Image sources: Siemens, stock.adobe.com (Katynn, Buffaloboy)
If you don’t have a job, get one – at least if you get paid well for it. This is how one could describe the case of a Siemens employee from the USA who did not carry out his last order for the company as Siemens had imagined (via Mein-MMO).
What was the employee’s job? Essentially, it was about creating an automated spreadsheet based on the contents of other documents from the Siemens servers.
For a while after completion, unexpected crashes occurred. They led to the programmer receiving new work orders from Siemens – and accordingly new money.
The fact that this was fully intentional on his part only became apparent when the perpetrator was careless industrialcybersecuritypulse.com reported.
A ticking time bomb
Crashed servers can quickly become a major problem for companies.
By programming a so-called Logic Bomb
respectively Logic bomb
After a few months, the Siemens software kept causing problems. The basic idea behind it is to specifically crash a server after certain conditions occur.
In this way, the programmer had the opportunity to ensure that Siemens provided him with new work at irregular intervals without any further intervention and according to parameters he had set.
Since he always knew the problem exactly, it was easy and reliable money for him.
You can find out more about a completely different approach to making more money in the following article:
When the vacation turns into disaster
The plan worked for about two years, but finally a server failure occurred when the logic bomb’s programmer was on vacation.
Siemens still had access to the systems because some employees knew the password required. Because the programmer himself couldn’t intervene this time, other developers were brought in.
Not only were they able to solve the problem, but they also discovered its true cause. Apparently the perpetrator didn’t cover his tracks thoroughly enough, so the whole thing was discovered while he was on vacation – with legal and financial consequences for him.
Reduced punishment: The conviction initially carries a sentence of ten years in prison and a fine of $250,000. Ultimately, the software developer received a much lighter sentence: six months in prison, two years of supervised release and a fine of $7,500.
We explain in the following article how you can protect your own gaming PC as best as possible from cyber attacks:
Security tips for players – protect accounts and system
What do you think about the case and the punishment it ultimately resulted in? Should something like this not even happen to a large company like Siemens? Do you think the originally intended punishment for the programmer is appropriate or the clearly toned down second variant – or something in between? Feel free to write it in the comments and join in the discussion!
