Upload
ccje-charley
View
28
Download
4
Embed Size (px)
Citation preview
Logic BombsBegnaen, Nicole A.Burigsay, Charley L.
What is a Logic Bomb? A program, or portion of a program, which lies
dormant until a specific piece of program
logic is
A program which produces results when
certain conditions are met that are
unexpected and unauthorized by legitimate
users or owners of the software.
How can it be activated? Database grows past a certain size
A users home directory is deleted.
Most common activator is a date.
The logic bomb checks the system date and
does nothing until a pre-programmed date
and time is reached
Logic bombs are deployed for a variety
of reason some of which are more
‘legitimate’ than others.
Another use of logic bombs is in the
deployment of viruses and worms.
The Purpose Of Logic Bombs
An employee could set one up to delete
his employer’s databases should he not be
able to enter a code at certain intervals,
thereby ensuring he extracts a level of
revenge should he ever get fired.
The Purpose Of Logic Bombs
How would one protect against Logical Bombs?
A Source Control System might expose a
suspicious modification on a script by a
developer who generally doesn’t need to
modify the particular file. IT may also detect
an inconsistency if the file changed without
going through the source control system.
Periodical Code Review is an expensive
option but can help avoid disaster. One
nightmare scenario for a company would be
that of a logical bomb being planted in the
software that the company ships to
customers.
How would one protect against Logical Bombs?
Segregation of duties is a system that might
offer some protection against logical
bombs. By having different employees
restricted to a specific task, a potential
attacker will have to expose himself to carry
out such an attack.
How would one protect against Logical Bombs?
Employing backups and an effective
disaster recovery plan is perhaps the
safest option. Should a logical bomb trigger
and delete datayou will want to have a
mechanism in place to revert as quickly as
possible and minimize the damage.
How would one protect against Logical Bombs?
Early Case of Logic Bombs
The Donald Burleson Case
Facts of the Case
Burleson worked for a security
brokerage and insurance company. One of
the first recorded cases of computer sabotage
in the nation.
Facts of the Case
In September 1987, Donald
Burleson, a 40-year-old programmer at the
Fort Worth based insurance company,
USPA, was fired for allegedly being
quarrelsome and difficult to work with.
Facts of the Case
Two days later, approximately 168,000
vital records erased themselves from the
company computers via “time bomb”.
A logic bomb had gone off, wreaking
havoc with the files that were the lifeblood of
USPA!
Facts of the Case
Burleson was caught after
investigators went back through several
years’ worth of system files. They found that
two years before he was fired Burleson had
planted a logic bomb which lay dormant until
he triggered it on the day of his dismissal
Facts of the Case
He became the first person in
America to be convicted of "harmful
access to a computer.
Burleson’s logic bomb deleted files on
his computer and then deleted itself.
Thank You!