Also known as Slag Code and commonly associated with Disgruntled Employee Syndrome, a Logic Bomb is a piece of program code buried within another program, designed to perform some malicious act. Such devices tend to be the province of technical staff (non-technical staff rarely have the access rights and even more rarely the programming skills required) and operate in two ways:-
- 'Triggered Event' for example, the program will review the payroll records each day to ensure that the programmer responsible is still employed. If the programmers name is suddenly removed (by virtue of having been fired) the Logic Bomb will activate another piece of code to Slag (destroy) vital files on the organisation's system. Smarter programmers will build in a suitable delay between these two events (say 2-3 months) so that investigators do not immediately recognise cause and effect.
- 'Still Here' - in these case the programmer buries coding similar to the Triggered Event type but in this instance the program will run unless it is deactivated by the programmer (effectively telling the program - "I am still here - do not run") at regular intervals, typically once each quarter. If the programmer's employment is terminated unexpectedly, the program will not be deactivated and will attack the system at the next due date. This type of Logic Bomb is much more dangerous, since it will run even if the programmer is only temporarily absent - eg through sickness, injury or other unforeseen circumstances - at the deactivation point, and the fact that it wasn't meant to happen just then is of little comfort to organisation with a slagged system.
Logic Bombs demonstrate clearly the critical need for audit trails of activity on the system as well as strict segregation of duties and access rights between those staff who create systems - analysts, developers, programmers, - and the operations staff who actually run the system on a day-to-day basis.
*** The Information Security Glossary ***