Logic Bombs

A logic bomb will lie dormant until triggered by some event.

Just like a real bomb, a logic bomb will lie dormant until triggered by some event. The trigger can be a specific date, the number of times executed, a random number, or even a specific event such as deletion of an employee’s payroll record.

When the logic bomb is triggered, it will usually do something unpleasant. This can range from changing a random byte of data somewhere on your disk to making the entire disk unreadable. Changing random data may be the most insidious attack since it generally causes substantial damage before anyone notices that something is wrong. It’s vital to have software in place that quickly detects such damage.

Although you can detect it after the fact, there is unfortunately no way to prevent a well written logic bomb from damaging your system. This is one reason (among many) that having good backups of important data is so important.

If you’ve had someone in to do any system work on your computer (e.g., custom programming) it’s particularly important that you independently verify the work was done correctly and to verify no trap doors or logic bombs were inserted into your systems. Work like custom programming require programmers to have detailed access to your systems; just the kind of access someone who wanted to insert a logic bomb into your system would love to have. (This is not to say independent contractors are worse than any other person who has low-level access to your systems; it’s just one obvious example.) And, with today’s remote desktop built into Windows; it’s even easier to give such control over to a support person at some remote software vendor’s location or someone posing as such.

Some historic logic bombs include…

  • In 1982, the CIA was tipped to a plan to steal control system plans from a Canadian firm for use in the Trans-Siberian pipeline. They had the company insert a logic bomb which resulted in a large explosion when triggered.
  • In June 1992 a defense contractor employee was arrested for inserting a logic bomb into a rocket project. Supposedly his plan was to come back as a consultant and “solve” the problem for a large fee.
  • In February 2000 a programmer was indicted before a grand jury; accused of planting a logic bomb at Deutsche Morgan Grenfell. It was planted in 1996 and supposed to trigger in mid-2000 but was discovered before it went off.
  • In October 2003 a Unix administrator changed code on a server at Medco Health Solutions Inc. that was supposed to go off on his birthday in 2004. An error caused it to fail so he wrote another for the next year but it was discovered before it could go off.
  • In June 2006 a system administrator for UBS was charged with using a logic bomb to commit securities fraud. He was convicted.
  • On 29 January 2009 it was reportedWeb Link that a Fannie Mae contractor who had been let go managed to insert a script designed to execute on 31 January 2009 in to the Fannie Mae system. Apparently, the contractor was allowed to keep his access and computer for a short time after he was notified of the termination (a major error on the part of Fannie Mae IT/security). The script, found before it executed, would have wiped clean some 4,000 servers.


  • A logic bomb is one reason among many for having good backups of important data.
Up Arrow Software Threats Up Arrow
Prior Page Next Page
Software Threats Trojans