Presentation is loading. Please wait.

Presentation is loading. Please wait.

Logic Bombs A presentation by David Kaczynski and Pedro Montoya CIS3460 Mike Burmester 2006.

Similar presentations

Presentation on theme: "Logic Bombs A presentation by David Kaczynski and Pedro Montoya CIS3460 Mike Burmester 2006."— Presentation transcript:

1 Logic Bombs A presentation by David Kaczynski and Pedro Montoya CIS3460 Mike Burmester 2006

2 A Brief Outline Definitions of Logic Bombs Forensics of Logic Bombs A Legal History of Logic Bombs

3 By Definition A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met (i.e. a trigger)

4 Types of Logic Bombs Time Bomb -uses a date or time as a trigger Worm -attempts to replicate itself onto other computers Trojan Horse -does not replicate to other computers -hides as normal program Trial Software -acceptable, non-malicious

5 The Trigger Employee’s name erased from payroll (most common example) A specified time and/or date The arrival onto a computer system The running of a program

6 So what is a logic bomb? Almost any piece of malevolent code that uses some form of logic as a trigger

7 Logic Bomb Forensics Protection against logic bombs Tracing Detecting

8 No Surefire Protection! Most attacks come from the INSIDE Keep secured logs of all code modifications Keep back-ups of all vital system information

9 Tracing Logic Bombs Searching - Even the most experienced programmers have trouble erasing all traces of their code Knowledge - Important to understand the underlying system functions, the hardware, the hardware/software/firmware/operating system interface, and the communications functions inside and outside the computer

10 More on Tracing Logon/logoff File deletes Rights changes All accesses of anything by superusers Failed logon attempts Unused accounts SU (Switch User) in Unix systems System reboots Remote accesses, in detail New User additions

11 Detection Static Analysis – examining the source code of a program VF1 – uses data flow techniques to statically determine names of files which a program can access Snitch – statically examines a program for duplication of operating system services Dynamic Analysis Dalek – a debugger which forms the basis for dynamic analyzer

12 Hot on the Trail Before investigation starts, make a working copy of the evidence Tools for data recovery, duplication and verification  ByteBack  DriveSpy  Encase

13 Motivation Why do malicious codes occur?

14 Behavior Personal and Social Frustrations – a history of problems with family/school/work. Authority negativity Computer Dependency – online activity replaces direct social life Ethical “Flexibility” – violations justified under the circumstances Reduced Loyalty – loyalty to profession instead of employer A Sense of Entitlement – special or owed recognition, privilege, or exceptions Lack of Empathy – what impact?

15 Typology Explorers – curious Good Samaritans – unaware of rule violations Hackers – looking for ego boost Machiavellians – advance their personal and career goals Exceptions – above the rules that apply Avengers – for revenge Career Thieves – money hungry Moles – espionage

16 Understanding Underreported – unknown how often these crimes occur Employee Screening – hacking histories? Personnel Changes – demotions, terminations and reassignments. Warning Signs – communicate

17 Computer Forensics

18 Famous Logic Bombs

19 1985 Donald Burleson USPA & IRA Burleson worked for a security brokerage and insurance company One of the first recorded cases of computer sabotage in the nation Days after his dismissal, some 168,000 records of commission sales were lost via a “time bomb” Burleson’s logic bomb deleted files on his computer and then deleted itself The deletion of files was traced to Burleson’s terminal to someone who used his password. He was found guilty after his alibi was shot down by witness and payment receipts

20 1992 Michael Lauffenburger General Dynamics Programmer Atlas Missile Program at Kearny Mesa plant outside of San Diego May 24, 2001 6:00PM was the trigger Fellow programmer caught the rogue code If executed, the logic bomb could delete memory, cause interference of government retrieval of information, and delete itself without a trace Lauffenburger’s goal was to resign beforehand and then get hired as a high-paid consultant Received a $5000 fine and three year’s probation The US’s first intercontinental ballistic missile (1959)

21 1998 Tony Xiaotong Yu Deutsche, Morgan, Grenfell, Inc. Hired as a computer specialist in 1996, became securities trader after writing program for bond traders Planted logic bomb with trigger set to July 2000 Programmer caught rogue code in 1998, took several months to clean-up Purely destructive motive, apparently. Logic bomb could have caused millions of dollars in damage Tony was caught when he was telling a friend what he did on a tapped phone line

22 2002 Roger Duronio UBS Paine Webber financial firm Duronio was a systems administrator on a $160,000 salary. Had a logic bomb in the works, but it wasn’t activated until his idea for a $175,000 salary was shot down. Resigned on 2-22-02, his logic bomb triggered on 3-4-02 Logic bomb caused more than $3,000,000 in damages, taking roughly 2,000 servers offline Duronio had bought $25,000 in put option stocks weeks before he quit without a history of buying put options beforehand

23 Roger Duronio’s Logic Bomb: A Four-Part Plan One part was the destructive portion, telling servers to delete all of their files Another part “pushed” the logic bomb to other servers, despite reboots and loss of power Duronio’s logic bomb had two triggers, in case one trigger was found and deleted

24 Crime Doesn’t Pay! There is no perfect crime DURONIO GOT

Download ppt "Logic Bombs A presentation by David Kaczynski and Pedro Montoya CIS3460 Mike Burmester 2006."

Similar presentations

Ads by Google