"Time bomb" hidden in code: developer sentenced
A programmer planted a code time bomb on his employer in case he was fired. It went off and he is probably going to prison.
(Image: W. Scott McGill / Shutterstock)
When US programmer Davis L. feared being fired, he planted malware in his employer's IT systems. The malicious code was supposed to become active as soon as his user account in the Active Directory was shut down. It happened as feared. Now L. has been convicted.
A jury at the US Federal District Court for Northern Ohio has found L. guilty of deliberately damaging protected computers. He faces up to ten years in prison. The specific sentence will be determined by the presiding judge at a later date. The defendant has basically confessed to the facts of the case, but considers himself not guilty as charged. He has announced an appeal against the guilty verdict.
Videos by heise
L. had been working for an international group based in Ohio and Ireland, which also has subsidiaries in Germany, since November 2007. In 2018, the man was demoted in the course of a restructuring. He then began sabotaging the employer.
The malicious code
According to the indictment (1:21-cr-00226), he installed endless program loops that made Java virtual machines unusable and prevented users from accessing servers. He is also alleged to have deleted profile files of colleagues.
Then there was the time bomb: this consisted of a routine called IsDLEnabledinAD (Is Davis L. activated in Active Director). It checked whether L.'s user account was still active. As soon as it was no longer active, the access of all other users was to be blocked. In fact, the employer terminated L. in September 2019 and deactivated his account in the Active Directory. As a result, the “code bomb” exploded and tens of thousands of users in several countries were unable to continue working. This caused considerable damage to the employer.
According to a statement from the US Department of Justice, the perpetrator also behaved in a different and unwise manner. When the employer demanded the return of the company laptop, the man is said to have deleted data from it. The course of the web search is said to have revealed that the programmer was looking for methods to improperly extend his access rights, hide software processes and delete files as quickly as possible.
- The indictment from the year 2021
(ds)
