14 DAY TRIAL // The Spanish police have detained the managers of a company selling customized accounting software for small and mid-sized businesses in the country. The firm is being investigated for rigging its programs to fail at predefined intervals, thus charging extra for maintenance.
The case has been investigated by the Spanish Civil Guard's Internet crimes division (El Grupo de Delitos Telemáticos), who acted after receiving an anonymous tip through its website. The company has not been named, but it is referred to as CIPSA and is based in the city of Córdoba.
According to the authorities, the offending company has been selling software rigged with logic bombs since as far back as 1998. A logic bomb is a piece of code programmed to perform a malicious action at a certain point in time. In this case, the software company set their software to intentionally fail at a certain date, forcing the customer to call its technical support department.
To remedy the problem, the firm sent specialists on the field, who in addition to restoring normal functionality of the program also reset the timer on the logic bomb. This allowed the organization to gain significant revenue over the years from unwarranted service costs.
Help Net Security reports that offices of the unnamed software company have been raided by police and three of its managers have been detained. However, no charges have been officially brought against them so far.
Security researchers advise that logic bombs are often associated with insider threats. Disgruntled or former employees, whose access to the company's systems has not been revoked, are likely to use such tactics in an attempt to harm the companies.
Back in January 2009, we wrote about the case of an Fannie Mae computer engineer, who created a hidden script that was timed to delete data and backups from all of the mortgage giant's servers after his departure. If his plan wouldn't have been uncovered in time, the losses for the company could have been huge.