MARCH 2014 United States Attorneys’ Bulletin 45
Bomb in Screening System, WIRED (Jan. 12, 2011), available at http://www.wired.com/threatlev
el/2011/01/tsa-worker-malware; Press Release, Dep’t of Justice, Colorado Springs Man Indicted
For Attempting To Corrupt TSA Computer Database (Mar. 10, 2010), available at http://www.
justice.gov/usao/co/news/2010/March10/3_10_10.html.
United States v. Yung-Hsun Lin, (D.N.J. 2007) (No. 06-CR-00963-JLL): The defendant, a former
computer systems administrator for Medco Health Solutions, Inc., was convicted by plea
agreement for planting a “logic bomb” on company computer systems that was designed to
“detonate” on his birthday and delete data stored on more than 70 servers, in violation of 18
U.S.C. §§ 1030(a)(5)(A)(i), 1030(a)(5)(B)(i), 1030(c)(4)(A), 1030(b). He was sentenced to serve
30 months in prison. See Jaikumar Vijayan, Unix admin pleads guilty to planting logic bomb at
Medco Health, Malicious code would have wiped out critical data on 70 servers,
COMPUTERWORLD (Sept. 21, 2007), available at http://www.computerworld.com/s/article/print/
9038218/Unix_admin_pleads_guilty_to_planting_logic_bomb_at_Medco_Health; Sharon
Gaudin, Medco sys admin gets 30 months for planting logic bomb, Inside saboteur could have
crippled pharmacists’ ability to check for deadly drug interactions, U.S. attorney says,
COMPUTERWORLD (Jan. 8, 2008), available at http://www.computerworld.com/s/article/9056284/
Medco_sys_admin_gets_30_months_for_planting_logic_bomb?intsrc=news_ts_head; Press
Release, Dep’t of Justice, Former Systems Administrator Admits Planting “Logic Bomb” in
Company Computers (Sept. 19, 2007), available at http://www.justice.gov/usao/nj/Press/files/pd
ffiles/Older/lin0919rel.pdf; Press Release, Dep’t of Justice, Former Systems Administrator Gets
30 Months in Prison for Planting “Logic Bomb” in Company Computers (Jan. 8, 2008), available
at http://www.justice.gov/criminal/cybercrime/press-releases/2008/linSent.pdf.
United States v. William Carl Shea, (N.D. Cal. 2005) (No. CR 03-20057-RMW): The defendant,
who served as the system administrator, planted a “time bomb” on the company network after
becoming disgruntled at work. He was convicted in a jury trial for violating 18 U.S.C.
§ 1030(a)(5)(A)(i). He was sentenced to one year and a day in prison. His conviction was
affirmed on appeal. See United States v. Shea, 493 F.3d 1110 (9th Cir. 2007). See also Press
Release, Dep’t of Justice, Federal Jury Convicts Former Technology Manager Of Computer
Hacking Offense Defendant Found Guilty of Placing Computer “Time Bomb” On Employer’s
Network Following Employment Dispute (Sept. 8, 2005), available at http://www.justice.gov/cri
minal/cybercrime/press-releases/2005/sheaConvict.htm; Press Release, Dep’t of Justice, Former
Technology Manager Sentenced To A Year In Prison For Computer Hacking Offense (June 23,
2006), available at http://www.justice.gov/criminal/cybercrime/press-releases/2006/sheaSent.ht
m; San Jose man sent to prison for computer ‘time bomb,’ SILICON VALLEY BUSINESS JOURNAL
(June 23, 2006) (“The malicious code was written to delete the source code but officials
eventually found a copy on a backup tape, investigators said.”), http://www.bizjournals.com/sanj
ose/stories/2006/06/19/daily78.html.
United States v. Roger Duronio, (D.N.J. 2006) (No. 02-CR-00933-JLL): The defendant, the
former systems administrator at UBS Paine Webber, was convicted at trial on one count of
securities fraud and one count of computer fraud in violation of 18 U.S.C. § 1030(a)(5)(A)(i),
1030(c)(4)(A); the jury acquitted on two mail fraud counts. A logic bomb, planted by the
defendant after he received a lower bonus than he thought he should have received, damaged
more than 1,000 UBS Paine Webber computer stations. The securities fraud conviction was based
on his purchase of “put options” after he anticipated the company stock would decrease upon
news of the computer logic bomb. He was sentenced to 97 months in prison. See United States v.
Duronio, 2006 WL 1457936, at *4 (D.N.J. May 23, 2006) (denying motion to dismiss
indictment); United States v. Duronio, 2006 WL 3591259, at *1 (D.N.J. Dec. 11, 2006) (denying
motion for a new trial). The conviction and sentence were affirmed on appeal. See United State v.
Duronio, 2009 WL 294377 (3d Cir. Feb. 9, 2009). See also Sharon Gaudin, Ex-UBS Systems