logic bombs l.
Skip this Video
Loading SlideShow in 5 Seconds..
Logic Bombs PowerPoint Presentation
Download Presentation
Logic Bombs

Loading in 2 Seconds...

play fullscreen
1 / 24

Logic Bombs - PowerPoint PPT Presentation

  • Uploaded on

Logic Bombs. A presentation by David Kaczynski and Pedro Montoya. CIS3460 Mike Burmester 2006. A Brief Outline. Definitions of Logic Bombs Forensics of Logic Bombs A Legal History of Logic Bombs. By Definition. A logic bomb is a piece of code intentionally

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Logic Bombs' - daniel_millan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
logic bombs

Logic Bombs

A presentation by David Kaczynski

and Pedro Montoya


Mike Burmester


a brief outline
A Brief Outline
  • Definitions of Logic Bombs
  • Forensics of Logic Bombs
  • A Legal History of Logic Bombs

By Definition

A logic bomb is a piece of code intentionally

inserted into a software system that will set off a

malicious function when specified conditions are

met (i.e. a trigger)


Types of Logic Bombs

  • Time Bomb
  • -uses a date or time as a trigger
  • Worm
  • -attempts to replicate itself onto other computers
  • Trojan Horse
  • -does not replicate to other computers
  • -hides as normal program
  • Trial Software
  • -acceptable, non-malicious

The Trigger

  • Employee’s name erased from payroll
  • (most common example)
  • A specified time and/or date
  • The arrival onto a computer system
  • The running of a program

So what is a

logic bomb?

Almost any piece of malevolent code that

uses some form of logic as a trigger


Logic Bomb Forensics

  • Protection against logic bombs
  • Tracing
  • Detecting

No Surefire


  • Most attacks come from the INSIDE
  • Keep secured logs of all code modifications
  • Keep back-ups of all vital system information

Tracing Logic Bombs

  • Searching - Even the most experienced programmers have trouble erasing all traces of their code
  • Knowledge - Important to understand the underlying system functions, the hardware, the hardware/software/firmware/operating system interface, and the communications functions inside and outside the computer

More on Tracing

  • Logon/logoff
  • File deletes
  • Rights changes
  • All accesses of anything by superusers
  • Failed logon attempts
  • Unused accounts
  • SU (Switch User) in Unix systems
  • System reboots
  • Remote accesses, in detail
  • New User additions


  • Static Analysis – examining the source code of a program
    • VF1 – uses data flow techniques to statically determine names of files which a program can access
    • Snitch – statically examines a program for duplication of operating system services
  • Dynamic Analysis
    • Dalek – a debugger which forms the basis for dynamic analyzer

Hot on the Trail

  • Before investigation starts, make a working copy of the evidence
  • Tools for data recovery, duplication and verification
    • ByteBack
    • DriveSpy
    • Encase


  • Why do malicious codes occur?


  • Personal and Social Frustrations – a history of problems with family/school/work. Authority negativity
  • Computer Dependency – online activity replaces direct social life
  • Ethical “Flexibility” – violations justified under the circumstances
  • Reduced Loyalty – loyalty to profession instead of employer
  • A Sense of Entitlement – special or owed recognition, privilege, or exceptions
  • Lack of Empathy – what impact?


  • Explorers – curious
  • Good Samaritans – unaware of rule violations
  • Hackers – looking for ego boost
  • Machiavellians – advance their personal and career goals
  • Exceptions – above the rules that apply
  • Avengers – for revenge
  • Career Thieves – money hungry
  • Moles – espionage


  • Underreported – unknown how often these crimes occur
  • Employee Screening – hacking histories?
  • Personnel Changes – demotions, terminations and reassignments.
  • Warning Signs – communicate


Donald Burleson


  • Burleson worked for a security brokerage and insurance company
  • One of the first recorded cases of computer sabotage in the nation
  • Days after his dismissal, some 168,000 records of commission
  • sales were lost via a “time bomb”
  • Burleson’s logic bomb deleted files on his computer and then
  • deleted itself
  • The deletion of files was traced to Burleson’s terminal to
  • someone who used his password. He was found guilty after his
  • alibi was shot down by witness and payment receipts


Michael Lauffenburger

General Dynamics Programmer

  • Atlas Missile Program at Kearny Mesa plant
  • outside of San Diego
  • May 24, 2001 6:00PM was the trigger
  • Fellow programmer caught the rogue code
  • If executed, the logic bomb could delete memory, cause
  • interference of government retrieval of information, and delete
  • itself without a trace
  • Lauffenburger’s goal was to resign beforehand and then get hired
  • as a high-paid consultant
  • Received a $5000 fine and three year’s probation

The US’s first intercontinental ballistic missile (1959)



Tony Xiaotong Yu

Deutsche, Morgan, Grenfell, Inc.

  • Hired as a computer specialist in 1996, became securities trader
  • after writing program for bond traders
  • Planted logic bomb with trigger set to July 2000
  • Programmer caught rogue code in 1998, took several months to
  • clean-up
  • Purely destructive motive, apparently. Logic bomb could have
  • caused millions of dollars in damage
  • Tony was caught when he was telling a friend what he did on a
  • tapped phone line


Roger Duronio

UBS Paine Webber financial firm

  • Duronio was a systems administrator on a $160,000 salary.
  • Had a logic bomb in the works, but it wasn’t activated until his
  • idea for a $175,000 salary was shot down.
  • Resigned on 2-22-02, his logic bomb triggered on 3-4-02
  • Logic bomb caused more than $3,000,000 in damages, taking
  • roughly 2,000 servers offline
  • Duronio had bought $25,000 in put option stocks weeks before
  • he quit without a history of buying put options beforehand

Roger Duronio’s Logic Bomb:

A Four-Part Plan

  • One part was the destructive portion, telling servers to delete
  • all of their files
  • Another part “pushed” the logic bomb to other servers, despite
  • reboots and loss of power
  • Duronio’s logic bomb had two triggers, in case one trigger was
  • found and deleted

Crime Doesn’t Pay!

There is no perfect crime