In a recent article on Computerworld, it was reported that a former system administrator of Medco planted a logic bomb which was intended to cripple the company’s network. Medco deals with prescribing drugs and various other heath services. Due to the nature of this attack, the well-being of customers of Medco were put at risk. Fortunately, the logic bomb did not succeed, and it is reported that the first wave of the attack failed due to buggy code, and subsequent waves were detected and prevented before they could trigger. The former system administrator will now serve 30 months and has to pay $81,200 in damages.
It is mentioned that upcoming layoffs could have triggered the system administrator (Lin) to commit this offense. Medco had just been restructured, and layoffs had taken place, but Lin did not lose his job. However, there were more layoffs to come, so perhaps in anticipation, Lin planted the logic bomb. It is difficult to say if there could have been anything done to prevent this offense. Since Lin was a system administrator, it is difficult to stop or deter a person of this position if they are willing to commit such a serious offense. I think the best a company could do is respond to actions taken by employees by checking their work, but enforcing a system like this would be too pricey and time consuming to be plausible.
As mentioned before, the impact of this event, if it were successful, could have been very serious. People’s lives could have been lost due to lack of prescription drugs, and others could have been damaged for life potentially. One very difficult question to answer is, what should we do with people like Lin? What kind of punishment is suitable for the crime? Even though it was not successful, the intent to harm was always present. After Lin completes his sentence, should he be trusted to work with a company’s computer systems? Who knows if Lin will have learned his lesson, or if he will be even more upset and “out to get the world.” I would think it is safe to say that a company will never hire Lin to work on their computer systems with this kind of event on his record.