Systems Administrator Charged With Attacking Medco Computers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance
11:50 AM

Systems Administrator Charged With Attacking Medco Computers

A savvy IT worker spotted and disarmed the logic bomb, which would have taken down the database that pharmacists use to make sure patients' new prescriptions don't interact dangerously with their current prescriptions.

A former systems administrator for Medco Health Solutions was arrested Tuesday and charged with trying to take down a computer network that maintained customer health care information.

Another systems administrator at the company discovered the malicious code, or logic bomb, before it went off. If it had been detonated, prosecutors say it would have eliminated pharmacists' ability to know if a new prescription would dangerously interact with a patient's current prescriptions. They also say it would have caused widespread financial damages to the company.

Yung-Hsun Lin, 50, of Montville, N.J., was indicted by a federal grand jury on Monday and was arrested at his home this morning by the FBI. He is being charged with two counts of computer fraud. If convicted, he could face 20 years in prison and a fine of $500,000 -- $250,000 for each charge.

The systems administrator had access to the company's HP-Unix computer system that was made up of about 70 servers. The network handled Medco's billing information, corporate financial information, and employee payroll input, as well as the Drug Utilization Review, a patient-specific drug interaction conflict database.

"The potential impact, had it gone off, would have been devastating. And more so, it would have been devastating to patients," says Assistant U.S. Attorney Erez Lieberman, who is prosecuting the case, along with Assistant U.S. Attorney Marc Ferzan. "Taking a logic bomb and putting it in a system where it could not just cause financial harm but could also harm databases, which he knows and administers, that affect patient drug information, adds to the enormity of the situation. The impact obviously could affect real lives, real time."

This arrest comes just a week after Roger Duronio, 64, of Bogota, N.J., received the maximum sentence of eight years in prison for building, planting, and disseminating a logic bomb at his former employer, UBS PaineWebber. Prosecutors from the same U.S. Attorney's Office in Newark handled that case as well. Six years ago, they also prosecuted the very first computer sabotage case. Tim Lloyd was found guilty in 2000 of planting a logic bomb that took down the network he helped to build at Omega Engineering.

According to the indictment, Lin, who is known as Andy Lin, created the malicious code early on Oct. 3, 2003, just days before a planned layoff was due to happen. Medco had just spun off from Merck & Co. and was going through a restructuring. The Medco Unix group was merging with the e-commerce group to form a corporate Unix group, the government reports.

Several systems administrators were laid off on Oct. 6. Lin was not one of them.

The indictment points out that the month before the layoffs were made, Lin sent out e-mails discussing the anticipated layoffs. In one e-mail, he indicated he was unsure whether he would survive the downsizing, according to government documents.

The logic bomb was set to automatically deploy on April 23, 2004, which was Lin's birthday. The code was triggered that day, prosecutors report, but it failed to take down the servers because of a coding error. The government says Lin later modified the code in September of 2004, correcting the error and resetting it to go off on April 23, 2005.

Another systems administrator kept that from happening, though.

On Jan. 1, 2005, one of Lin's fellow IT workers was investigating a system error and discovered the malicious code embedded with other scripts on the Medco servers. The company's IT security team "neutralized" the code.

Lin is expected to make an initial court appearance in U.S. District Court in Newark, N.J., today. He is set to be arraigned on Jan. 3. The case has been investigated by the FBI.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll