Julie Bort reports in Business Insider:
Tinley planted "logic bombs" in spreadsheets; malicious code that disrupt the program (at) a specific time on a specific date. The logic bombs were timed to go off every few years, causing the spreadsheet to experience glitches like error messages and making the on-screen buttons change sizes.When the program glitched, the company would bring Tinley back in to fix it. He fixed the system by pushing back the date the spreadsheets would stop working again.
We've heard of programmers who secretly automated their jobs, but here's a darker tale of a contract programmer who tried to force his employer to be dependent on him. Now, he's facing up to ten years in prison, as well as a fine of up to $250,000.
David Tinley, 62, pleaded guilty in federal court to a charge of intentional damage to a protected computer, the US Attorney's Office of the Western District of Pennsylvania said in a press release.
Tinley had been hired by a US unit of Siemens, the German-based tech conglomerate, to create custom, automated spreadsheets. The company used these spreadsheets to manage orders for electrical equipment. Tinley planted so-called "logic bombs" in the spreadsheets, the government alleged. Logic bombs are bits of malicious code that disrupt the program when specific conditions are met, like a specific time on a specific date.
In this case, the logic bombs were timed to go off every few years, the government alleges, causing the spreadsheet to experience glitches like error messages and making the on-screen buttons change sizes, according to a report from Law360. When the program glitched, the company would bring Tinley back in to fix it. He fixed the system by pushing back the date the spreadsheets would stop working again, the government said.
He was busted in 2016 when he was away on vacation and Siemens had to put an urgent order through the system which had begun glitching, according to the Law360 report. The circumstance reportedly forced Tinley to share with employees his passwords that protected the system's code - revealing the logic bomb.
Tinley's lawyers said that Tinley never made any money by being hired to go in and fix the spreadsheets, arguing that his motivation was to protect his proprietary work, according to Law360. Even so, prosecutors reportedly argued that the situation met the $5,000 in damages needed to label it a felony because Siemens spent about $42,000 on an investigation into the damages he may have caused.Tinley's plea included an agreement to pay restitution for those costs, as well as forfeiting two laptops, according to Law360. That's in addition to his sentencing, where he'll face the prospect of jail time and a fine.
It's not unusual for programmers found guilty of planting logic bombs to go to jail.
In 2008, a system administrator was sentenced to 30 months over his failed logic bomb at his employer Medco, after it was spun off of Merck and he feared being laid off, the Register reported at the time. The sysadmin pled guilty to planting the bomb, which was designed to delete a bunch of data after he left the company. Flaws in the way it was coded kept it from going off on time and he was caught after he tried to fix it, prosecutors alleged.
In 2018, an Atlanta judge sentenced a database programmer to two years in prison after he pled guilty to planting a logic bomb in the US Army's payroll databases, ZDNet reported. He planted the bomb after his employer lost the contract to continue managing those databases. This bomb did go off, deleting data that prevented US Army reservists from being paid and deployed on time. The army spent $2.6 million to investigate and repair their systems. They did restore all the data, and the man was ordered to pay $1.5 million in restitution in addition to jail time.
0 comments:
Post a Comment