Problem solve Get help with specific problems with your technologies, process and projects.

What is a logic bomb?

A logic bomb is a dangerous piece of software designed to damage a computer or network and cause massive data destruction. In this SearchSecurity.com Q&A, Ed Skoudis explains how an enterprise can prepare for a hacker's detonation.

What exactly is a logic bomb, and how does it work? Can you provide an example?
A logic bomb is a nasty piece of software that is designed to cause some damage on a computer or network. Such an attack is triggered by a certain event or series of events; it could be something as simple as the passage of a certain amount of time or a given user logging in. For example, when the system clock on a target machine reaches a certain date and time… Bam! The critical data residing on it is destroyed, or maybe the computer crashes.

In investigations conducted by my network forensics consultancy, Intelguardians, we've seen several logic bomb...

situations in the wild. In one case that combines the above ideas with an interesting and common twist, an administrator set up a logic bomb designed to trigger if he didn't log in for 90 days. The organization had actually fired this admin for other reasons and had removed his access from the system. His logic bomb persisted, however, acting as a silent sentinel. After 90 days, the organization was faced with massive data destruction.

In another case, an attacker submitted an extortion notice to a large stock-trading firm, threatening that its crucial trading systems -- responsible for tens of millions of dollars in commission per hour -- would be forced offline unless the firm paid $1 million to the attacker. The firm decided not to pay, and its systems did indeed come down for more than an hour, taking a heavy financial toll. After the firm coaxed the systems back to life, a second extortion notice arrived. In the second go-round, though, the attackers asked for a different amount, having shown that they could indeed cause damage. Did they raise their price to $5 million? $10 million? No, and here's the amazing psychological trick: They actually lowered the price to half a million dollars. After showing the power of their logic bomb and the financial destruction they could cause, reducing the price made the deal far more tempting to the stock-trading firm. The company ended up paying the extortion fee and later located the logic bomb, eradicating it from their environment.

To deal with logic bombs, make sure your enterprise employs regular backups that are verified on a consistent basis. Secondly, make sure you have Hot Standby Router Protocol (HSRP) enabled on your routers, which will ensure connectivity even when first-hop routers fail. And, finally, identify the personnel in your management chain who should be informed in the case of extortion threats. Determine these critical decision makers in advance, so that they can be quickly notified if and when such nefarious activity does occur.

More information:

  • Learn more about application logic attacks.
  • Use threat modeling to secure the software development process.
  • This was last published in June 2007

    Dig Deeper on Data loss prevention technology

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.