A logic bomb is a specific kind of malware that is waiting for an event to occur before it is triggered. It is a piece of code intentionally inserted into the system that is set to go off once some specified conditions are met. Logic bombs don’t get to the system by themselves. Often installed by someone with high-level access.
Logic bombs are also sometimes called code bombs or slag code. Time bombs are a popular type of logic bomb that occurs when a particular date and time is reached. Others are User event which occurs when a certain event occurs.
The main objective of a logic bomb is to wreak havoc on the system, stealing or corrupting data, and deleting files, taking over the system, or completely clearing out hard drives.
A malicious attack is considered to be a logic bomb if it
- Lie dormant for a said amount of time.
- Have a payload that is unknown to the user.
- Is triggered by a specific condition.
It is usually difficult for antivirus or antimalware to automatically detect logic bombs because it does not follow any know signature pattern. It is also difficult to gather evidence because most logic bombs delete themselves once they have been executed.
Fannie Mae and the TSA are notable examples of unsuccessful logic bomb attempts in history.
In October 2008, Makwana an IT contractor at Fannie Mae’s planted a logic bomb that was set to wipe all the data on Fannie Mae 4000 servers. Makwana was caught and sentenced to 41 months in prison on 17 December 2010.
In October 2009, Douglas Duchak had his job as a data analyst with the Colorado Springs Operations Center (CSOC) of the U.S terminated. A few hours later, TSA surveillance cameras captured images of Duchak entering the facility to load a logic bomb onto a CSOC server that stored data from the U.S. Marshals. Duchak was sentenced to two years in prison, $60,587 in fines, and three years on probation In January 2011.
There are two famous examples of logic bomb attacks that were successfully carried out.
June 2006, a system administrator for UBS Group AG, Roger Duronio was charged with using a logic bomb to damage the company’s computer network, and with securities fraud for his failed plan to drive down the company’s stock with activation of the logic bomb. Duronio was convicted and sentenced to prison for 8 years and 1 month in addition he paid $3.1 million restitution to UBS Group.
July 2019, David Tinley, a contract employee for Siemens Corporation, pleaded guilty to programming logic bombs within the software he created for the corporation. The software was intentionally made to malfunction after a certain amount of time, requiring the company to hire him to fix it for a fee. The logic bombs went undetected for two years but were then discovered while he was out of town and had to hand over the administrative password to his software.
Due to the nature of how logic bombs operate, few precautionary measures should be taken to avoid falling prey to them.
- It is important to periodically scan all files.
- Use trusted antivirus software and keep it updated regularly.
- Don’t download anything you don’t know or trust.
- Avoid the use of pirated software.
- Keep the Operating system up to date.
- Don’t click on suspicious links or email attachments.
- Train employees regularly.
Have disaster recovery plans in place to deal with logic bomb attacks should incase it happens.