An IT guy kills his ex-employer’s software out of spite
(‘Hack Attack,’ Forensic Files)
The desire for revenge has motivated many of the criminals portrayed on Forensic Files. Chris Dean mailed a bomb that killed an internet entrepreneur who had cheated him on a deal. Dr. Richard Schmidt injected his girlfriend with a virus because she broke up with him.
Timothy Lloyd, whom a local newspaper called a “onetime whiz kid,” also wanted payback. The New Jersey software engineer felt his employer treated him unfairly. Unlike Dean and Schmidt, however, Tim devised an act of vengeance that didn’t physically hurt anyone. Instead, it created a much wider-felt crisis, one that deprived his company of millions and resulted in the layoffs of dozens of his former colleagues.
Existensial ‘eek!’ For this week, I looked into how the public reacted to the sabotage that crippled Omega Engineering’s computer system back in 1996 — when headlines about data breaches weren’t so common. So let’s get started on the recap of “Hack Attack” along with extra information from internet research and an interview with IT security consultant Kenneth van Wyk:
On July 31, 1996, employees at Omega Engineering in Bridgeport, New Jersey started receiving the message “Fixing” when they turned on their computers. The company designed and made measurement and control devices. The Gloucester County manufacturing facility counted the U.S. Navy and NASA as clients.
Unfortunately for Omega, the “Fixing” message was false hope. The computers didn’t repair themselves. Omega, which was founded in 1962 when a mother of four named Betty Ruth Hollander began making thermocouples in her kitchen, was in danger of having to shut down entirely.
Disappearing act. It lost 1,000 programs, which might not sound all that horrifying by today’s standards. As one Forensic Files viewer commented on YouTube:
“Their server was so sophisticated, it could store ‘over a THOUSAND computer programs.’ LOL. Love this show.“
But Omega needed that technology to make its 25,000 products plus 500,000 variations
Someone or something had not only deleted Omega’s programs but also purged them, making them nearly irretrievable.
Here come the feds. The company hired Kroll OnTrack to recover missing data by examining the Omega server’s hard drive.
So great was the scope of the breakdown that the U.S. Secret Service — whose agents are experts in fraud — came in to help Kroll and the police in hopes of solving the case quickly.
Investigators found that the company’s single backup tape, kept in a file drawer in the Human Resources department, had disappeared.
“Not to blame the victim, but even in the context of the 1990s, having that little backup was insane,” van Wyk told ForensicFilesNow.com. “I would expect a CEO or CIO to have a backup in a safe that only the CIO knew how to access.”
No accident. The Kroll experts handed over Omega’s hard drive — the heart of the computer system — to the Secret Service for safe keeping. As Forensic Files explains, even turning on a computer can alter the hard drive.
The Secret Service made a duplicate copy of the hard drive with all of its data to examine separately from the original.
But why did the crisis happen in the first place? The experts ruled out a virus or user error. “The deletion was too surgical to be accidental,” Peter Thomas tells us on Forensic Files. And because the passwords were weak, anyone at the company could have gained access.
It looked like sabotage.
Gone guy. Weeks after the crash, Kroll found purge commands in the system —and a “fuse” that would have enabled the devious party to set up the attack in advance. Some of the purge commands looked like dry runs conducted before the big crash on July 31, 1996.
The Secret Service took interest in Timothy Lloyd, a recent systems administrator for Omega. He designed programs for the company and built its Novell NetWare computer network during his career of more than 10 years with Omega.
He had left the company three weeks before the crisis, to start a new job. Omega had given Tim good references.
Sliced salary. But that didn’t mean it was a happy divorce. Company records showed that Tim had trouble getting along with some of his colleagues at Omega, and had even elbowed a female co-worker. And his performance on the job was waning, according to reporting from CNN. Omega quietly dismissed him on July 10, 1996.
Tim’s new job meant a pay cut from his $57,000 a year salary at Omega, the Star-Ledger reported.
But Tim had no criminal record. He was in his 30s, married with children, and lived in an attractive split-level house — not some unabomber’s lair — in Delaware.
That didn’t stop authorities from searching the residence. They found numerous computer hardware and disks and a tape labeled “back up” dated February to May, the months leading up to the crash. Someone had deleted the content.
Bombs away. Then, woo-hoo, investigators found a copy of a virtual time bomb — the function that allowed a vandal to preprogram the attack — on one of the hard drives at Tim’s home.
“The minute the command was triggered, all of their programming was immediately and irrevocably deleted,” Assistant U.S. Attorney V. Grady O’Malley would later say.
Company records showed that Tim had worked late on nights when the apparent timebomb test-runs took place.
For whom the bell tolls. Because the crash affected interstate commerce and caused more than $5,000 in damage, the alleged offenses qualified as federal crimes. They cost Omega $10 million in lost sales and future contracts and $2 million in reprograming help. And the company eventually laid off 80 people. In 1998, the New York Times reported that Tim’s act of sabotage might have been the most expensive computer disaster on record.
News of Tim’s hack attack reverberated around the U.S. The Arizona Republic ran an editorial urging governments, in light of the Omega hack, to safeguard IT systems.
“A lot of people were saying that we need to have multiple backups for mission critical computers,” says van Wyk, who owns KRvW Associates in Jacksonville, North Carolina.
Not going ‘private.’ The case also distinguished itself because the wronged employer sought resolution via the justice system. Companies usually handled such episodes internally to prevent embarrassment. It also marked the first federal prosecution for computer sabotage.
Nonetheless, it should also be noted that Tim wasn’t out to steal personal user data — unlike the post-millennium Yahoo and Equifax hackers who wanted to use the information to create fraudulent schemes for profit. The desire for retribution and the allure of creating chaos motived Tim.
A grand jury indicted him for sabotage as well as stealing computer equipment worth $50,000 and transporting it across state lines.
The jury trial kicked off in April 1998 at a Newark Federal Court.
Desire to be a hero? The prosecution contended that, as Omega grew in size and opened new locations, Tim felt left behind. He resented that his star was fading and wanted revenge.
On the day of the crash, Tim had told his new employer that everyone’s job at Omega was in jeopardy.
Investigators theorized that Tim hoped that the company would give him a distress call (which it did) and pay him to fix the system (which it didn’t).
“I had trusted Tim Lloyd completely,” Omega South plant manager Jim Ferguson said on the witness stand. “We relied on Tim Lloyd. He was responsible for the security of the system.”
Ferguson added, “We will never recover.”
Job left open. The defense called Tim was a scapegoat. “Computers crash. Networks crash,” said lawyer Edward Crisonino.” Sometimes you can’t get them back up. That’s what happened at Omega.”
Crisonino also pointed out that Omega didn’t fill the network administrator job immediately after Tim’s exit, making the company vulnerable to computer problems.
Tim’s lawyers portrayed him as a humble computer genius, one who had no university degree and learned from the school of hard knocks. Tim had started working at Omega at the age of 20. (Reuters reported that he was actually in his teens when the company snapped him up.)
Strong words. After deliberating for 12 hours, a jury acquitted Tim on the stolen goods charge but found him guilty of computer sabotage. He got a sentence of 3 ½ years and a $2 million fine, payable in increments of $200.
“This court must send a message, not only to Mr. Lloyd but to other people in his position, that there will be a day of reckoning for those who commit computer sabotage,” said U.S. District Judge William Walls. “You may never pay that $2 million back, [but] you will do your best to pay that $2 million back.”
Tim remained free on appeals for several years. The Star-Ledger described him as kept under home detention in New Castle, Delaware. (Other sources say he lived in Wilmington.) But he was allowed to do onsite computer work for a Delaware machine shop.
His conviction was overturned and then reinstated.
Tim finally went behind razor wire in 2002 to serve his 3 ½ years.
Still in denial. But he continued to deny causing the crash and blamed his lawyers for the guilty verdict because they discouraged him from testifying. He also called the case a conspiracy between Omega and the U.S. government and maintained that other employees could have easily caused the crash.
Whatever the case, Omega survived and is going strong today.
After serving his time, Tim kept a low profile.
“I don’t know what became of Tim Lloyd,” said van Wyk. “I would suspect he’s burned his bridges to any IT companies. Who knows, maybe some companies don’t do background checks.”
That’s all for this post. Until next time, cheers. — RR
Watch the Forensic Files episode on YouTube
Related
Click Here For The Original Source.
