http://www.technologyreview.com/read_article.aspx?id=17921&ch=biztech
Tuesday, December 19, 2006
Prosecutors: New Jersey worker put data-wrecking 'bomb' in computers
of drug company
By Associated Press
NEWARK, N.J. (AP) -- A computer administrator angry about possibly
losing his job planted an electronic ''bomb'' in the systems of one
of the nation's largest prescription drug management companies,
prosecutors said Tuesday.
If the so-called ''logic bomb'' had gone off at Medco Health
Solutions Inc., it would have wiped out critical patient information,
authorities said.
Even after surviving a round of layoffs, Yung-Hsun Lin, 50, of
Montvale kept the code in the system and tinkered with it in an
attempt to set it off, prosecutors said. The bug eventually was
discovered and neutralized by the company.
U.S. Attorney Christopher Christie said the bomb could have caused
widespread financial damage to the company, and possibly harmed a
large number of patients. Among the targeted databases was one that
tracked patient-specific drug interaction conflicts, prosecutors said.
Before dispensing medication, pharmacists routinely examine the
information contained in the database to determine whether conflicts
exist between a patient's prescribed drugs.
''The potential damage to Medco and the patients and physicians
served by the company cannot be understated,'' Christie said. ''A
malicious program like this can bring a company's operations to a
grinding halt and cause millions of dollars in damage from lost data,
system downtime, recovery and repair.''
Lin was arrested at his home Tuesday morning by FBI agents, and was
to appear before a federal magistrate Tuesday afternoon. His
arraignment is scheduled for Jan. 3. He is charged with two counts of
computer fraud.
His lawyer, Raymond Wong, said Lin denies introducing any malicious
programming into the computer system. Wong said his client was in a
position to know that such an action could be linked quickly to him.
''He is an administrator; if something happened, it could be traced
back,'' said Wong, who added Lin has years of ''excellent performance
reviews.''
A call seeking comment from Medco was not immediately returned.
The indictment alleges that Lin, who worked in the company's Fair
Lawn office, planted the computer bomb in Medco's servers. It would
have wiped out critical data stored on more than 70 servers,
according to Assistant U.S. Attorney Erez Lieberman. He could not
estimate how many patients could have been affected.
In addition to the drug-interaction information, other data on the
targeted servers included patients' clinical analyses, rebate
applications, billing and managed-care processing.
Prosecutors said that when Franklin Lakes-based Medco was spun off
from Merck & Co. in 2003, Lin feared that layoffs would affect him.
Authorities said that on Oct. 3, 2003, Lin created the bomb designed
to delete virtually all data from the 70 targeted servers by
modifying existing computer code and adding new code. It allegedly
was set to detonate automatically on April 23, 2004 -- his birthday.
Due to a programming error, it didn't go off. Even after surviving a
round of layoffs, prosecutors said, Lin modified the bomb's code to
have it detonate on his next birthday. But the company found and
disabled it before it could cause any damage.
Last week, a former UBS PaineWebber systems administrator in New
Jersey was sentenced to eight years and one month in prison for
attempting to profit by detonating a ''logic bomb'' program that
caused millions of dollars in damage to the brokerage's computer
network in 2002. The ex-employee, Roger Duronio, also was ordered to
pay $3.1 million in restitution to his former employer, now known as
UBS Financial Services Inc., part of the Swiss banking company UBS AG.
--~--~---------~--~----~------------~-------~--~----~
TELECOM-CITIES
Current searchable archives (Feb. 1, 2006 to present) at
http://www.mail-archive.com/[email protected]/
Old searchble archives at
http://www.mail-archive.com/[email protected]/
-~----------~----~----~----~------~----~------~--~---
