Contractor pleads guilty to planting 'logic bomb' in client's software

David Tinley faces a fine of up to $250,000 and ten years in prison

A contractor has pleaded guilty to planting a "logic bomb" in a client's software in a bid to receive extra work from the company every few years.

David Tinley, a 62-year-old contract programmer from Harrison City near Pittsburgh, pleaded to one count before Judge Peter Phipps in a US District court on Friday. Tinley now faces a fine of up to $250,000, up to 10 years in prison, or both.

Tinley offered software services to the US unit of Siemens for about ten years. He was hired to create automated spreadsheets that were used by the firm to manage orders for electrical equipment.

The prosecutors argued that Tinley intentionally planted "logic bombs" into his spreadsheets, which went off every few years.

A "logic bomb" is a set of computer code, which when embedded into a software programme triggers a malicious function when some specific conditions are met.

In Tinley's case, those logic bombs caused the programme to malfunction every few years, such as errors with on-screen buttons or changes in the font size. On such occasions, the company had no other option than to call Tinley to fix the issue.

Tinley's plan worked well until 2016, when the company had to put in an urgent order from a customer while he was away. At that occasion, Tinley was forced to share the password of his computer with Siemen's employees, who were quick enough to find the planted "logic bombs" in Tinley's programme.

In the court, Tinley's lawyers argued that his intention was simply to protect his proprietary programme and not to make any extra money from the company.

However, prosecutors argued that the act should still be considered a crime. Moreover, Siemens had to spend about $42,000 on an investigation to determine the damage caused to the company by the malicious code.

Tinley will be sentenced on 8^th Nov 2019.

Timley's case is, however, not the first case where a company's employee/contractor has been accused of embedding malicious code in software programmes or stealing some confidential information from company's systems.

Earlier this month, a US court charged a Chinese software engineer for allegedly stealing trade secrets from his former employer, and taking it to his next company in China. In 2013, three HTC executives were arrested in Taipei on suspicion of leaking trade secrets, as well as filing false commission fee claims totalling T$10 - around £214,524.

And in 2017, a software engineer admitted stealing proprietary software code belonging to IBM while employed by the company. He was accused of economic espionage and theft of trade secrets.