Siemens Contractor Jailed for Sabotage With Logic Bombs

Former Siemens contract employee David Tinley was sentenced to six months in prison for sabotaging his employer over a span of roughly two years using logic bombs planted in company spreadsheets.

The end goal of his efforts was to cause Siemens to ask for his services at the firm's Monroeville, PA location to repair the malfunctioning software.

62-year old Tinley pleaded guilty to the intentional damage to a protected computer charge in July 2019 and the conviction also came with an additional two-year term of supervised release and a $7,500 fine.

Wiz

Tinley faced a maximum total sentence of 10 years in prison for the charges, a maximum fine of $250,000, and a maximum term of supervised release of three years according to court documents.

The plea agreement stipulated a total loss amount of $42,262.50 according to the United States Sentencing Guidelines.

The spreadsheet logic bombs

Tinley planted logic bombs designed to trigger automatically after a set time and randomly crash a series of spreadsheets he designed to automatically calculate customer order cost estimates and workflow according to a Law360 report.

While his spreadsheets worked without flaw for years, starting in 2014 they suddenly began randomly crashing and glitching because of the logic bombs he inserted within the password-protected code.

This prompted Siemens to ask Tinley to fix the issue for a set fee. Each his services were required, he would go in, edit the spreadsheets code and modify the date when they would again start crashing according to Assistant U.S. Attorney Shardul S. Desai.

According to information presented to the court, from in and around 2014 and continuing until on or about May 13, 2016, Tinley intentionally inserted logic bombs into computer programs that he designed for Siemens Corporation. The logic bombs ensured that the programs would malfunction after the expiration of a certain date. As a result, Siemens was unaware of the cause of the malfunction and required Tinley to fix these malfunctions. - DoJ press release

While this worked for about two years until May 13, 2016, Tinley's scheme was discovered when he was out of town and he had to give his password to Siemens' employees because of a time-sensitive deadline that required the spreadsheets to work.

This is not the first instance of logic bombs being planted on computers documented by the U.S. DoJ as shown by previous instances of employees being sentenced, charged, pleading guilty of inserting such software implements on public or their companies' systems [1, 2, 3, 4, 5]

tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

US cybersecurity experts plead guilty to BlackCat ransomware attacks

Baker University says 2024 data breach impacts 53,000 people

University of Phoenix data breach impacts nearly 3.5 million individuals

University of Phoenix discloses data breach after Oracle hack

Ukrainian hacker admits affiliate role in Nefilim ransomware gang