Is this pop-up window weird? Beware of "logic bombs"!

1. Introduction

Xiaobai: Dadongdong, can you help me choose a few shirts on Taobao? I have a problem with making choices.

Dadong: Don’t mention Taobao. When I just opened Taobao today, a pop-up window suddenly popped up, saying that the current version is a beta version and I need to download the latest version.

Xiaobai: Why is there no pop-up window on my phone?

Dadong: What system of mobile phone do you use?

Xiaobai: Android, a new 5G phone! !

Dadong: No wonder, this attack only works on IOS phones.

Xiaobai: Brother Dong, can you briefly describe the incident? I will remind my friends after listening to it.

Dadong: No problem! The incident happened on March 25, 2020. When an iOS user logged into Taobao, a pop-up window automatically appeared, prompting the user to uninstall the update. However, after uninstalling, the user installed the latest version, and the pop-up window still appeared. Of course, Taobao officials also responded quickly. After 10 am, the pop-up window will automatically close, and users can only see a black frame flashing by.

A pop-up warning on Taobao (picture from the Internet)

Xiaobai: What is the reason for this?

Dadong: Some people speculate that this is a logic bomb planted by a Taobao internal staff member. The bomb attack will be triggered at a specific time, destroying user data and other information.

Logic Bombs

Xiaobai: So what exactly is a logic bomb?

Dadong: Logic bombs are one of the manifestations of malicious code. From the perspective of the information security hierarchical model, logic bombs are located in the operation layer, and their attack intention is to cause the degradation of information system capabilities.

Xiaobai: So how does it attack?

Dadong: A logic bomb is when a running information system meets certain logic, such as when the system time reaches a certain value, receives a certain message, or fails to access a certain service for many times. At this time, the specific functions of the logic bomb, such as destroying hardware or data, loading malicious code, locking the operating system, etc., will be triggered, causing harmful consequences. Logic bombs can exist in software and hardware forms, such as operating systems, application software, motherboards, CPUs, and FPGAs.

Xiaobai: So how did it appear and develop?

Dadong: The prototype of logic bombs can be traced back to the Cold War between the United States and the Soviet Union. At that time, the Soviet Science and Technology Council stole a Canadian company's sophisticated control system for its own industrial facilities, and the CIA had secretly implanted a logic bomb in it. The logic bomb was triggered at a specific time in 1982, causing the turbines and valves to go out of control, generating huge pressure, causing the Siberian natural gas pipeline to explode.

Xiaobai: Isn’t this too scary?!

Dadong: In fact, similar incidents happen frequently.

Xiaobai: Brother Dong, can you briefly introduce the relevant events?

3. Related Cases

Dadong: Let me give you an example of a logic bomb that appeared in China - the Jiangmin logic bomb. On June 24, 1997, Jiangmin Antivirus Software released the KV300L++ version. All users who executed KV300L++ on pirated disks had their hard disk data destroyed, and the hard disk was locked, making both the floppy disk and the hard disk unbootable.

Xiaobai: Why?

Dadong: When the system is booting, whether it is booting from a hard disk or a floppy disk, the partition table must be read. The system partition is a linked list structure, and the first partition structure contains a pointer to the next partition. The last partition has a special flag, indicating the end of the partition description.

Partition table structure (picture from the Internet)

Xiaobai: Then how did he cause the hard drive data to be destroyed and lock the hard drive at the same time?

Dadong: Jiangmin's logic bomb changes the partition description table so that the pointer of the last partition description points to the first partition, forming a circular chain, resulting in an infinite loop and making the system unable to start.

Jiangmin logic bomb attack mechanism (picture from the Internet)

Xiaobai: Wow, are there many similar incidents?

Dadong: Quite a few. For example, the famous Siemens company was once implanted with a logic bomb.

Xiaobai: Tell me what’s going on?

Dadong: Previously, it was revealed online that former Siemens contractor David Tinley admitted to planting a logic bomb in the spreadsheet he created for Siemens.

Xiaobai: What is the purpose of implanting logic bombs?

Dadong: Of course it was for profit. The program he wrote ran until 2014, when it crashed, almost every time at a specific time, so Siemens asked David Tinley to fix it. Every time a fix was made, Siemens had to continue to sign a contract with David Tinley, and this situation continued intermittently for 3 years.

Xiaobai: How was this matter discovered?

Dadong: In 2016, David Tinley was on vacation. At that time, Siemens had an urgent order, and the spreadsheet program had a problem. David Tinley had to hand over the management password of the spreadsheet program to Siemens IT staff. As a result, Siemens IT staff found that the reason for the problem with the spreadsheet program was that David Tinley had implanted a logic bomb in the program, which would appear on a specific date or under specific conditions.

Logic bomb (picture from the Internet)

Xiaobai: This is too hateful, he should be punished by law!

Dadong: Siemens sued David Tinley in May last year, claiming that he had repeatedly charged more than $5,000 for repairs, a felony. David Tinley finally pleaded guilty last week and faces up to 10 years in prison and a fine of up to $250,000.

Xiaobai: It’s really satisfying!!

Dadong: Actually, those who plant logic bombs cannot escape legal sanctions. In 2006, Duronio planted a "logic bomb" that caused the data systems of 400 offices of his former employer, the famous investment bank UBS, to be ransacked and 2,000 computers to be paralyzed. The cost of repairing the system was as high as $3.1 million, and Duronio was also imprisoned for 97 months.

Xiaobai: I really don’t know what they are thinking? If they know they will be sanctioned, why do they still break the law?

Dadong: Ultimately, it is driven by profit. For example, in 2017, Mittesh Das, a 48-year-old American citizen, deliberately implanted a destructive "timed logic bomb" to destroy the US Army computer system because he lost an outsourcing contract, causing a loss of $2.6 million. The saboteur was eventually fined $250,000 and sentenced to 10 years in prison. There is a similar case in China. In 2016, after software engineer Xu resigned, the company failed to pay his salary on time, so he used the backdoor file he installed in the website he designed to delete all the website source code. He was eventually sentenced to 5 years in prison by the court.

Xiaobai: Although they may be treated unfairly, this method of fighting violence with violence violates laws and regulations and is not advisable!