[ISN] Systems Administrator Charged With Attacking Medco Computers

From: InfoSec News (alerts@private)
Date: Tue Dec 19 2006 - 23:05:06 PST


http://www.informationweek.com/news/showArticle.jhtml?articleID=196700846

By Sharon Gaudin
InformationWeek
Dec 19, 2006

A former systems administrator for Medco Health Solutions was arrested 
Tuesday and charged with trying to take down a computer network that 
maintained customer health care information.

Another systems administrator at the company discovered the malicious 
code, or logic bomb, before it went off. If it had been detonated, 
prosecutors say it would have eliminated pharmacists' ability to know if 
a new prescription would dangerously interact with a patient's current 
prescriptions. They also say it would have caused widespread financial 
damages to the company.

Yung-Hsun Lin, 50, of Montville, N.J., was indicted by a federal grand 
jury on Monday and was arrested at his home this morning by the FBI. He 
is being charged with two counts of computer fraud. If convicted, he 
could face 20 years in prison and a fine of $500,000 -- $250,000 for 
each charge.

The systems administrator had access to the company's HP-Unix computer 
system that was made up of about 70 servers. The network handled Medco's 
billing information, corporate financial information, and employee 
payroll input, as well as the Drug Utilization Review, a 
patient-specific drug interaction conflict database.

"The potential impact, had it gone off, would have been devastating. And 
more so, it would have been devastating to patients," says Assistant 
U.S. Attorney Erez Lieberman, who is prosecuting the case, along with 
Assistant U.S. Attorney Marc Ferzan. "Taking a logic bomb and putting it 
in a system where it could not just cause financial harm but could also 
harm databases, which he knows and administers, that affect patient drug 
information, adds to the enormity of the situation. The impact obviously 
could affect real lives, real time."

This arrest comes just a week after Roger Duronio, 64, of Bogota, N.J., 
received the maximum sentence of eight years in prison for building, 
planting, and disseminating a logic bomb at his former employer, UBS 
PaineWebber. Prosecutors from the same U.S. Attorney's Office in Newark 
handled that case as well. Six years ago, they also prosecuted the very 
first computer sabotage case. Tim Lloyd was found guilty in 2000 of 
planting a logic bomb that took down the network he helped to build at 
Omega Engineering.

According to the indictment, Lin, who is known as Andy Lin, created the 
malicious code early on Oct. 3, 2003, just days before a planned layoff 
was due to happen. Medco had just spun off from Merck & Co. and was 
going through a restructuring. The Medco Unix group was merging with the 
e-commerce group to form a corporate Unix group, the government reports.

Several systems administrators were laid off on Oct. 6. Lin was not one 
of them.

The indictment points out that the month before the layoffs were made, 
Lin sent out e-mails discussing the anticipated layoffs. In one e-mail, 
he indicated he was unsure whether he would survive the downsizing, 
according to government documents.

The logic bomb was set to automatically deploy on April 23, 2004, which 
was Lin's birthday. The code was triggered that day, prosecutors report, 
but it failed to take down the servers because of a coding error. The 
government says Lin later modified the code in September of 2004, 
correcting the error and resetting it to go off on April 23, 2005.

Another systems administrator kept that from happening, though.

On Jan. 1, 2005, one of Lin's fellow IT workers was investigating a 
system error and discovered the malicious code embedded with other 
scripts on the Medco servers. The company's IT security team 
"neutralized" the code.

Lin is expected to make an initial court appearance in U.S. District 
Court in Newark, N.J., today. He is set to be arraigned on Jan. 3. The 
case has been investigated by the FBI.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Dec 19 2006 - 23:25:37 PST