IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack
He's now facing 10 years in prison for act of spite
An IT contractor is facing a possible decade behind bars in America for planting a ticking "destructive" time bomb in US military systems.
After a three-day trial this week, Mittesh Das, 48, of Atlanta, Georgia, was found guilty by a jury in North Carolina of knowingly transmitting malicious code with the intent of causing damage to an Army computer used in furtherance of national security.
Specifically, Das deliberately introduced malware – seemingly designed to delete files and knacker services – into the US Army Reserve payroll systems after his employers lost the contract to provide the technology. The military estimates it cost $2.6m to fix the damage.
“Cyber-sabotage is not a ‘prank,’” said John Stuart Bruce, US Attorney for the Eastern District of North Carolina. “It is a very serious crime with real victims and real costs. Thanks to great work by the investigators and prosecutor, Mr Das is being held accountable for his criminal acts.”
In 2012 Das was in charge of managing the servers controlling payroll systems, located in Fort Bragg, North Carolina. But on November 24, 2014 the contract was handed over to another biz and almost immediately things started to go seriously wrong.
A subsequent US Army investigation into five servers in Fort Bragg found that Das had introduced a logic bomb – written to activate at a specific time – and it was activated days after the handover. The ensuing mess delayed paychecks for 17 days and led to an investigation by the Army’s Criminal Investigation Command (CID).
Prosecutors described Das's program as "progressively destructive," adding: "The damage had to be corrected through removal of the malicious code, restoration of all information and features, and a thorough review of the entire system to locate any further malicious code, amounting to a total labor cost to the US Army of approximately $2.6 million."
“We are very pleased with today’s guilty verdict and will do everything in our power to help bring to justice those who attempt to sabotage or disrupt US Army operations in the defense of our nation,” said director Daniel Andrews of the CID.
“Let this be a warning to anyone who thinks they can commit a crime in cyberspace and not get caught. We have highly trained and specialized investigators who will work around the clock to uncover the truth and preserve Army readiness.”
Das faces a possible 10 years in jail and fines of up to $250,000 for his crime. He will be sentenced on January 9. ®
Sponsored: Becoming a Pragmatic Security Leader