Siemens contractor hid "logic bomb" in complicated spreadsheet, guaranteeing future maintenance work


David Tinley developed complex spreadsheets under contract to Siemens, which used them to manage its equipment orders; Tinley hid "logic bombs" in the spreadsheets' scripts that caused them to malfunction every couple of years, which would gin up new work for him as he was called in to fix them.


But when Tinley got a support call while out of town, he passed the admin passwords on to Siemens IT, which discovered the scam. Tinley has pleaded guilty and faces up to 10 years in prison and up to $250,000 in fines. Other contractors who've used logic bombs to do this sort of thing have received multi-year sentences, and Zdnet says its likely Tinley will go to prison.


The spreadshees included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management.

But while Tinley's files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called "logic bombs" that would trigger after a certain date, and crash the files.

Every time the scripts would crash, Siemens would call Tinley, who'd fix the files for a fee.



Siemens contractor pleads guilty to planting logic bomb in company spreadsheets
[Catalin Cimpanu/Zdnet]


(via Schneier)


(Image: XKCD)