Logic Bomb Dud Sends Medco Sysadmin to Jail

Just as placing an actual explosive device is a felony, so, too, is placing software logic bombs to disable or destroy computer systems or data," Raymond Van Dyke, a technology attorney in Washington, told TechNewsWorld. As the value of data continues to rise, there is a large economic need to thwart employees who try to compromise the systems entrusted to them.
Access Free B2B Videos and Win a Free Dell XPS Notebook!Learn industry trends, compare solutions, and research vendors. Free access to B2B webcasts and videos on E-Commerce, Networking, CRM, Security & more… And chance to win a Dell XPS Notebook.
A federal judge has sentenced a former systems administrator for Medco Health Solutionsto 30 months in prison Tuesday for planting a "logic bomb" in Medco's computer systems that was designed to wipe out critical data on more than 70 servers, U.S. Attorney Christopher J. Christie announced.
A programming error prevented the bomb from detonating, but Yung-Hsun ("Andy") Lin, 51, of Montville, N.J., was also ordered by U.S. District Judge Jose L. Linares to pay US$81,200 in restitution to Medco. Lin is free on bail until Feb. 25, when he must surrender to the Federal Bureau of Prisons.
Lin's sentence is the longest federal prison sentence given to date for such a crime, Christie's office said.
"Disgruntled or rogue employees are a real threat to corporate technology infrastructures and can cause extensive damage," Christie said. "The results of this prosecution send a message to systems administrators and employees, and industry should feel comfortable and confident in coming to us when just such cases arise."
Fear of Layoffs
During a Sept. 19 plea hearing before Linares, Lin admitted that while he was employed as a systems administrator at Medco in October 2003 he modified existing computer code and added additional code designed to wipe out computer servers on Medco's network.
Fear of layoffs prompted Lin to plant the bomb, he said, as Medco was being spun off from Merck at the time. He scheduled the code to detonate on April 23, 2004 -- his birthday.
Although the bomb failed to detonate as planned and he never got laid off, Lin kept it in place and set it to deploy on April 23, 2005, instead, he admitted.
Another Medco systems administrator investigating a system error on Jan. 1, 2005, discovered the embedded logic bomb. The company's IT staff then neutralized the destructive code.
Multiple Systems Targeted
Among the Medco databases that could have been affected by the bomb was a critical patient-specific drug interaction conflict database known as the "Drug Utilization Review" (DUR). Prior to dispensing medication, pharmacists routinely examine the DUR for potential conflicts among an individual's prescribed drugs.
Other servers targeted by the logic bomb contain applications relating to clients' clinical analyses, rebate applications, billing and managed care processing. The servers also handle new prescription call-ins from doctors and coverage determination applications, as well as numerous internal Medco applications including corporate financials, pharmacy maintenance tracking, Web and pharmacy statistics reporting, and employee payroll input.
Assistant U.S. Attorney Erez Liebermann of the U.S. Attorney's computer hacking and intellectual property section and Marc Ferzan, chief of the U.S. Attorney's commercial crimes unit prosecuted the case.
'Large Deterrent'
"Just as placing an actual explosive device is a felony, so too is placing software logic bombs to disable or destroy computer systems or data," Raymond Van Dyke, a technology attorney in Washington, told TechNewsWorld.
As the value of data continues to rise, there is a large economic need to thwart employees who try to compromise the systems entrusted to them, Van Dyke noted. The importance of the data's secrecy and confidentiality, meanwhile, adds to the urgency of its protection, he added.
"The ease with which programmers or systems administrators can undermine large, perhaps global, systems is a problem," Van Dyke concluded. "The heavy sentence given here reflects the need for a large deterrent."
To Catch a Cyber-Criminal
At the same time, however, Lin's case also underscores how easily cyber-criminals can be caught, Parry Aftab, a cyber-crime lawyer and cybersecurity expert, told TechNewsWorld.
"People often think that what they do in cyberspace won't show up at their door, but they always touch the ground and cyber 'breadcrumbs' always leave a trail," she said. "Some do it for revenge, others do it for ego, but a trail always leads back to them."
It's actually much easier to find cyber-criminals than it is criminals in the concrete world, Aftab asserted.
"If a criminal breaks into a store and there's no camera and no fingerprints are left behind, we probably won't know who they are," Aftab explained. "But in cyberspace, you're going to have something leading back to you. You can try to erase it, but unless you want to bank on being the smartest hacker ever, the people investigating are probably just as skilled, and they will find you."
Most cyber-crimes that involve networks happen from within, Aftab noted. "The best way for companies to stop cyber-crimes," she concluded, "is by protecting their networks from their own employees, from people who clean the office, and from others who have access."

Behind the Hushed Demand for Live Chat

Although live chat has captured only a tiny share of contact-center interactions, some verticals have done well with this channel, particularly when it enables true collaboration between users and customer-service agents, according to a report from the Yankee Group.
Specifically, the financial services, retail and catalog, and technical-support camps have reaped favorable results when users can do more than simply exchange chat messages with customer-service agents, according to Art Schoeller, Yankee Group senior analyst and author of the report. To be successful, Schoeller told CRM Buyer, both parties might jointly navigate Web pages about new bank accounts, view different portions of an online catalog or attempt to troubleshoot computer hardware. However, he added, this collaborative chat strategy has not worked for all verticals.
In fact, just 1 to 2 percent of all contact-center communication now takes place via chat and Web collaboration, according to the Yankee Group study. That paltry figure contrasts with 74 percent via live voice (phone), 8 percent each via e-mail and Web self-service , 10 percent via IVR (interactive voice response) and 2 percent via speech recognition .
Human Nature
"Human behavior is hard to change, and the move to channels [other than the phone] will not solely be driven simply by their availability," the Yankee Group report noted.
In fact, chat is unlikely to gain much momentum in the next few years, according to Schoeller. "Does chat reduce talk time?" he said. "Generally, no. It takes more time to type."
Indeed, many contact-center clients "own but don't use" chat capabilities, according to Laura Preslan, research director at AMR Research. For example, several CRM companies, such as Chordiant, Onyx, PeopleSoft, Pivotal, SAP and Siebel, include chat in their contact-center offerings. Best-of -breed vendors like HipBone and LivePerson also offer chat functionality.
Potential for Productivity
However, despite chat's lackluster uptake in contact centers at present, the technology has the potential to reshape how companies sell products and services online, said Robert LoCascio, chief executive of LivePerson. The company has expanded its offerings to focus more on marketing in addition to sales, LoCascio told CRM Buyer.
"Instead of just chat, why can't we send out pop-up windows that say, 'Welcome to our Web site. We have a special offer for first-time visitors.'" LoCascio said. "Many customers go to a Web site for research. If you can engage them during this research, the conversion rates are high."
For example, Forex Capital Markets has increased its interaction with customers since installing LivePerson's ServiceEdition click-to-chat application more than a year ago, according to Marc Prosser, chief marketing officer for the online currency trading company. The four-year-old firm has expanded to about 160 employees from 70 a year ago.
"Using chat has enabled us to grow while keeping costs down," Prosser told CRM Buyer. "Traditional channels like e-mail and phone are more costly." He added that although Forex has people answering the phone and e-mail, "when there's high activity, we move them to chat."
Challenges to Chat
Still, chat faces some significant challenges in its push toward the mainstream. When it first was introduced, the technology promised to increase agents' productivity by letting them serve multiple customers at one time, shifting back and forth from one communications channel to another.
This has not happened, largely because most companies still are not set up so that agents can engage in online chat when they are not on the phone, AMR's Preslan said. "A lot of companies haven't figured out how to segment inquiries by channel."
Use of chat will increase in the next few years, she noted, when universal queuing, which allows all contacts to come in on the same queue, takes off.
However, Schoeller expressed some doubts about universal queuing, saying that although everyone began talking about it in the late 1990s, not many people put it into practice. The value proposition of moving in this direction still is not that strong, he added.
Making Headway
In the end, though, chat is making progress on some fronts despite setbacks and is likely to become more accepted as a communications channel over time.
At year-end, for example, LivePerson plans to introduce a system that integrates chat, e-mail and a knowledge base. LoCascio said he expects this approach will be popular, noting that his company's challenge is to make sure each of the integrated system's pieces is strong. "Call centers are finally at the point where they want an integrated solution," he noted. "They want one single vendor who is solid."

Intel Feels Fury of OLPC Scorned

Over the entire six months it was a member of the association, Intel contributed nothing of value to OLPC," said OLPC. "Intel never contributed in any way to our engineering efforts and failed to provide even a single line of code to the XO software efforts even though Intel marketed its products as being able to run the XO software.

Intel and OLPC announced in July they would work together "to bring the benefits of technology to the developing world through synergy of their respective programs." It was an unusual pairing to begin with, since the OLPC's cheap XO notebooks are based on AMD processors and because Intel has a product of its own -- the Classmate -- that competes with the XO.
OLPC founder Nicholas Negroponte said at the time that Intel's involvement "means that the maximum number of laptops will reach children" and Intel CEO Paul Otellini commented that his company's goal was to bring technology to underprivileged kids.

Relationship Gone Sour
However, Intel "did not deliver on any of the promises they made" and instead tried to undermine OLPC sales by badmouthing the XO, OLPC said. Additionally, Intel showed no willingness to help advance XO development, OLPC charged.
Intel reportedly denies such nefarious behavior, with Otellini being quoted as calling OLPC's accusations "hogwash."
"Over the entire six months it was a member of the association, Intel contributed nothing of value to OLPC," said OLPC. "Intel never contributed in any way to our engineering efforts and failed to provide even a single line of code to the XO software efforts even though Intel marketed its products as being able to run the XO software."
In essence, it became clear that "Intel's heart has never been in working collaboratively as part of OLPC," said OLPC.
Butting Heads Over Market Share
Intel, it seems, was willing to work with OLPC as one of several ways to get its processors installed in low-cost, education-focused computers to be sold to developing nations. However, such competition undermines the OLPC plan for the XO, a plan that initially called for selling the revolutionary machines for US$100 apiece but has since seen that price double. The hundred-dollar price point remains an OLPC goal.
It's ironic that Negroponte -- despite his claims about being burned by one big, American IT vendor -- apparently is willing to work with an even bigger one: Microsoft , said Wayan Vota, editor of OLPC News, an independent site focused on OLPC.
OLPC and Microsoft are developing a way to allow XO notebooks to run on either Linux or Windows.
"The best we can believe from Negroponte is he wants to sell the XO to any market that wants them," Vota told LinuxInsider. Two years ago, Negroponte said he wouldn't consider selling the devices to schools in the United States, but has changed his mind, Vota noted.
A Changing World
Much of the current OLPC-related confusion and controversy is due to the quickly changing conditions in developing countries, said Charles King, senior analyst at Pund-IT.
"When One Laptop Per Child's efforts began several years ago, the sense at that time was they were aiming their efforts at the masses underserved by commercial IT solutions," King told LinuxInsider. "But over the past couple of years, vendors like Intel looked at those markets and realized they have the financial wherewithal to create products that could potentially compete with OLPC and it was very important for them to be seen as competitive in those markets."
In other words, "OLPC took a very non-commercial approach to what were once non-commercial markets that have since become increasingly commercial markets," King added.
Open to Danger?
Bringing up yet another area for discussion and dispute, Vota wondered how advocates of Linux and open source technology in general will react to OLPC's newfound willingness to create XO notebooks that run on Windows.
"The true sense of open is you can put any software on any hardware," Vota said. "But is the concept of letting in Windows, and tying OLPC to Microsoft and the Bill and Melinda Gates Foundation worth the danger of being sucked into that orbit? Are you going to take the open source manifesto at its word and take the risk that Windows will absorb it?"
Negroponte's apparent willingness to do so shows that OLPC didn't learn its lesson from its dealings with Intel. "I personally think it's a fool's gambit," Vota said. "Once you get in bed with Microsoft, you will wake up with fleas."