Logic Bombs - PowerPoint PPT Presentation

About This Presentation
Title:

Logic Bombs

Description:

This may help the code on it's journey as it worms through your system undetected. ... Debuted in the 1980's (Friday the 13th virus) ... – PowerPoint PPT presentation

Number of Views:775
Avg rating:3.0/5.0
Slides: 15
Provided by: dav5179
Learn more at: http://www.cs.fsu.edu
Category:
Tags: 13th | bombs | friday | logic | the

less

Transcript and Presenter's Notes

Title: Logic Bombs


1
Logic Bombs
  • Douglas Smith
  • David Palmisano

2
What is a Logic Bomb?
  • A logic bomb is a piece of code intentionally
    inserted into a software system that will set off
    a malicious function when specified conditions
    are met.

3
More on Logic Bombs
  • Criteria for Logic Bombs
  • For code to be considered a logic bomb the
    effects of the code should be unwanted and
    unknown to the software operator.
  • Trial software that expires after a certain time
    is generally not considered a logic bomb.
  • Piggybacking
  • Many viruses, worms, and other code that are
    malicious in nature, often carry a logic bomb
    that detonates under given conditions. This may
    help the code on its journey as it worms through
    your system undetected.

4
A New Age of Crime
  • Robbery at gunpoint has become obsolete. Welcome
    to the new generation of crime.
  • Logic bombs for profit (monetary or otherwise)
  • Remote
  • No get-a-way car
  • Low fatality rate
  • Wile E. Coyote syndrome a thing of the past

5
Emergence of the Logic Bomb
  • Technology is directly proportional to the need
    for security.
  • The home computer was one of the greatest
    technological advancements since the wheel.
  • Word Processing
  • Pong
  • The Virus

6
Emergence contd
  • Time Bombs
  • Detonates at a given time.
  • Most well-known version of the logic bomb.
  • Many of the first viruses released were time
    bombs.
  • Debuted in the 1980s (Friday the 13th virus)
  • Michelangelo virus brought public focus to
    viruses due to media coverage.

7
Attackers
  • Most of the time Logic bombs are placed in the
    system by insiders.
  • Such as
  • Disgruntled employees
  • Corporate Spies
  • Also planted by remote users/systems

8
Possible Triggers for Logic Bombs?
  • Lapses in time.
  • Specific dates.
  • Specific Commands
  • Specific Actions in Programs
  • Still there logic bombs
  • Remain in the system with compromising effects.
  • Will run as instructed by its creator unless the
    creator deactivates it.
  • Payroll example.

9
Historic Attacks
  • In June 1992, a defense contractor General
    Dynamics employee, Michael Lauffenburger, was
    arrested for inserting a logic bomb that would
    delete vital rocket project data. It was alleged
    that his plan was to return as a highly-paid
    consultant to fix the problem once it triggered.
    The bomb was stumbled on by another employee of
    the company. Lauffenburger was charged with
    computer tampering and attempted fraud and faced
    potential fines of 500,000 and jail-time ).

10
Historic Attacks
  • In February 2000, Tony Xiaotong was indicted
    before a grand jury accused of planting a logic
    bomb during his employment as a programmer and
    securities trader at Deutche Morgan Grenfell. The
    bomb had a trigger date of July 2000, and was
    discovered by other programmers in the company.
    Removing and cleaning up after the bomb allegedly
    took several months.

11
Victimization Prevention
  • Do not allow any one person universal access to
    your system.
  • Separation of duties
  • Always practice safe computing. Always use
    protection. AntiVirus software can significantly
    reduce the risk of contracting a virus which may
    contain a logic bomb.
  • New strains of logic bomb and virus programs are
    constantly being created.
  • Remember, if you believe your system may be
    compromised by another entity (programmer,
    software or other system). Get tested to prevent
    the transmission of dangerous code operations.

12
Defenses for Bombs
  • Segregate operations from programming and
    testing.
  • Institute a carefully controlled process for
    moving code into production.
  • Give only operations staff write-access to
    production code.
  • Lock down your production code - source and
    executable making it close to impossible for
    unauthorized people to modify programs.
  • Assign responsibility for specific production
    programs to named positions in operations.
  • Develop and maintain a list of authorized
    programmers who are allowed to request
    implementation of changes to production programs.
  • Require authorization from the authorized quality
    assurance officer before accepting changes to
    production.
  • Keep records of exactly which modifications were
    installed when, and at whose request.

13
Defenses for Bombs
  • Use hash functions on entire files in the
    production library.
  • Recompute all hashes against a secure table to
    ensure that no one has altered production files
    without authorization and documentation.
  • Keep audit trails running at all times so that
    you can determine exactly which user modified
    which file and when.
  • If possible, ensure that audit trails include
    chained hash functions. That is, the checksum on
    each record (which must include a timestamp) is
    calculated not only on the basis of the record
    itself but also using as input the checksum from
    the previous record. Modifying such an audit
    trail is much more complicated than simply using
    a disk editor to alter data in one or two
    records.
  • Back up your audit files and keep them under high
    security.

14
Bibliography
  • Kabay, M. E.. Network World Security Newsletter,
    August 21, 2002. http//www.networkworld.com/newsl
    etters/sec/2002/01514405.html
  • Walder, Justin. Press Release, December 17, 2002.
    http//www.usdoj.gov/criminal/cybercrime/duronioIn
    dict.htm
  • Answers.com. Logic bombsDefinition and Much More
    from Answers.com. http//www.answers.com/topic/log
    ic-bomb
Write a Comment
User Comments (0)
About PowerShow.com