1 / 16

Logic Bombs

Logic Bombs. What is a Logic Bomb?. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Criteria for “Logic Bombs”

gazit
Download Presentation

Logic Bombs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Logic Bombs

  2. What is a Logic Bomb? • A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

  3. Criteria for “Logic Bombs” • For code to be considered a ‘logic bomb’ the effects of the code should be unwanted and unknown to the software operator. • Trial software that expires after a certain time is generally not considered a logic bomb. • Piggybacking • Many viruses, worms, and other code that are malicious in nature, often carry a logic bomb that “detonates” under given conditions. This may help the code on it’s journey as it worms through your system undetected.

  4. A New Age of Crime • Robbery at gunpoint has become obsolete. Welcome to the new generation of crime. • Logic bombs for profit (monetary or otherwise) • Remote • No get-a-way car • Low fatality rate • Wile E. Coyote syndrome a thing of the past

  5. Emergence of logic bombs • Time Bombs • Detonates at a given time. • Most well-known version of the logic bomb. • Many of the first viruses released were time bombs. • Debuted in the 1980’s (Friday the 13th virus) • Michelangelo virus brought public focus to viruses due to media coverage.

  6. Attackers • Most of the time Logic bombs are placed in the system by insiders. • Such as: • Disgruntled employees • Corporate Spies • Also planted by remote users/systems

  7. Possible Triggers for Logic Bombs? • Lapses in time. • Specific dates. • Specific Commands • Specific Actions in Programs • “Still – there” logic bombs- Remain in the system with compromising effects. • Will run as instructed by its creator unless the creator deactivates it. • Payroll example.

  8. In October 2009, Douglas Duchak was terminated from his job as data analyst at the TSA’s Colorado Springs Operations Center. Surveillance cameras captured images of Duchak entering the facility after hours loading a logic bomb onto a CSOC server that stored data from the U.S. Marshals. In January 2011, Duchak was sentenced to two years prison, $60,587 in fines, and three years probation.

  9. At his sentencing, Duchak tearfully apologized as his lawyer noted that at the time of the incident, Duchak's wife was pregnant with their second child. The judge at the sentencing mentioned that this logic bomb planting "incident was an anomaly in an otherwise untarnished work history."

  10. Data Diddling

  11. Data Diddling sometimes called false data entry, involves alteration of existing data before or after it is entered into the computer and is extremely common. It is one of the easiest types of crimes to prevent by using access and accounting controls, supervision, auditing, separation of duties, and authorization limits. It is a form of active attack.

  12. Consider situations in which employees are able to falsify time cards before the data contained on the cards is entered into the computer for payroll computation. A timekeeping clerk in a 300-person company noticed that, although the data entered into the company's timekeeping and payroll systems included both the name and the employee number of each worker, the payroll system used only the employee's number to process payroll checks.

  13. There were no external safeguards or checks to audit the integrity of the data. She took advantage of this vulnerability and filled out forms for overtime hours for employees who usually worked overtime.

  14. Data Diddling

  15. Two employees of a utility company found that there was a time lapse of several days between when meter readings were entered into the computer and when the bills were printed. By changing the reading during this period, they were able to substantially reduce their electric bills and the bills of some of their friends and neighbors.

  16. Why should we be concerned? • Because these attacks should not occur. Operations should be set up in any organization to prevent and detect this type of crime--safeguards on data modification, audits of changed data to be sure it was modified with authorization, and so on.

More Related