Logic BombsBegnaen, Nicole A.Burigsay, Charley L.

What is a Logic Bomb? A program, or portion of a program, which lies

dormant until a specific piece of program

logic is

A program which produces results when

certain conditions are met that are

unexpected and unauthorized by legitimate

users or owners of the software.

How can it be activated? Database grows past a certain size

A users home directory is deleted.

Most common activator is a date.

The logic bomb checks the system date and

does nothing until a pre-programmed date

and time is reached

Logic bombs are deployed for a variety

of reason some of which are more

‘legitimate’ than others.

Another use of logic bombs is in the

deployment of viruses and worms.

The Purpose Of Logic Bombs

An employee could set one up to delete

his employer’s databases should he not be

able to enter a code at certain intervals,

thereby ensuring he extracts a level of

revenge should he ever get fired.

The Purpose Of Logic Bombs

How would one protect against Logical Bombs?

A Source Control System might expose a

suspicious modification on a script by a

developer who generally doesn’t need to

modify the particular file. IT may also detect

an inconsistency if the file changed without

going through the source control system.

Periodical Code Review is an expensive

option but can help avoid disaster. One

nightmare scenario for a company would be

that of a logical bomb being planted in the

software that the company ships to

customers.

How would one protect against Logical Bombs?

Segregation of duties is a system that might

offer some protection against logical

bombs. By having different employees

restricted to a specific task, a potential

attacker will have to expose himself to carry

out such an attack.

How would one protect against Logical Bombs?

Employing backups and an effective

disaster recovery plan is perhaps the

safest option. Should a logical bomb trigger

and delete datayou will want to have a

mechanism in place to revert as quickly as

possible and minimize the damage.

How would one protect against Logical Bombs?

Early Case of Logic Bombs

The Donald Burleson Case

Facts of the Case

Burleson worked for a security

brokerage and insurance company. One of

the first recorded cases of computer sabotage

in the nation.

Facts of the Case

In September 1987, Donald

Burleson, a 40-year-old programmer at the

Fort Worth based insurance company,

USPA, was fired for allegedly being

quarrelsome and difficult to work with.

Facts of the Case

Two days later, approximately 168,000

vital records erased themselves from the

company computers via “time bomb”. 

A logic bomb had gone off, wreaking

havoc with the files that were the lifeblood of

USPA!

Facts of the Case

Burleson was caught after

investigators went back through several

years’ worth of system files. They found that

two years before he was fired Burleson had

planted a logic bomb which lay dormant until

he triggered it on the day of his dismissal

Facts of the Case

He became the first person in

America to be convicted of "harmful

access to a computer.

Burleson’s logic bomb deleted files on

his computer and then deleted itself.

Thank You!