Medco sys admin gets 30 months for planting logic bomb

Attack could have lead to life-threatening situation for Medco prescription card carriers

A former systems administrator at Medco Health Solutions was sentenced to 30 months in federal prison this week for planting a logic bomb that could have taken down a corporate network that held customer health care information.

Yung-Hsun Lin, 51, who faced a maximum of 10 years in prison, pleaded guilty to one count of computer fraud in September. He was responsible for programming and maintaining the servers at Medco, where he worked from 1997 to 2005.

The court also ordered Lin to pay US$81,200 in restitution to the company, and to serve two years of supervised release after he completes his prison term. He was forbidden from working on computers during his prison time and supervised release as well.

This is believed to be the longest federal prison sentence for an attempted crime intended to damage a computer system, according to the US Attorney's Office.

"This case is unique in that it touches on the public health system," Assistant US Attorney Erez Liebermann told Computerworld. "Other logic bomb and intrusion cases have dealt mostly with money. Not to belittle that -- it's a very, very serious issue. But they hadn't risen to being a risk to human beings. ... A stiff sentence like this sends the message to companies that it's important to report these crimes, and when you do, the criminal justice system will take this seriously. When companies come forward with these crimes, it's worth their while, and if someone is caught, even in the attempt stage, they will get a stiff sentence."

Liebermann said that in court this morning, Lin, who is also known as Andy Lin, apologized to Medco, to his family and to the court.

The logic bomb, which was designed to delete "virtually all of the information" on about 70 Medco servers, was made up of malicious code that Lin wrote and planted in multiple scripts on the company network, according to court documents. It was designed to trigger at a certain time and date. That didn't happen, though. The first time the logic bomb was set to go off, a coding error kept it from working. And before the second time it was set to go off, one of Lin's own co-workers discovered the code hidden amidst a slew of other scripts and shut it down.

Finding the logic bomb was quite a feat, according to Liebermann, who called it a "sophisticated" attack. He explained that Lin used innocuous names to disguise the files holding the malicious code. He also went into the system's file properties and made it appear that they were old files and not something recently added that might need checking out.

However, Lin had another trick up his sleeve. He embedded different pieces of the malicious code in four different scripts. It would be difficult for an administrator to interpret it without seeing all of the malicious code together; he would have to look at the different scripts to get a real sense that something malicious was going on, Liebermann said.

"On January 1, 2005, a Medco employee was working on another problem," Liebermann said. "He went to check it and saw a call to another script, and that script has a call to another script. He did a great job and dug all the way down and discovered the logic bomb."

Liebermann noted that if the bomb had taken down Medco's network, people using a Medco prescription card would not have been able to fill any new prescriptions. "That could be very serious, maybe even life-threatening, depending on the need for that medication," Liebermann said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sharon Gaudin

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?