1 / 14

Logic Bombs

Logic Bombs. Douglas Smith David Palmisano. What is a Logic Bomb?. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. . More on Logic Bombs. Criteria for “Logic Bombs”

aldis
Download Presentation

Logic Bombs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Logic Bombs Douglas Smith David Palmisano

  2. What is a Logic Bomb? • A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

  3. More on Logic Bombs • Criteria for “Logic Bombs” • For code to be considered a ‘logic bomb’ the effects of the code should be unwanted and unknown to the software operator. • Trial software that expires after a certain time is generally not considered a logic bomb. • Piggybacking • Many viruses, worms, and other code that are malicious in nature, often carry a logic bomb that “detonates” under given conditions. This may help the code on it’s journey as it worms through your system undetected.

  4. A New Age of Crime • Robbery at gunpoint has become obsolete. Welcome to the new generation of crime. • Logic bombs for profit (monetary or otherwise) • Remote • No get-a-way car • Low fatality rate • Wile E. Coyote syndrome a thing of the past

  5. Emergence of the Logic Bomb • Technology is directly proportional to the need for security. • The home computer was one of the greatest technological advancements since the wheel. • Word Processing • Pong • The Virus

  6. Emergence cont’d • Time Bombs • Detonates at a given time. • Most well-known version of the logic bomb. • Many of the first viruses released were time bombs. • Debuted in the 1980’s (Friday the 13th virus) • Michelangelo virus brought public focus to viruses due to media coverage.

  7. Attackers • Most of the time Logic bombs are placed in the system by insiders. • Such as: • Disgruntled employees • Corporate Spies • Also planted by remote users/systems

  8. Possible Triggers for Logic Bombs? • Lapses in time. • Specific dates. • Specific Commands • Specific Actions in Programs • “Still – there” logic bombs • Remain in the system with compromising effects. • Will run as instructed by its creator unless the creator deactivates it. • Payroll example.

  9. Historic Attacks • In June 1992, a defense contractor General Dynamics employee, Michael Lauffenburger, was arrested for inserting a logic bomb that would delete vital rocket project data. It was alleged that his plan was to return as a highly-paid consultant to fix the problem once it triggered. The bomb was stumbled on by another employee of the company. Lauffenburger was charged with computer tampering and attempted fraud and faced potential fines of $500,000 and jail-time ).

  10. Historic Attacks • In February 2000, Tony Xiaotong was indicted before a grand jury accused of planting a logic bomb during his employment as a programmer and securities trader at Deutche Morgan Grenfell. The bomb had a trigger date of July 2000, and was discovered by other programmers in the company. Removing and cleaning up after the bomb allegedly took several months.

  11. Victimization Prevention • Do not allow any one person universal access to your system. • Separation of duties • Always practice safe computing. Always use protection. AntiVirus software can significantly reduce the risk of contracting a virus which may contain a logic bomb. • New strains of logic bomb and virus programs are constantly being created. • Remember, if you believe your system may be compromised by another entity (programmer, software or other system). Get tested to prevent the transmission of dangerous code operations.

  12. Defenses for Bombs • Segregate operations from programming and testing. • Institute a carefully controlled process for moving code into production. • Give only operations staff write-access to production code. • Lock down your production code - source and executable – making it close to impossible for unauthorized people to modify programs. • Assign responsibility for specific production programs to named positions in operations. • Develop and maintain a list of authorized programmers who are allowed to request implementation of changes to production programs. • Require authorization from the authorized quality assurance officer before accepting changes to production. • Keep records of exactly which modifications were installed when, and at whose request.

  13. Defenses for Bombs • Use hash functions on entire files in the production library. • Recompute all hashes against a secure table to ensure that no one has altered production files without authorization and documentation. • Keep audit trails running at all times so that you can determine exactly which user modified which file and when. • If possible, ensure that audit trails include chained hash functions. That is, the checksum on each record (which must include a timestamp) is calculated not only on the basis of the record itself but also using as input the checksum from the previous record. Modifying such an audit trail is much more complicated than simply using a disk editor to alter data in one or two records. • Back up your audit files and keep them under high security.

  14. Bibliography • Kabay, M. E.. Network World Security Newsletter, August 21, 2002. http://www.networkworld.com/newsletters/sec/2002/01514405.html • Walder, Justin. Press Release, December 17, 2002. http://www.usdoj.gov/criminal/cybercrime/duronioIndict.htm • Answers.com. Logic bombs:Definition and Much More from Answers.com. http://www.answers.com/topic/logic-bomb

More Related