Systems Administrator Charged With Attacking Medco Computers
A savvy IT worker spotted and disarmed the logic bomb, which would have taken down the database that pharmacists use to make sure patients' new prescriptions don't interact dangerously with their current prescriptions.
A former systems administrator for Medco Health Solutions was arrested Tuesday and charged with trying to take down a computer network that maintained customer health care information.
Another systems administrator at the company discovered the malicious code, or logic bomb, before it went off. If it had been detonated, prosecutors say it would have eliminated pharmacists' ability to know if a new prescription would dangerously interact with a patient's current prescriptions. They also say it would have caused widespread financial damages to the company.
Yung-Hsun Lin, 50, of Montville, N.J., was indicted by a federal grand jury on Monday and was arrested at his home this morning by the FBI. He is being charged with two counts of computer fraud. If convicted, he could face 20 years in prison and a fine of $500,000 -- $250,000 for each charge.
The systems administrator had access to the company's HP-Unix computer system that was made up of about 70 servers. The network handled Medco's billing information, corporate financial information, and employee payroll input, as well as the Drug Utilization Review, a patient-specific drug interaction conflict database.
"The potential impact, had it gone off, would have been devastating. And more so, it would have been devastating to patients," says Assistant U.S. Attorney Erez Lieberman, who is prosecuting the case, along with Assistant U.S. Attorney Marc Ferzan. "Taking a logic bomb and putting it in a system where it could not just cause financial harm but could also harm databases, which he knows and administers, that affect patient drug information, adds to the enormity of the situation. The impact obviously could affect real lives, real time."
This arrest comes just a week after Roger Duronio, 64, of Bogota, N.J., received the maximum sentence of eight years in prison for building, planting, and disseminating a logic bomb at his former employer, UBS PaineWebber. Prosecutors from the same U.S. Attorney's Office in Newark handled that case as well. Six years ago, they also prosecuted the very first computer sabotage case. Tim Lloyd was found guilty in 2000 of planting a logic bomb that took down the network he helped to build at Omega Engineering.
According to the indictment, Lin, who is known as Andy Lin, created the malicious code early on Oct. 3, 2003, just days before a planned layoff was due to happen. Medco had just spun off from Merck & Co. and was going through a restructuring. The Medco Unix group was merging with the e-commerce group to form a corporate Unix group, the government reports.
Several systems administrators were laid off on Oct. 6. Lin was not one of them.
The indictment points out that the month before the layoffs were made, Lin sent out e-mails discussing the anticipated layoffs. In one e-mail, he indicated he was unsure whether he would survive the downsizing, according to government documents.
The logic bomb was set to automatically deploy on April 23, 2004, which was Lin's birthday. The code was triggered that day, prosecutors report, but it failed to take down the servers because of a coding error. The government says Lin later modified the code in September of 2004, correcting the error and resetting it to go off on April 23, 2005.
Another systems administrator kept that from happening, though.
On Jan. 1, 2005, one of Lin's fellow IT workers was investigating a system error and discovered the malicious code embedded with other scripts on the Medco servers. The company's IT security team "neutralized" the code.
Lin is expected to make an initial court appearance in U.S. District Court in Newark, N.J., today. He is set to be arraigned on Jan. 3. The case has been investigated by the FBI.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022