Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Mike,
The term logic bomb has been around for quite a while. I don't think the
intent was to make it sound like a terrorist act. The term really describe
the behaviour of the particular piece of code the consultant wrote. I
guess you could say the *nix command killall was created to make sysadmins
seem more malicious... :-)
There is a brief history of logic bombs on wikipedia:
http://en.wikipedia.org/wiki/Logic_bomb
Also, there is some mention of them in Swordfish and I think Hackers
also...
There are multiple ways to implement a logic bomb but you would have to
find the best one for your environment. You could setup a cron job but
this would be glaringly obvious to any decent sys-admin. You could setup a
daemon which also would probably be fairly obvious. Your application could
also have a sort of light-weight launcher that is attached to another
application that is already known to execute (for ex: apache). You would
have to be creative and have a basic understanding of writing a virus in
order to successfully hide your launcher. I'm sure you can google around
and you'll find a few more ways to implement such a device if you're
really interested.
What I find as interesting is the fact that any employee, much less a
contractor, had access to so many boxes. I would assume he had root access
or he was aware of a vulnerability that he was capable of exploiting with
his script in order to create this 'server-graveyard.' I can't imagine any
reason that any single individual would need access to every single
server (or even such a large number) within the company. Lack of action on
disabling his account was an obvious mistake but should he really have had
the level of access he did in the first place?
-Chad
On Sat, 7 Feb 2009, Mike Miller wrote:
> On Thu, 5 Feb 2009, Vern Green wrote:
>
>> And when things like this happen:
>>
>> http://www.itbusinessedge.com/cm/blogs/defrangesco/fannie-mae-hit-with-more-troubles-from-inside/?cs=30155&nr=MCS
>>
>> Well lets just say that if you are a service industry, you cannot do
>> things like this guy did, but even more than that, if you are a company
>> that is hiring people, then you need to make sure your termination plans
>> are solid and you do not forget things like this.
>
>
> Interesting story. I wonder what a "logic bomb" is. Maybe it's just a
> new way of using terminology to turn a computer program into something
> that sounds more like a terrorist attack. I'm not sure how many ways
> there are to do that kind of thing. I'd think it would be done either by
> starting a script that counts down or uses a while loop to check the date,
> or it would be done by a cron job. I'm guessing that a cron job was
> already scheduled to execute a script on 1/31 and he added some stuff to
> the end of that script (we do know he added something to the end of a
> script but not how he scheduled it to run on 1/31).
>
> Mike
>
> _______________________________________________
> discussion mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/discussion
>
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact