Former Medco Sys Admin Pleads Not Guilty To Sabotage Charge

A New Jersey man is charged with computer fraud for allegedly writing and planting malicious code that could have crippled a network that maintained customer health care information. A co-worker found the logic bomb on the system before it went off.

Sharon Gaudin, Contributor

January 4, 2007

3 Min Read
InformationWeek logo in a gray background | InformationWeek

The former systems administrator charged with planting a logic bomb in the computer network at Medco Health Solutions pleaded not guilty Wednesday in U.S. District Court.

Yung-Hsun Lin, 50, of Montville, N.J., is being charged with two counts of computer fraud for allegedly writing and planting malicious code that could have crippled a computer network that maintained customer health care information. If convicted, he could face 20 years in prison and a fine of $500,000, $250,000 for each charge.

Lin, who is out on bail, was arraigned Wednesday. A trial date has not been set.

The logic bomb never went off, because another systems administrator at the company discovered the malicious code, or logic bomb, before it detonated. Had it gone off, prosecutors say it would have eliminated pharmacists' abilities to know whether new prescriptions would dangerously interact with patients' current prescriptions. They also say it would have caused widespread financial damages to the company.

In a previous court appearance, Lin's first defense attorney said the government's case was based on a bias against Asians. That attorney is no longer representing him.

"I don't know why Mr. Lin's prior council drew those conclusions," says Kevin Marino, Lin's new defense attorney. "I certainly have no reason to suspect a bias of any kind. I am in the process of reviewing the discovery and will make a determination as to how we will proceed after doing so." Marino is with Marino & Associates, P.C., based in Chatham, N.J.

The Case

Lin, who is known as Andy Lin, had access to the company's HP-Unix computer system that was made up of about 70 servers, according to the indictment. The network handled Medco's billing information, corporate financial information, and employee payroll input, as well as the Drug Utilization Review, a patient-specific drug interaction conflict database.

"The potential impact, had it gone off, would have been devastating. And more so, it would have been devastating to patients," said Assistant U.S. Attorney Erez Lieberman, in a previous interview. "Taking a logic bomb and putting it in a system where it could not just cause financial harm but could also harm databases, which he knows and administers, that affect patient drug information, adds to the enormity of the situation. The impact obviously could affect real lives, real time." Lieberman is prosecuting the case, along with Assistant U.S. Attorney Marc Ferzan.

According to the indictment, Lin allegedly created the malicious code early on Oct. 3, 2003, just days before a planned layoff was due to happen. Medco had just spun off from Merck & Co. and was going through a restructuring. The Medco Unix group was merging with the e-commerce group to form a corporate Unix group, the government reports.

Several systems administrators were laid off on Oct. 6. Lin was not one of them.

The indictment points out that the month before the layoffs were made, Lin sent out e-mails discussing the anticipated layoffs. In one e-mail, he indicated he was unsure whether he would survive the downsizing, according to government documents.

The logic bomb was set to automatically deploy on April 23, 2004, which was Lin's birthday. The code was triggered that day, prosecutors report, but it failed to take down the servers because of a coding error. The government says Lin later modified the code in September of 2004, correcting the error and resetting it to go off on April 23, 2005.

One of Lin's co-workers kept that from happening, though.

On Jan. 1, 2005, a fellow IT worker was investigating a system error and discovered the malicious code embedded with other scripts on the Medco servers. The company's IT security team "neutralized" the code, according to the government.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights