IT worker arrested over hacking plot
Published: 20 Dec 2006 08:59 GMT
A systems administrator who apparently feared imminent layoffs was arrested Tuesday in connection with installing "destructive computer code" on servers at his company, a major manager of prescription benefit plans.
FBI agents arrested Yung-Hsun "Andy" Lin, 50, at his Montville, New Jersey home on Tuesday morning, one day after a grand jury returned a two-count indictment against him.
The indictment accuses Lin of planting a "logic bomb" sometime around October 2003 that, if activated successfully, would have deleted "virtually all information" on more than 70 HP-Unix servers at Medco Health Solutions and wreaked havoc on the business and its users.
The servers contained numerous applications and databases that managed bills, rebates, new prescription call-ins from doctors, insurance coverage, and clinical assessments of patients. One database that received special attention in the indictment, known as the Drug Utilization Review, was designed to allow pharmacists to see what drugs patients were already taking so that they could determine whether taking different medicines simultaneously was safe.
"The potential damage to Medco and the patients and physicians served by the company cannot be understated," Christopher Christie, US attorney for the New Jersey district, said in a statement.
According to the indictment, the alleged criminal activity started just after Medco, once a wholly owned subsidiary of Merck & Co, became a publicly traded company in August 2003. During the month that followed, Lin and others exchanged emails in which they voiced concerns about possible layoffs in their department. While Lin ultimately kept his job, four fellow systems administrators lost theirs.
Lin allegedly programmed the so-called bomb to do its work on 23 April, 2004 — his birthday — but because of a coding error, it failed to detonate. He later modified the coding so that it would deploy on 23 April, 2005 but another computer administrator happened to stumble upon the program in January 2005 and "neutralised" it, the indictment said.
The New Jersey district has made three such prosecutions in five years, according to a press release. Just last week, 63-year-old Roger Duronio, a former systems administrator for UBS PaineWebber, landed a 97-month prison sentence after being convicted of placing malicious code on some 1,000 corporate computers, triggering more than $3m in damage.
In 2002, Timothy Allen Lloyd was sentenced to 41 months in prison after a Newark, New Jersey, jury convicted him of devising a "time bomb" that deleted programs on servers at the high-tech measurement company Omega Engineering. Prosecutors said that activity, which occurred 20 days after Lloyd's departure from the company, cost the company $10m.
Did you find this article useful?
291 out of 333 people found this useful
- Share this article:
