Friday, June 23, 2006

A Real Logic Bomb

Logic bomb is a term often used in the media, despite the fact that almost all reporters (there are notable exceptions) have no clue what it means. Well, now we can look at a real one, thanks to forensics work by Keith Jones. He found a real logic bomb while doing forensics on the United States v. Duronio case. I worked the very beginning of this case while Keith and I were both at Foundstone. My small part involved trying to figure out how to restore images of AIX machines from tape. I even bought an AIX box on eBay for experimentation.

You can read about Keith's testimony in this Information Week article. This is the "logic bomb" Keith recovered:



One of the neat aspects of this case is its age: over four years. The media and elsewhere are abuzz with stories of "insider threats," but this has been a problem for a very long time. Congratulations to Keith for testifying on such an important case. If the jury has a clue, the defendant doesn't have a chance.

Update: This story specifically examines the code in question.

4 comments:

James said...

whew! logic bomb is scary!

WRJ said...

/usr/sbin/mrm -r looks like a renamed copy of rm?

Chris Walsh said...

AIX huh?

That makes the firm's inability to restore some of these boxen all the more puzzling, since AIX has from waaaay back had pretty good capabilities as far as dumping an image to tape and restoring therefrom.

sharad said...

ur blog is really cool yar. i came in touch with ur site while searching for logic bomb n i found a lot. thanx son't know who u r... but thanx for help. i'm going to so a presentation in logic bomb... lets see how it willl be... its a national level presentation..... hum!!!! quite long any way thanx.... will tel u abt the presentation....