News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Michael R. Farnum's picture
Michael R. Farnum

Hitting the Security Nerve

More posts | Read bio

January 9, 2008 - 9:22 P.M.

The New Jersey Logic Bomb Case has some problems

3 comments

Have you have heard about the story of Yung-Hsun Lin, a former system administrator for Medco Health Systems? He thought he was going to get laid off in a merger, so he planted a logic bomb that was set to go off on his birthday (April 23, 2004) and destroy a Medco drug database. The logic bomb was discovered, and now he has been "sentenced to 30 months in federal prison by U.S. District Judge Jose Linares, who also ordered the former systems administrator to pay $81,200 in restitution to Medco Health Systems."

Seems clear, right? Well, not exactly. First off, according to the story, Lin created the bomb in October 2003. But he was never laid off. So why didn't he remove the bomb? Did he simply disable it (the story says it failed to detonate) and not remove it? I am not clear on the timeline, but either way I would think he would try to remove the evidence.

Second, it was set to go off on April 23, 2004, Li's birthday. Ignoring the stupidity of that move, why wasn't it discovered until the following January if this statement from Medco spokeswoman Jen Luddy is true?

“Medco has systems and controls in place to monitor its data-related assets and ensure their security. Medco detected and neutralized the activity ensuring the integrity of our systems.”

Rrrriiiight....

Third, what in the world is wrong with the US attorney up there? Read this statement:

The results of this prosecution send a message to systems administrators and employees...

OK, what in the $@%# does that mean?? He should have said it sends a message to criminals with malicious intent. Inferring that system admins and employees better mind their P's and Q's because the government is watching you is just stupid!

The article also quoted Tom Bennett, vice president of marketing for Raytheon Oakley Systems, as saying:

“There's a concept of ‘who's watching the watcher,' where in this case you have a gentleman who has privileged access, but there should be someone [monitoring him].”

I understand that point very well. But the US attorney's statement is coming from someone simply trying to make a name for himself by acting tough and trying to scare big, scary system admins. What a nincompoop.

What People Are Saying

Add new comment

Andy is an experienced IT

Submitted by No Name on January 11, 2008 - 4:26 P.M.

Andy is an experienced IT professional with 10 years on IBM mainframe and more than 10 years on UNIX platform, one of team leaders at Medco, and also the only one in the group earned a reward in the past years at Medco. In Sep. 2003, Medco was spun off from Merck, as an IPO company, and followed a big re-organization; the group lost almost half of the staff. In addition, he always tried his best to find ways to work smart to reduce his workload with great initiative and motivation. Andy was on call 7/24, sometimes, he would be up all night at the office during the week and weekend. He would start work at 6am in order to go home earlier to take care of his kids. He used to work in the early morning under a heavy snow storm, his car turned around 180 degree on a slippery road and almost got in a serious car accident. Due to his excellent performance and work ethic, he always received an “Exceed expectation” review with great bonuses before the new management. His prior boss used to make this comment on his review “Andy has been a very productive in contributing his technical expertise to the group. Furthermore, he is a Self-starter and always finds a better way of automating tasks. He is a reliable and dependable. It is a pleasure to have Andy in working in our group”. He is a team player and never expected more than where credit is due and never tried to compete with other team members. He is always very quiet even when he is under a lot of pressures and seldom complained about his job. All I said is truth, you guys can go to HR at Medco to pull out his past reviews. HE NEVER AFRAID OF BEING LAID OFF, the proscutor only judge by a personal letter which he mentioned the rumor, a day later he modified the code. THIS IS REALLY a STUPID CASE. 

Reply | Report this comment

He is not stupid at all. He

Submitted by No Name on January 11, 2008 - 4:15 P.M.

He is not stupid at all. He is just a political victim. To wipe out the data frome the retired server is part of his project. When he lost his job in Jan, 2005, He did not know any details until he was approached by Federated Court. He thought the code he modified had destroyed the huge amount of data, therefore he afraid of admitting what he was trying to do when he was investigated at Medco. His initial idea is simply automate the process. He lost a lot of opportunities to explain to the Prosecutor due to careless and language barrier and had no sense of what was actually going on. He never knew how serious the crime was until he was arrested by FBI at his house on 2006, 12/19.

Reply | Report this comment

Not just ome problems. It is really a big problem

Submitted by Anonymous on January 13, 2008 - 10:14 A.M.

I have watched this case unfolding from the first time Federal Prosecutor made the publicity until the sentencing and bigger publicity. Prosecutor fabricated the story and did not tell the truth to the court. His defense attorney cohered him to accept the plea bargain as he did not want to go into trial. He already took this poor guy to the cleaner.
1. Do you believe that Medco's IT infrastructure is so bad that it relied on only 70 Unix servers to do business? What happened to their Mainframe which is their book of record? How many NT servers out there? What about those used in eCommerece? How about the Teradata data warehouse? Did this guy have access to all of those systems? If you think so, you are a fool. Prosecutor clearly glorified a crime that was never committed. Reader should ask how many systems Medco retire in a year? Then you have the right picture.
2. Those codes has been in the environment for long time. In fact, the codes seemed be modified by server people previously. Included the fellow claimed that he found the bomb on January 1. Isn't it too suspicious to find it on Janurary 1 which is a national holiday.
3. A bomb must be concealed. Were the codes concealed? No, it was not. In fact, it was clearly documented. Then where is the proof of criminal intent?
4. The message to the IT world is that if you are a sysadmin you should NEVER EVER perform the task of cleanup a retired server as you could be the next victim.
5. This guy should have hired an expert witness to show the world what really happened, and what kind of inconsistency prosecutor presented. How much were fabrications.
6. I just read it in amazement that prosecutor and FBI don't have anything better to do but trying to send more innocent people to jail.

Reply | Report this comment

Related Posts

We have met the enemy, and he is us.
WTF FTW LOL@ITBW!!1! (and Flash Portal)
DBA's not to blame for Oracle patch application failures?
DHS gets spammed with its own reports

Today's Top Stories

Elgan: The wireless carrier coup must be stopped
Vista Ultimate users fume, rant over Windows 7 deals
Judge temporarily dismisses MySpace cyberbully case
Mozilla slates first Firefox 3.5 patch
SJVN: London Stock Exchange to abandon failed Windows platform
Say no to SQL? Anti-database movement gains steam
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.