1 / 24

Logic Bombs

Logic Bombs. A presentation by David Kaczynski and Pedro Montoya. CIS3460 Mike Burmester 2006. A Brief Outline. Definitions of Logic Bombs Forensics of Logic Bombs A Legal History of Logic Bombs. By Definition. A logic bomb is a piece of code intentionally

daniel_millan
Download Presentation

Logic Bombs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Logic Bombs A presentation by David Kaczynski and Pedro Montoya CIS3460 Mike Burmester 2006

  2. A Brief Outline • Definitions of Logic Bombs • Forensics of Logic Bombs • A Legal History of Logic Bombs

  3. By Definition A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met (i.e. a trigger)

  4. Types of Logic Bombs • Time Bomb • -uses a date or time as a trigger • Worm • -attempts to replicate itself onto other computers • Trojan Horse • -does not replicate to other computers • -hides as normal program • Trial Software • -acceptable, non-malicious

  5. The Trigger • Employee’s name erased from payroll • (most common example) • A specified time and/or date • The arrival onto a computer system • The running of a program

  6. So what is a logic bomb? Almost any piece of malevolent code that uses some form of logic as a trigger

  7. Logic Bomb Forensics • Protection against logic bombs • Tracing • Detecting

  8. No Surefire Protection! • Most attacks come from the INSIDE • Keep secured logs of all code modifications • Keep back-ups of all vital system information

  9. Tracing Logic Bombs • Searching - Even the most experienced programmers have trouble erasing all traces of their code • Knowledge - Important to understand the underlying system functions, the hardware, the hardware/software/firmware/operating system interface, and the communications functions inside and outside the computer

  10. More on Tracing • Logon/logoff • File deletes • Rights changes • All accesses of anything by superusers • Failed logon attempts • Unused accounts • SU (Switch User) in Unix systems • System reboots • Remote accesses, in detail • New User additions

  11. Detection • Static Analysis – examining the source code of a program • VF1 – uses data flow techniques to statically determine names of files which a program can access • Snitch – statically examines a program for duplication of operating system services • Dynamic Analysis • Dalek – a debugger which forms the basis for dynamic analyzer

  12. Hot on the Trail • Before investigation starts, make a working copy of the evidence • Tools for data recovery, duplication and verification • ByteBack • DriveSpy • Encase

  13. Motivation • Why do malicious codes occur?

  14. Behavior • Personal and Social Frustrations – a history of problems with family/school/work. Authority negativity • Computer Dependency – online activity replaces direct social life • Ethical “Flexibility” – violations justified under the circumstances • Reduced Loyalty – loyalty to profession instead of employer • A Sense of Entitlement – special or owed recognition, privilege, or exceptions • Lack of Empathy – what impact?

  15. Typology • Explorers – curious • Good Samaritans – unaware of rule violations • Hackers – looking for ego boost • Machiavellians – advance their personal and career goals • Exceptions – above the rules that apply • Avengers – for revenge • Career Thieves – money hungry • Moles – espionage

  16. Understanding • Underreported – unknown how often these crimes occur • Employee Screening – hacking histories? • Personnel Changes – demotions, terminations and reassignments. • Warning Signs – communicate

  17. Computer Forensics

  18. Famous Logic Bombs

  19. 1985 Donald Burleson USPA & IRA • Burleson worked for a security brokerage and insurance company • One of the first recorded cases of computer sabotage in the nation • Days after his dismissal, some 168,000 records of commission • sales were lost via a “time bomb” • Burleson’s logic bomb deleted files on his computer and then • deleted itself • The deletion of files was traced to Burleson’s terminal to • someone who used his password. He was found guilty after his • alibi was shot down by witness and payment receipts

  20. 1992 Michael Lauffenburger General Dynamics Programmer • Atlas Missile Program at Kearny Mesa plant • outside of San Diego • May 24, 2001 6:00PM was the trigger • Fellow programmer caught the rogue code • If executed, the logic bomb could delete memory, cause • interference of government retrieval of information, and delete • itself without a trace • Lauffenburger’s goal was to resign beforehand and then get hired • as a high-paid consultant • Received a $5000 fine and three year’s probation The US’s first intercontinental ballistic missile (1959)

  21. 1998 Tony Xiaotong Yu Deutsche, Morgan, Grenfell, Inc. • Hired as a computer specialist in 1996, became securities trader • after writing program for bond traders • Planted logic bomb with trigger set to July 2000 • Programmer caught rogue code in 1998, took several months to • clean-up • Purely destructive motive, apparently. Logic bomb could have • caused millions of dollars in damage • Tony was caught when he was telling a friend what he did on a • tapped phone line

  22. 2002 Roger Duronio UBS Paine Webber financial firm • Duronio was a systems administrator on a $160,000 salary. • Had a logic bomb in the works, but it wasn’t activated until his • idea for a $175,000 salary was shot down. • Resigned on 2-22-02, his logic bomb triggered on 3-4-02 • Logic bomb caused more than $3,000,000 in damages, taking • roughly 2,000 servers offline • Duronio had bought $25,000 in put option stocks weeks before • he quit without a history of buying put options beforehand

  23. Roger Duronio’s Logic Bomb: A Four-Part Plan • One part was the destructive portion, telling servers to delete • all of their files • Another part “pushed” the logic bomb to other servers, despite • reboots and loss of power • Duronio’s logic bomb had two triggers, in case one trigger was • found and deleted

  24. Crime Doesn’t Pay! There is no perfect crime DURONIO GOT

More Related