as in government, there needs to be checks and balances. Giving a single admin too much power is a very bad idea.
There's the way things should be done and the way things are done. For a company of this size, the story should be a non-issue, even if the sabotage was successful. "Pull the binder for disaster scenario 454 off the shelf, start at step 1." Maybe lose a day or two getting the restores in place, no problem. But what's the reality? Probably something more like "Gee, I think we might have the backup from two months ago. Yeah, we needed more tapes, more SAN's, whatever, but the board wouldn't approve our budget."

There's also the case of smaller companies who cannot afford to pay two sysadmins, you get these single points of failure that you cannot afford to fix. Of course, perspectives change when the failure happens and the fix is ten times what prevention would have cost but hindsight is always 20/20.

Re:Disgruntled sysadmins? (1)

isa-kuruption (317695) | more than 6 years ago | (#21968180)

Well, it goes deeper than just doing restores. Medco Health is a provider of prescription benefits management and a mail order pharmacy (see their website). It's likely that the result of a 2 or even 3 day outage of these systems would have affected their ability to deliver drugs to customers and the ability of brick-n-mortar pharmacies to process prescriptions. So, yes, while a recovery plan was most likely in place, you can't explain to the family of someone who died that they couldn't get their prescription due to the inability to process their prescription card.

Re:Disgruntled sysadmins? (1)

jhol13 (1087781) | more than 6 years ago | (#21968614)

How you can ensure that the data on the backups is not tampered?

If I were on IT and wanted to make maximum damage I would slowly and little by little corrupt financial databases, over a very long time (the longer the better).

Then just wait for a year and then the next 10-K, make a hint of SOx error and ...

Re:Disgruntled sysadmins? (1)

vegiVamp (518171) | more than 6 years ago | (#21968674)

> we're talking about your PROFESSIONAL REPUTATION here. This guy's never gonna work in IT again.

Yeah, but only because he was sloppy :-)

Desperation? Revenge? (1)

AndGodSed (968378) | more than 6 years ago | (#21968730)

From TFA: Sentencing records also show that Lin began trading e-mails with his co-workers that September, discussing the anticipated layoffs. Then, in October, he sent an e-mail saying he was unsure whether he would survive the upcoming layoffs.

Desperation can make a dude do stupid things. Revenge coupled with an anticipated wrong is even worse.

Also:

The logic bomb initially was set up to be triggered on April 23, 2004 -- Lin's birthday -- but it failed to launch because of a coding error. In September 2004, Lin changed the code to fix the error and reset it to deploy on April 23, 2005.

During the sentencing hearing today, Lin's attorney argued that his client simply made a mistake. Liebermann, however, argued that this was far from a mistake. "We said a mistake is something you make once," he said. "You fly off the handle and make a mistake. He had from October 2003 to January 2005 to wipe it out and he didn't."


1. For once a coding error was A GOOD THING.
2. I agree with Liebermann's argument.
3. I wonder if a Psyche profile was done on this guy, he seems to be borderline... something...

I don't get this... (5, Insightful)

Corporate Troll (537873) | more than 6 years ago | (#21967686)

Why so destructive? I would be way more effective to place a "corrupter" on the network. Instead of destroying the data, let it gradually corrupt the data. Way more damage, and probably much harder to recover from with backups.

Re:I don't get this... (4, Insightful)

FuzzyDaddy (584528) | more than 6 years ago | (#21968130)

You're missing the psychology of the situation. He wanted everyone in the company in a complete panic at once, so they would be really sorry they laid off poor old Andy Lin. It wasn't the damage, it was the psychological effect he was looking for.

Re:I don't get this... (1)

Corporate Troll (537873) | more than 6 years ago | (#21968186)

Guess I tend to think that data is more important that people ;-) You don't do these kinds of stunts in order to make them re-hire you.

Re:I don't get this... (4, Funny)

morgan_greywolf (835522) | more than 6 years ago | (#21968586)

Or replace or, in open source systems, edit the NIC driver(s). Have it change random bits in the packets. They'll probably spend WEEKS trying to track THAT down. :-D

Re: (4, Funny)

Anonymous Coward | more than 6 years ago | (#21967688)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
2.5 years, apparently.

seems fair, but... (1)

nguy (1207026) | more than 6 years ago | (#21967710)

In principle, this seems fair, but I worry that courts simply aren't up to distinguishing deliberate acts of sabotage from perfectly legitimate behavior. That is, I don't like courts having the power to impose stiff sentences for "computer crime" because I think courts and juries simply aren't up to determining reliably when a computer crime has been committed, and until they are, they shouldn't have that power.

Re:seems fair, but... (5, Insightful)

demonlapin (527802) | more than 6 years ago | (#21967902)

I'm an anesthesiologist. It's virtually impossible for judges and the lay public to determine, really, whether I committed malpractice (absent blatantly criminal acts). In fact, most doctors would probably need a fair amount of exposition to determine whether or not I committed malpractice (as I would, in turn, if faced with a case from another specialty). And yet we are judged by twelve people who could not escape jury duty. Yes, I'd prefer if I were judged only by my colleagues, and so would you. But if that were the case, nobody would ever trust us. It's the price you pay for having a society.

Re:seems fair, but... (1)

xSauronx (608805) | more than 6 years ago | (#21968282)

Well now *I* don't trust you!

Re:seems fair, but... (3, Informative)

MMC Monster (602931) | more than 6 years ago | (#21968370)

IANAAIAAC (I am not an anesthesiologist, I am a cardiologist), and I agree.

There are things that you really need a great deal of training to understand, that expert witnesses cannot really stress to a jury. When I get sued for malpractice, I would much rather have a jury of my peers and a physician-judge than 12 guys that were picked up off the street, with jury selection involving a prosecuting attorney that wants to get all the educated individuals eliminated from the jury pool.

Re:seems fair, but... (1)

JaredOfEuropa (526365) | more than 6 years ago | (#21968090)

[...] I think courts and juries simply aren't up to determining reliably when a computer crime has been committed, and until they are, they shouldn't have that power.
How is this any different from complex fiscal issues, medical malpractise cases, or claims arising from alleged building construction errors? Courts and jurors are no experts in any of these fields, that's why they (or rather, the plaintiff and defense) bring in expert witnesses.

I suppose that you could fairly assert that the law itself in many countries is not (yet) adequately equiped to distinguish between deliberate sabotage and legitimate or msotly harmless acts. For instance, The first Dutch law on computer crime and cracking made it a felony to change someone else's electric alarm clock. But these laws have been greatly improved since, and I daresay that they can adequately distinguish between lawful acts and sabotage in case a disgruntled sysop decides to wipe the servers and backups.

Here's my logic bomb! (0, Offtopic)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#21967716)

1. Imagine an internet news site defined as the greatest conceivable news site: no dupes, no bad summaries, no typos, no goatse or gnaa or other tired cliches.
2. It is greater to exist in reality than merely in imagination.
3. If this perfect news site did not exist, then you could have an idea of an even greater new site - one which did exist.
4. In that case the perfect site in your imagination would not be perfect: a logical contradiction.
5. So this perfect news site must exist in reality.
6. ???
7. Profit!

Re:Here's my logic bomb! (2, Insightful)

somersault (912633) | more than 6 years ago | (#21967816)

It probably does exist, but then you get people like you coming along and posting off-topic that ruin it ;)

Re:Here's my logic bomb! (1)

defile39 (592628) | more than 6 years ago | (#21968018)

Does it increase or decrease my geek status that I get your Cartesian proof of the existence of God reference?

Re:Here's my logic bomb! (1)

Tony Hoyle (11698) | more than 6 years ago | (#21968530)

Step 3 is incorrect. You already established it's impossible for you to have merely the idea of the perfect internet news site, as only an existing one could be perfect. Therefore the following steps are wrong also.

a logic bomb? (5, Funny)

theheadlessrabbit (1022587) | more than 6 years ago | (#21967722)

so would everyone in the blast radius of this 'logic bomb' be hit with a blast of reason and common sense?
would those affected begin acting rationally?
maybe the courts would wake up and start letting the common people win for a change.
i think we need more of these logic bombs.

live long and prosper, logic bomber...

Re:a logic bomb? (2, Funny)

Loibisch (964797) | more than 6 years ago | (#21967764)

No, they would start thinking in terms of 'AND', 'OR' and 'NOT'...what you are thinking about is a reason bomb, or even better a 'smart bomb' :)

Re:a logic bomb? (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#21967876)

but if politicians think XOR, or NAND....what then?

Re:a logic bomb? (4, Insightful)

sm62704 (957197) | more than 6 years ago | (#21967880)

live long and prosper, logic bomber...

If it was financial data I might agree with you, but this guy destroyed medical records. How would you feel if all your medical records were destroyed? Especially if you were right in the middle of chemo, or radio, or treatment for AIDS?

This guy's sentence was not only just, I think it should have been longer. I have a freind in Dwight Correctional Center [slashdot.org] (a maximum security women's prison in Illinois) for selling a couple of joints to an undercover cop. Are you telling me that destroying medical records is less harmful that marijuana?

Re:a logic bomb? (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#21968054)

I actually agree with you fully on that one.
my mother went through chemo a few years ago, and if some little shit had erased her records part way through and caused her any harm, I would have been very upset/angry.

I was referring to a user of my fictional 'logic bomb' that would blast people with logic.

inject people with the logic to realize that whatever personal vendetta you might have with your company, it is not worth jeopardizing thousands of lives to 'get eve'.
enough logic to allow law makers and law enforcement to see that weed should be decriminalized. Give people a ticket, make possession of weed the equivalent of speeding. (it was like that for a few months in my country, but then we caved due to pressures from your country)

Isn't being disgruntled... (4, Funny)

Billosaur (927319) | more than 6 years ago | (#21967730)

...part of a sysadmin's job description?

Going Sysadmin (1)

sm62704 (957197) | more than 6 years ago | (#21967736)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?

I, for one, would rather see dead servers than dead people. And, to put things in a different perspcctive, a friend's brother spent five years in a federal prison in the 1980s for loaning money to a dope dealer; the charge was "conspiracy to distribute cocaine".

What does more damage, loaning monsy to a drug dealer or wiping hundreds of people's medical records? If it had been financial data I might be a bit more sympathetic to the dumbass suicide logic bomber, but I know I'd be pissed if all my medical records were lost.

Re:Going Sysadmin (3, Informative)

isa-kuruption (317695) | more than 6 years ago | (#21967924)

Yes, but in this case, we are talking about dead people.

The result of the bomb on the server infrastructure would have caused patients to not have their life-saving prescriptions delivered thus putting their health at risk. So, if it had gone off, it is possible there could have been deaths due to his actions.

Re:Going Sysadmin (1)

Tony Hoyle (11698) | more than 6 years ago | (#21968622)

Unlikely. People with life saving prescriptions usually make sure they're up to date a couple of weeks in advance (some of the stuff I take has horrid withdrawl symptoms and I mustn't go more than a day without it - I'm always at least a week in advance of it, since remember doctors/pharmacies don't work weekends and holidays so you're out of contact at least 2 days a week anyway). For those that 'forgot' there are emergency procedures, where a pharmacist can issue a drug without prescription given sufficient proof that the drug is required immediately (I've seen this done several times with asthma patients that forget their inhalers. Turning blue in the chemist is apparently sufficient proof :p).

Basically, the system isn't that finely balanced that a day or two without a central system would kill people. It would be inconvenient, and all non-urgent prescriptions would just have to wait, but not life threatening.

Dead man switch (5, Insightful)

INeededALogin (771371) | more than 6 years ago | (#21967776)

We all have thought about planting a Dead Man Switch [wikipedia.org] . The difference between us and this guy is the same difference between saying you want to kill someone and actually doing it. This guy sucks and deserves prison and to be banned from the workplace. As a Unix Engineer who has survived and been part of layoffs in the past, this type of person is not fair to the rest of the team. If you aren't gonna be the best, don't put scripts in place to punish the people that are.

The saving grace in this case was not the guy who found the script(he of course milked it for what it was worth), but the fact that this guy did things half-assed. His original script had a bug in it(not tested)... these are the same reasons that he probably lost his job to the better people on the team when the cuts came.

Label me a troll if you want... but this guy was trash and is where he belongs.

Re:Dead man switch (1)

Critical Facilities (850111) | more than 6 years ago | (#21967956)

the fact that this guy did things half-assed. His original script had a bug in it(not tested)...


Not only that, the loser had the "D Day" set to his own birthday. I'm not condoning or defending this type of thing, but if you're going to do it, do it well and for crying out loud, don't leave a trail of friggin' bread crumbs leading right to you.

Re:Dead man switch (1)

Angst Badger (8636) | more than 6 years ago | (#21968156)

Honestly, getting off with 30 months and an $80k fine actually seems kind of light considering the hysteria that has surrounded this kind of thing in recent years. He's lucky he didn't end up being convicted under the draconian "terrorism" statutes that can now be applied to computer crimes. And while I have a certain perverse sympathy for revenge tactics, the fact is that these were medical insurance systems, and the loss of data wouldn't have just hurt the company, it would have hurt customers who depended on the company for their medical care. That's just not cool.

Re:Dead man switch (0)

Anonymous Coward | more than 6 years ago | (#21968158)

these are the same reasons that he probably lost his job to the better people on the team when the cuts came.



According to the fine article, Lin did NOT lose his job. It appears he was afraid that he would lose his job and so placed the logic bomb...


Re:Dead man switch (1)

sammy baby (14909) | more than 6 years ago | (#21968564)

If you aren't gonna be the best, don't put scripts in place to punish the people that are.


I don't want to take issue with the main gist of your post, with which I agree 100%. But I think it would be a mistake to assume that surviving a round of layoffs necessarily means that you're one of "the best." I've seen plenty of competent folks get laid off while incompetent ones stay on for one reason or another.

Bugs cost for real (2, Insightful)

carnalforge (1207648) | more than 6 years ago | (#21967784)

Of course only if the gulty one is not a company.

wow, that's harsh (4, Interesting)

jollyreaper (513215) | more than 6 years ago | (#21967840)

I would like to give this admin credit for not just walking into the place with a high-powered assault rifle and shooting at random.

I've heard some tales of the disgruntled from back in the day. The most common "I quit" sabotage was taking the reel-to-reel's from the library and dumping them in a sink with water. But the worst worst worst one I heard of, one that could even be an urban legend because of how evil it is, it was the revenge of an angry admin who wanted the company to pay dearly for the evils visited upon him. He sets up this program that doesn't run until several months after he leaves the company. Note, this is back in the days of tapes and computer operators who worked the night shift and moved the tapes from one drive to another, 1970-somethings. Anyway, what his program did was step through EVERY tape in the library. He shuffled it in a random order so nobody would become suspicious. The operator just follows the prompting on his terminal, never the wiser. By the time the sequence is complete, every tape has been erased. As the story goes, the company had no offsite backups and was ruined.

Revenge fantasies are fun but seriously, a job is a job. If you go out in a blaze of glory at one, it will make finding the next one a lot more difficult, especially with a felony on your record. But I guess if he was thinking clearly we wouldn't be reading about this in the first place.

Re:wow, that's harsh (5, Insightful)

greenfield (226319) | more than 6 years ago | (#21968768)

I would like to give this admin credit for not just walking into the place with a high-powered assault rifle and shooting at random.
I wouldn't. I think a minimum qualification for participating in our society is knowing that "walking into a place with a high-powered assault rifle and shooting at random" is wrong. What's next? Giving people credit for not spitting on people who annoy them?

I have been angry at work. I took a more reasonable approach: I quit and found a different job.

Probably never (2, Funny)

bickle (101226) | more than 6 years ago | (#21967842)

"How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?"

First, people would need to know they exist. Second, they'd need a vague, rudimentary knowledge of what a sysadmin does.

So, probably never.

life imprisonment for failing to accept reality (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21967850)

'living' is not free when it costs the lives/well being of others. let yOUR conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.yahoo.com/s/ap/20071229/ap_on_sc/ye_climate_records;_ylt=A0WTcVgednZHP2gB9wms0NUE [yahoo.com]

http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A [nytimes.com]

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying [google.com]

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html [cnn.com]

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html [cnn.com]

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html [cnn.com]

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece [timesonline.co.uk]
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece [timesonline.co.uk]

Re:life imprisonment for failing to accept reality (0, Offtopic)

0100010001010011 (652467) | more than 6 years ago | (#21968132)

Ok, I've seen this in about every thread on slashdot for the last few weeks.

WTF does it mean? I mean I don't have a problem with people pushing a political agenda in Spam, but I have a hard enough time following the post. I think it's Anti-Bush, but then we have some stuff like Global Warming thrown in.

To the AC, clean up your wording and maybe more people will listen.

Sophisticated Attack (1)

conureman (748753) | more than 6 years ago | (#21967854)

The code didn't work, but Lin took the bold precaution of not properly labeling it as "maliciouscode.exe". Save the children!

Go easy on a fellow geek. (0)

Anonymous Coward | more than 6 years ago | (#21967934)

"How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?"

About the same amount of time it takes to say that the sentence was too harsh.

How long will it take? (1)

cgenman (325138) | more than 6 years ago | (#21968006)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?

Exactly as long as it takes for someone at ABC to go postal and delete Barbara Walter's files.

Can't fire me (1)

Thelasko (1196535) | more than 6 years ago | (#21968048)

You can't fire me! Because I removed this from the transmitter and only I know where it goes.

Logic Bomb (1)

xirtap (955611) | more than 6 years ago | (#21968056)

This sounds like something out of a bad movie. "Oh no, I found a logic bomb on one of the servers, what do we do?" "Well a logic bomb will try to explode itself and take out all the files! If we reconfigure it, we *may* be able to make it implode on it's own files!" "Oh MacGruber, is there nothing you can't do?"

Re:Logic Bomb (1)

Tony Hoyle (11698) | more than 6 years ago | (#21968710)

Isn't that a Stargate Atlantis plot? The one I watched last night in fact..

Scary.

life-threatening? (3, Interesting)

sholden (12227) | more than 6 years ago | (#21968152)

"""
Liebermann noted that if the bomb had taken down Medco's network, people using a Medco prescription card would not have been able to fill any new prescriptions. "That could be very serious, maybe even life-threatening, depending on the need for that medication," Liebermann said.
"""

So what happens when they have a network failure for some other reason? Bad hardware, power outage, building fire, comet impact...

God wanted you to die. (0, Troll)

FatSean (18753) | more than 6 years ago | (#21968468)

'Act of god' or whatever. They will never take responsibility, only your money.

Re:life-threatening? (1)

isa-kuruption (317695) | more than 6 years ago | (#21968510)

Redundant systems, geographically dispersed disaster recovery sites... solves that problem. Doesn't solve the system administrator problem, who most likely sysadmins both the primary and disaster recovery sites.

Malfunctioning DRM and other logic bombs (4, Insightful)

dpbsmith (263124) | more than 6 years ago | (#21968220)

Faulty DRM and "software activation" schemes are logic bombs, too.

There is of course a a very important difference, in that they are not intended to do anything but enforce the bombers' legal rights. Or, at any rate, what the bombers credibly believe to be their legal rights.

But when a malfunctioning Microsoft server trips the "kill" switch on legitimate copies of Vista, I think it's fair to call that a logic bomb of sorts.

No, I don't think Bill Gates should do 2.5 years of jail time, but it is disappointing that Microsoft was not held accountable for this beyond a few weeks' of mildly embarrassing publicity.

UNIxBOMBER? (0)

Anonymous Coward | more than 6 years ago | (#21968224)

UNIxBOMBER?

Disgruntled sysadmins vs. disgruntled postmen (2)

aquatone282 (905179) | more than 6 years ago | (#21968256)

What, sysadmins show up with with a flash drive instead of a firearm?

Sounds about right (5, Insightful)

Sounder40 (243087) | more than 6 years ago | (#21968326)

The story's author and the prosecuting attorney point out that this involved risk to patients and not just a company's finances. However, I think it's simpler than that: If I worked at, say, a guitar shop, and I took a hammer to the guitars in the shop, that's destruction of the shop's assets. For Medco, their assets include the customer/patient data. Destruction of the assets is a crime. Whether it was done with a computer or a hammer is insignificant.

On a separate subject entirely, that ComputerWorld web page is exactly what's gone wrong with the web: The content I wanted to see (the article) is spread out over three pages, and each page only contains approx. 10% of the content I want to see. The other 90% of the page contains shit, and probably blinky shit if I wasn't using Firefox and Adblock Plus. I don't know why web sites do that. Do they actually think they're adding value? Another one on the list of web sites to avoid...

It's all fun and games (0, Redundant)

MikeRT (947531) | more than 6 years ago | (#21968352)

Until a doctor needs that healthcare information, prescribes the wrong treatment, and ends up killing someone based on ignorance due to the records this bastard destroyed.

The bastard should've gotten the max sentence (1)

s_p_oneil (795792) | more than 6 years ago | (#21968372)

He's not just trying to hurt the company he works for, he's trying to hurt the millions of people impacted by the data loss. How much time and money would clients of this company waste trying to rebuild it? How many people may suffer, or perhaps even die, because they can't fill their prescriptions? Seriously, if there's a chance anyone could've died from it, they should've brought extra charges up for that, too.

Zeitgeist (1)

adamziegler (1082701) | more than 6 years ago | (#21968492)

Zeitgeist... really? Don't get me wrong... its fun to say and all, and can make one sound intelligent when ordering french fries but.... really?

Proficient? (1)

Rick Genter (315800) | more than 6 years ago | (#21968508)

From TFA:

Sentencing documents noted that in his role as systems administrator, Lin had access to Medco's network, which is made up of about 70 HP Unix servers, and that he was "proficient" in coding for them.


Obviously not...

Sorry, my bad (0)

Anonymous Coward | more than 6 years ago | (#21968552)

When I saw "logic bomb" I thought Slashdot had started covering the elections.

sysadmin in jail (0)

Anonymous Coward | more than 6 years ago | (#21968598)

He's gonna have a hard time protecting his backdoor.

How long? (2, Insightful)

KodaK (5477) | more than 6 years ago | (#21968628)

"How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?"

Well, I think first a sysadmin has to, you know, kill someone. This incident does not even remotely compare with postal shootings. I'm all for hyperbole, but, fuck, it has to be within a couple of orders of magnitude.

to answer your question... (1)

sammy baby (14909) | more than 6 years ago | (#21968646)

How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?


Just wait until someone dies because an important piece of their medical history was missing at a critical time. I think that'll get the ball rolling.

(And no, I'm not looking forward to that.)

hmmm (1)

Ogive17 (691899) | more than 6 years ago | (#21968786)

What would've been really cool is if the guy who found the code exclaimed "SOMEONE SET US UP THE LOGIC BOMB?!?!?"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?