220 likes | 725 Views
Logic Bombs. What is a Logic Bomb?. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Criteria for “Logic Bombs”
E N D
What is a Logic Bomb? • A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Criteria for “Logic Bombs” • For code to be considered a ‘logic bomb’ the effects of the code should be unwanted and unknown to the software operator. • Trial software that expires after a certain time is generally not considered a logic bomb. • Piggybacking • Many viruses, worms, and other code that are malicious in nature, often carry a logic bomb that “detonates” under given conditions. This may help the code on it’s journey as it worms through your system undetected.
A New Age of Crime • Robbery at gunpoint has become obsolete. Welcome to the new generation of crime. • Logic bombs for profit (monetary or otherwise) • Remote • No get-a-way car • Low fatality rate • Wile E. Coyote syndrome a thing of the past
Emergence of logic bombs • Time Bombs • Detonates at a given time. • Most well-known version of the logic bomb. • Many of the first viruses released were time bombs. • Debuted in the 1980’s (Friday the 13th virus) • Michelangelo virus brought public focus to viruses due to media coverage.
Attackers • Most of the time Logic bombs are placed in the system by insiders. • Such as: • Disgruntled employees • Corporate Spies • Also planted by remote users/systems
Possible Triggers for Logic Bombs? • Lapses in time. • Specific dates. • Specific Commands • Specific Actions in Programs • “Still – there” logic bombs- Remain in the system with compromising effects. • Will run as instructed by its creator unless the creator deactivates it. • Payroll example.
In October 2009, Douglas Duchak was terminated from his job as data analyst at the TSA’s Colorado Springs Operations Center. Surveillance cameras captured images of Duchak entering the facility after hours loading a logic bomb onto a CSOC server that stored data from the U.S. Marshals. In January 2011, Duchak was sentenced to two years prison, $60,587 in fines, and three years probation.
At his sentencing, Duchak tearfully apologized as his lawyer noted that at the time of the incident, Duchak's wife was pregnant with their second child. The judge at the sentencing mentioned that this logic bomb planting "incident was an anomaly in an otherwise untarnished work history."
Data Diddling sometimes called false data entry, involves alteration of existing data before or after it is entered into the computer and is extremely common. It is one of the easiest types of crimes to prevent by using access and accounting controls, supervision, auditing, separation of duties, and authorization limits. It is a form of active attack.
Consider situations in which employees are able to falsify time cards before the data contained on the cards is entered into the computer for payroll computation. A timekeeping clerk in a 300-person company noticed that, although the data entered into the company's timekeeping and payroll systems included both the name and the employee number of each worker, the payroll system used only the employee's number to process payroll checks.
There were no external safeguards or checks to audit the integrity of the data. She took advantage of this vulnerability and filled out forms for overtime hours for employees who usually worked overtime.
Two employees of a utility company found that there was a time lapse of several days between when meter readings were entered into the computer and when the bills were printed. By changing the reading during this period, they were able to substantially reduce their electric bills and the bills of some of their friends and neighbors.
Why should we be concerned? • Because these attacks should not occur. Operations should be set up in any organization to prevent and detect this type of crime--safeguards on data modification, audits of changed data to be sure it was modified with authorization, and so on.