Logic Bombs: How to Prevent Them

Caleb Townsend
Staff Writer   United States Cybersecurity Magazine

A logic bomb is a piece of malicious code that hackers insert into a software or operating system. This code lies dormant until a specific condition occurs. These conditions could be a pre-determined time (often referred to also as a time bomb) or a specific command that the user types in. Once the conditions occur, the logic bomb will wreak havoc on your computer system. Some examples include corrupting your hard drive, stealing your data, or taking your device over.

Hackers often use logic bombs in accordance with viruses, worms, and Trojan horses in order to achieve maximum damage. Indeed, these types of malware, when employed as a logic bomb, will behave in one manner, and then change tactics drastically once the material condition is met.

To count as a logic bomb, the malicious attack must:

  • Lie dormant for a specific amount of time.
  • Have a payload that is unknown to the user.
  • Be triggered by a specific condition.

Logic Bombs Throughout History

Logic bomb attempts are common. Unsuccessful attempts at Fannie Mae and the TSA were notable news stories. However, two of the most famous examples of successfully carried out bombs are:

The 2006 crashing of the UBS servers. The logic bomb came courtesy of Roger Duronio, a systems administrator for the UBS Group AG. Duronio was a disgruntled worker attempting to wipe out the servers. His motivation was apparently because he was unhappy with his bonus. The bomb was successful. 2,000 servers at 400 office branches fell victim to the attack. However, his plan to drive down the stock of UBS ultimately did not pan out. Accordingly, Duronio was sentenced to 8 years in prison. Additionally, he had to pay 3.1 million dollars to UBS.

The Siemens Corporation spreadsheet debacle involved contract employee David Tinley, who provided software to Siemens’ Monroville PA offices. He was a trusted employee for nearly a decade, and would create spreadsheets to manage equipment orders. However, Tinely planted a logic bomb within one of the spreadsheets.

The bomb went undetected for two years. Every time a script would malfunction, Siemens would have to call Tinley, who would “fix it” for a free. The scheme eventually ended though, when Tinley was out of town, and gave the spreadsheet password to Siemens’ IT staff during another crash. The logic bomb was found and Tinley pled guilty in May of 2019.

How to Prevent Logic Bombs

There are a few disaster recovery plans in place to deal with logic bomb attacks. However, there are also things you can do to prevent them from happening in the first place.

  • Firstly, it is important to periodically scan all files. Logic bombs are hidden among code, so it is therefore very important to check compressed files to make sure there is nothing hidden in them.
  • Secondly, it is very important to keep your anti-virus software updated regularly. If the software doesn’t have all the patches for the most current viruses, logic bombs will be able to slip through in the form of whatever new strain of malware exists.
  • Avoid pirated software. This is one of the most popular methods for delivering malware.
  • Train employees on spotting phishing emails. Email attachments is another very common malware delivering system.
  • Never trust unsecured web links. They may lead you to an infected site.