Sysadmin accused of crashing former employer’s Oracle database with logic bomb
A Massachusetts systems administrator is facing charges of breaking the Computer Fraud and Abuse Act, trespassing, and conversion – using other people’s property for a crime – after booby-trapping his former employer’s servers.
For 14 years, Nimesh Patel worked at high-performance computing component manufacturer Allegro MicroSystems as a system administrator, with particular responsibility for programming the shop’s Oracle financial database module. He resigned on January 8, 2016 but is accused of then trying to sabotage the company.
Over the course of his employment Patel was issued two laptops, which the company requested he return. Patel gave back one of the original laptops, and another unissued laptop, after completely wiping the hard drive.
The prosecution alleges the second work laptop was kept so that Patel could still access the company network and because it still contained a file with all the employees’ login data and passwords.
Court documents [PDF] claim that on January 31 Patel trespassed on company property to get within wireless range of the network, and then used the laptop to log into the network using the account of his subordinate staffer. He then uploaded malware into the Oracle financial module.
The code was to activate on the first day of Allegro’s financial year, April 1. The software was designed to delete key financial data headers and pointers from the Oracle files, rendering the module useless.
The software worked as designed, and two weeks into April the accounting department noticed something was wrong. Allegro called in investigators, who found the code on April 25, along with evidence that Patel had used the second laptop to access the network after he had left the job.
The company claims that the only other employee with the skills to write code for the Oracle database had left before Patel’s departure. It also claims he logged into the network using the subordinate’s ID before he quit the job.
Allegro called the police, who investigated and brought charges. The company claims that the software issues cost it over $100,000 and it is seeking to recover these costs from Mr Patel, in addition to any other penalties the court could impose should he be found guilty. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/14/sysadmin_crash_former_employers_oracle_db/