Wednesday, January 09, 2008

System administrator convicted of logic bomb

"Medco sys admin gets 30 months for planting logic bomb” see story at http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9056284&intsrc=hm_list

Obviously there are several things going on here…

1) The dude was stupid and not a good programmer
2) While the media called the trick “sophisticated” it obviously wasn’t.
3) Medco doesn’t have a good system to monitor changes to their systems.  If nothing else, it should have caught the cron or at job the sys admin used to schedule the job
4) He got 30 months and then 2 years probation and not allowed to touch a computer while in jail - seems like a small punishment to me.

A related story (http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=cybercrime_and_hacking&articleId=9038218) is about his conviction.  The first story is his sentencing.  He was convicted in September and not sentenced until Jan 8th.  So much for timeliness in the judicial system!