Early this year a bomb went off in a computer at the Los Angeles department of water and power. The device did not explode; it was a "logic bomb," a smidgen of spurious software coding that had been secretly inserted into the giant IBM machine. At a preassigned time, the logic bomb suddenly went off and maliciously froze the utility's internal files. Work came to a standstill until a team of experts, including the Los Angeles police department's newly formed computer crime unit, was able to uncover the subversive coding. The unknown criminal, who could face five years in the California state penitentiary and a $10,000 fine, is still at large.
Los Angeles water and power got off lightly. The logic bomb had not disrupted the intricate systems that control the flow of water and electricity to the service's 1.2 million customers. Says Lieut. Fred Reno, the officer in charge of the case: "A lot of customers in the city of Los Angeles could have been affected. That really would have been a disaster."
While companies are reluctant to admit that they have been targets of dirty tricks, experts say that such crimes are on the increase. The potential for disaster is frightening. Software sabotage could alter data in computers at banks and stock brokerages or send false signals to air traffic controllers. That could mean the loss of millions of dollars or hundreds of lives.
Programs called "worms" are capable of altering a system's fundamental operations or shutting it down entirely. They delete specific portions of a computer's memory, thus creating a hole of missing information. Another type of software demon, called a "virus," instructs the host machine to summon its stored files. Each time the machine does so, the program copies itself onto the software. The computer's memory can soon turn into a mass of confusion.
Both of these destructive miniprograms occupy only a few hundred bytes of memory and are therefore virtually invisible among the millions of lines of code contained in a large computer. Worse still, they are ominously easy to create. Says Security Consultant Ian Murphy, 28: "Any decent programmer can write a virus in six hours. A novice can write one in 20 hours with assistance and 30 hours without assistance." The perpetrators are frequently disaffected engineers and computer technicians. Says Security Consultant Sanford Sherizen of Natick, Mass.: "A lot of people grew up in data processing, spent years holding computers together with Scotch tape, putting in extra hours, and in recent years of the industry's growth they don't feel they have got an adequate reward."
Two years ago, using an ordinary modem and telephone, a young software saboteur penetrated the system at Manhattan's Memorial Sloan-Kettering Cancer Center with another kind of subversive programming, called a "trap door." The program collected users' passwords as they logged on. No matter how often legitimate users changed their sign-on codes, the hacker was able to gain unauthorized access to the hospital's records by summoning the intervening trapdoor and reading off the newly accumulated list of passwords. The culprit was later apprehended. He pleaded guilty and faced a maximum penalty of six months in jail and a $500 fine.