Logic Bombs

Begnaen, Nicole A. Burigsay, Charley L.

What is a Logic Bomb?

A program, or portion of a program, which lies dormant until a specific piece of program logic is A program which produces results when certain conditions are met that are unexpected and unauthorized by legitimate

users or owners of the software.

How can it be activated?

Database grows past a certain size A users home directory is deleted. Most common activator is a date. The logic bomb checks the system date and does nothing until a pre-programmed date and time is reached

The Purpose Of Logic Bombs

Logic bombs are deployed for a variety
of reason some of which are more legitimate than others. Another use of logic bombs is in the deployment of viruses and worms.

The Purpose Of Logic Bombs

An employee could set one up to delete
his employers databases should he not be able to enter a code at certain intervals, thereby ensuring he extracts a level of revenge should he ever get fired.

How would one protect against Logical Bombs?

A Source Control System might expose a
suspicious modification on a script by a developer who generally doesnt need to modify the particular file. IT may also detect an inconsistency if the file changed without

going through the source control system.

How would one protect against Logical Bombs?

Periodical Code Review is an expensive option but can help avoid disaster. One nightmare scenario for a company would be that of a logical bomb being planted in the software that the company ships to

customers.

How would one protect against Logical Bombs?

Segregation of duties is a system that might
offer some protection against logical bombs. By having different employees restricted to a specific task, a potential attacker will have to expose himself to carry

out such an attack.

How would one protect against Logical Bombs?

Employing backups and an effective
disaster recovery plan is perhaps the safest option. Should a logical bomb trigger and delete datayou will want to have a mechanism in place to revert as quickly as

possible and minimize the damage.

Early Case of Logic Bombs

The Donald Burleson Case
Facts of the Case Burleson worked for a security brokerage and insurance company. One of the first recorded cases of computer sabotage in the

nation.

Facts of the Case

In September 1987, Donald Burleson,

a 40-year-old programmer at the Fort

Worth based insurance company, USPA, was fired for allegedly being quarrelsome

and difficult to work with.

Facts of the Case

Two days later, approximately 168,000

vital records erased themselves from the

company computers via time bomb. A logic bomb had gone off, wreaking havoc with the files that were the lifeblood of USPA!

Facts of the Case

Burleson was caught after investigators

went back through several years worth of

system files. They found that two years before he was fired Burleson had planted a

logic bomb which lay dormant until he

triggered it on the day of his dismissal

Facts of the Case

He became the first person in America to be convicted of "harmful access to a computer. Burlesons logic bomb deleted files

on his computer and then deleted itself.

Thank You!