Man gets two years in prison for sabotaging US Army servers with 'logic bomb'

Server sabotage resulted in 17 days of delay in US Army Reserve pay.
Written by Catalin Cimpanu, Contributor

A US judge has sentenced an Atlanta man to two years in prison followed by three years of supervised release for sabotaging one of the US Army's payroll databases with a "logic bomb."

The man's sentence is related to an incident that occurred in November 2014 and affected the US Army's Regional Level Application Software (RLAS).

According to court documents, Mittesh Das, 49, of Atlanta, Georgia, was hired by a company that was contracted by the US Army to manage one of the databases part of the country-wide RLAS system.

Also: Why hiring more cybersecurity pros may not lead to better security TechRepublic

The third-party company contracted Das to work on its RLAS maintenance contract since 2012 due to his extensive expertise with the system.

But two years after it won the RLAS contract, this company failed to secure an extension and was later scheduled to hand over the RLAS database management duties to another contractor in November 2014.

According to investigators, Das didn't appear to take this handover lightly, and at some time before the changeover, he placed malicious code on the RLAS database that would execute days after the new company took over and would destroy locally-stored records.

This code --which investigators referred to as a "logic bomb"-- started executing on November 24, the date the new company started RLAS management duties.

The US Army Criminal Investigation Command, which investigated the case, says the code wiped data from five servers associated with the RLAS systems stored at Fort Bragg, North Carolina.

Also: Here's the tiny drone the US Army just purchased for soldiers CNET

The US Army eventually removed the logic bomb code and restored all data, but by that time days had passed. Several consequences resulted from this event.

For starters, the US Army was on the hook for $2.6 million labor costs for the investigation and the audit of the RLAS system.

Second, over 200,000 US Army reservists had to wait weeks for their pay, as the affected servers managed payroll data. US military press covered the incident at the time, calling it a "glitch" in the Regional Level Application Software, and reported payment delays for US Army reservists of 17 days, on average.

Third, US Army Reserve operations were also affected because orders for mobilizing soldiers were also handled through the same systems affected by the logic bomb. This prevented the US Army Reserve from mobilizing any soldiers in December 2014 for their scheduled monthly drills.

Following a long-winded investigation, authorities charged and arrested Das in April 2016, and he later pleaded guilty in September 2017. Besides the two-year prison sentence and three years of supervised released, Das was also ordered to pay $1.5 million in restitution for the damages he caused.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards