In 2011 Tinley had refused to hand over the password to unlock the spreadsheet for editing when asked, claiming he was protecting his work product.
> For years, the spreadsheet would glitch, Tinley would be hired to come in, would "fix" it, invoice Siemens, and head out again. But that all changed in May 2016 when Tinley was out of state, and Siemens called again about the spreadsheet. The company had an urgent order it had to put through, it told Tinley, and it wasn't working properly again. Pushed, Tinley relented and handed over the password.
Wow, does 6-months in jail seem a little severe? How does one even get someone prosecuted for this crime?
We hired a licensed plumber on 2 occasions - to install a sink and later a shower.
We just had a different plumber out because the sink was plugged up. He pointed out that the prior plumber had installed the sanitary-t upside down basically guarantying it would eventually become clogged.
We also had him look at the shower because we couldn’t figure out how to get the screen out to clear the hair. Turns out the grate was also installed upside-down and the screws holding the screen in are in-accessible. So, there is no way to get it out without demoing the shower.
Should this plumber be sentenced to 6-months in jail?
I understand it depends on whether the FBI can show malice, planning and intent, and the size of the damage ($42k in the Siemens case). So in your plumber case it's probably impossible unless it's like a pattern of fraud rather than just one mistreated client. If a plumber actually tried to make a fraudulent business model out of such behaviour, then I could totally believe they might get jail time. Furthermore, if you sue the plumber yourself, that's a civil case and so jail time is not possible at all (the Siemens case was handled by the FBI).
I personally do not think that 6 months' jail for stealing $42k from somebody is so severe, to be honest, it's a lot of money.
If he's purposely making mistakes to get work in the future then I don't think 6-months in jail is that bad. It's just plain fraud isn't it? Not to mention an expensive inconvenience for all of his customers who have to deal with his shoddy work.
On the other hand, it's entirely possible the plumber made an honest mistake.
It seems the specifically designed logic to fail at a certain date is the reason. If stuff breaks because of a screwup, or at least something that people can be convinced is a routine screwup, that's one thing. Actually creating a new module to make something fail is something else.
It's like if the plumber designed, built, and installed a device specifically to make your plumbing leak or clog or something at a specific point in the future, instead of just installing a normal and expected device incorrectly.
The law does tend to take intentions into account for crimes and punishment. Killing somebody by a freak accident is different from making a plan in advance to kill somebody and executing it.
This does make it feel rather odd that it's legal to DRM things though.
No he shouldn't. We need to stop sending people to jail for all but the most heinous of crimes. He should be ordered to pay you back twice for what it cost to install and repair.
I wonder why this is illegal but it's legal for hardware to deny service or even break stuff when they detect you're using something they don't like (I'm referring to printers, but I also remember a case where a microcontroller would try to brick something when it detected a counterfeit cable).
Apparently it was a password protected spreadsheet.
Which seems like incredible incompetence of the company to accept code in that format in the first place and to not have demanded the password when the first issue arose.
On the one hand, yes, that's crazy. On the other hand, an argument can be made that company accept proprietary software in binary form all the time, and this is no different !
I read the DOJ link and it just states “intentional damage to a protected computer.”
If he had accidentally written sloppy code that happened to break periodically would that have been illegal? I don’t fully understand what law he broke and how such a law would not also apply to the seemingly infinite cases of built in obsolescence.
I once wanted to put a logic bomb for a client that was a startup and for months (years?) prioritize paying others. I had accumulated $30K in debt for them as they told me the sky is falling numerous times and that they’d pay me as soon as the next money came in. They just had raised hundreds of thousands but paid their own salaries and large empty office instead.
I knew I’d have the upper hand if the site suddenly stopped working. But I was afraid of some kind of “hacking laws” being “exceeding access” or whatever (probably stupid given what was realistic) and never did it. My only acceptable option was to do a DMCA takedown at AWS because they had never signed a copyright assignment.
Anyway long story short I never got paid. Been too nice / scared. And the startup went out of business. Many of its investors were pissed. The usual.
How is this malicious compliance? He wrote code to intentionally stop working at certain times in order to defraud Siemens by getting them to pay for what is essentially the same work over and over again.
>Tinley added code to the complex spreadsheets that "had no functional value, other than to randomly crash the program,"
I could say the same about some of the... less talented developers I've worked with in the past. Hanlon's razor might not apply in this case, but that's a scary thought given how the US justice system seems so inept at handling cyber crime.
Off topic but is does anyone else feel that the phrase “logic bomb” is too meaningless for the frequency with which it shows up in reporting these days?
It makes it sound more sophisticated than it is. What’s wrong with calling it malware? Or even better, simply criminal behaviour that happens to involve a computer.
Logic bomb is a term for a very specific subtype of malware, and it is quite informative and useful to use this term - it gives a proper impression about what this particular malware does and doesn't do.
It immediately suggests that it has a delayed action that creates a disruption after some time (and not right away); that it is hidden (as opposed to e.g. ransomware), that it's intentionally deployed there (as opposed to someone accidentally getting infected), that it's most likely not spreading itself automatically like a virus and that the damage isn't controlled in realtime like in a botnet, etc.
Simply saying 'malware' would not tell us this information, so it would be vague and inaccurate instead of using the appropriate terminology.
We really like PR in this field. We call making a copy of a file "piracy", as in piracy on the high seas. We call adding a password to an Excel spreadsheet a "bomb", as in a device designed for leveling entire cities and brutally murdering everyone nearby. We call adding restrictions to books and films "digital rights", kind of like the "bill of rights" that protects our country's core values.
The prosecutors and industries that coined these terms are very clever. For the petty crimes that they describe, they can turn the outrage up to eleven by comparing the most minor transgression to murder. In the case of DRM, the industry managed to convince people to buy new TVs, monitors, video cards, and cables... to protect their rights? Their right to be turned upside down and have the coins and bills shaken out of their pants, I guess.
I guess it depends on your definition but something designed to go off (negatively) after a predetermined time and dork up the logic of a program seems apt.
All I can say is he must be a really good programmer if he needed to deliberately install logic bombs to make his software malfunction after a period of time. I've got my hands full just making things work properly in the first place!
Why does the title not contain "to ensure he gets new work"? The original title was 2 characters too long for HN, but could have been edited to contain that information. For example: "Contractor admits planting logic bombs in software to ensure he’d get new work"
[+] [-] ChrisSD|6 years ago|reply
> For years, the spreadsheet would glitch, Tinley would be hired to come in, would "fix" it, invoice Siemens, and head out again. But that all changed in May 2016 when Tinley was out of state, and Siemens called again about the spreadsheet. The company had an urgent order it had to put through, it told Tinley, and it wasn't working properly again. Pushed, Tinley relented and handed over the password.
https://www.theregister.co.uk/2019/06/25/siemens_logic_bomb/
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] auggierose|6 years ago|reply
[+] [-] mgleason_3|6 years ago|reply
We hired a licensed plumber on 2 occasions - to install a sink and later a shower.
We just had a different plumber out because the sink was plugged up. He pointed out that the prior plumber had installed the sanitary-t upside down basically guarantying it would eventually become clogged.
We also had him look at the shower because we couldn’t figure out how to get the screen out to clear the hair. Turns out the grate was also installed upside-down and the screws holding the screen in are in-accessible. So, there is no way to get it out without demoing the shower.
Should this plumber be sentenced to 6-months in jail?
[+] [-] conistonwater|6 years ago|reply
I personally do not think that 6 months' jail for stealing $42k from somebody is so severe, to be honest, it's a lot of money.
[+] [-] jlarocco|6 years ago|reply
On the other hand, it's entirely possible the plumber made an honest mistake.
[+] [-] narag|6 years ago|reply
[+] [-] ufmace|6 years ago|reply
It's like if the plumber designed, built, and installed a device specifically to make your plumbing leak or clog or something at a specific point in the future, instead of just installing a normal and expected device incorrectly.
The law does tend to take intentions into account for crimes and punishment. Killing somebody by a freak accident is different from making a plan in advance to kill somebody and executing it.
This does make it feel rather odd that it's legal to DRM things though.
[+] [-] ropiwqefjnpoa|6 years ago|reply
[+] [-] yrro|6 years ago|reply
[+] [-] drc500free|6 years ago|reply
[+] [-] slowmovintarget|6 years ago|reply
[+] [-] bjornsing|6 years ago|reply
[+] [-] everybodyknows|6 years ago|reply
1. Ignorance/Incompetence -- wasn't paying attention?
2. Gross negligence -- doing it wrong was somehow quicker and cheaper.
3. Fraud -- calculated to fail.
p.s. Dealing with similar case of malfeasance myself just now (electrical). Looks to be about #1 20%, #2 80%.
[+] [-] ppseafield|6 years ago|reply
[+] [-] jessant|6 years ago|reply
[+] [-] rustybolt|6 years ago|reply
I wonder why this is illegal but it's legal for hardware to deny service or even break stuff when they detect you're using something they don't like (I'm referring to printers, but I also remember a case where a microcontroller would try to brick something when it detected a counterfeit cable).
[+] [-] javagram|6 years ago|reply
Which seems like incredible incompetence of the company to accept code in that format in the first place and to not have demanded the password when the first issue arose.
[+] [-] navaati|6 years ago|reply
Still a good laugh from the sidelines...
[+] [-] zelon88|6 years ago|reply
[+] [-] de_watcher|6 years ago|reply
[+] [-] Rexxar|6 years ago|reply
[+] [-] choeger|6 years ago|reply
[+] [-] hurricanetc|6 years ago|reply
If he had accidentally written sloppy code that happened to break periodically would that have been illegal? I don’t fully understand what law he broke and how such a law would not also apply to the seemingly infinite cases of built in obsolescence.
[+] [-] EGreg|6 years ago|reply
I knew I’d have the upper hand if the site suddenly stopped working. But I was afraid of some kind of “hacking laws” being “exceeding access” or whatever (probably stupid given what was realistic) and never did it. My only acceptable option was to do a DMCA takedown at AWS because they had never signed a copyright assignment.
Anyway long story short I never got paid. Been too nice / scared. And the startup went out of business. Many of its investors were pissed. The usual.
[+] [-] Rainymood|6 years ago|reply
[+] [-] pc86|6 years ago|reply
[+] [-] hamilyon2|6 years ago|reply
[+] [-] justincredible|6 years ago|reply
[deleted]
[+] [-] bilekas|6 years ago|reply
Also, how were the contractors changes not reviewed?
If the same engineers work keeps throwing unknown problems down the line, the LAST thing I am doing is contacting them again.
[+] [-] zozbot234|6 years ago|reply
[+] [-] leowoo91|6 years ago|reply
[+] [-] MertsA|6 years ago|reply
I could say the same about some of the... less talented developers I've worked with in the past. Hanlon's razor might not apply in this case, but that's a scary thought given how the US justice system seems so inept at handling cyber crime.
[+] [-] ghostpepper|6 years ago|reply
It makes it sound more sophisticated than it is. What’s wrong with calling it malware? Or even better, simply criminal behaviour that happens to involve a computer.
[+] [-] PeterisP|6 years ago|reply
It immediately suggests that it has a delayed action that creates a disruption after some time (and not right away); that it is hidden (as opposed to e.g. ransomware), that it's intentionally deployed there (as opposed to someone accidentally getting infected), that it's most likely not spreading itself automatically like a virus and that the damage isn't controlled in realtime like in a botnet, etc.
Simply saying 'malware' would not tell us this information, so it would be vague and inaccurate instead of using the appropriate terminology.
[+] [-] jrockway|6 years ago|reply
The prosecutors and industries that coined these terms are very clever. For the petty crimes that they describe, they can turn the outrage up to eleven by comparing the most minor transgression to murder. In the case of DRM, the industry managed to convince people to buy new TVs, monitors, video cards, and cables... to protect their rights? Their right to be turned upside down and have the coins and bills shaken out of their pants, I guess.
[+] [-] duxup|6 years ago|reply
[+] [-] markstos|6 years ago|reply
"It wasn't an armed robbery, it was just unsophisticated criminal behavior that happened to involve a gun."
[+] [-] thrower123|6 years ago|reply
[+] [-] ggggtez|6 years ago|reply
Doesn't seem like he was a very good scam artist... That's not a lot of money to risk jail over.
[+] [-] LegitGandalf|6 years ago|reply
https://dilbert.com/strip/1995-11-13
[+] [-] BuildTheRobots|6 years ago|reply
That's an oddly specific loss amount, especially the 50c
[+] [-] drderidder|6 years ago|reply
[+] [-] dmix|6 years ago|reply
Maybe he was only used for some older niche stuff that was going out of style and he was trying to cling to the past.
[+] [-] giancarlostoro|6 years ago|reply
[+] [-] duxup|6 years ago|reply
[+] [-] pts_|6 years ago|reply
[+] [-] pmiller2|6 years ago|reply
[+] [-] jonplackett|6 years ago|reply
[+] [-] LifeLiverTransp|6 years ago|reply
[deleted]