A US judge has sentenced an Atlanta man to two years in prison followed by three years of supervised release for sabotaging one of the US Army's payro
A US judge has sentenced an Atlanta man to two years in prison followed by three years of supervised release for sabotaging one of the US Army’s payroll databases with a “logic bomb.”
The man’s sentence is related to an incident that occurred in November 2014 and affected the US Army’s Regional Level Application Software (RLAS).
According to court documents, Mittesh Das, 49, of Atlanta, Georgia, was hired by a company that was contracted by the US Army to manage one of the databases part of the country-wide RLAS system.
The third-party company contracted Das to work on its RLAS maintenance contract since 2012 due to his extensive expertise with the system.
But two years after it won the RLAS contract, this company failed to secure an extension and was later scheduled to hand over the RLAS database management duties to another contractor in November 2014.
According to investigators, Das didn’t appear to take this handover lightly, and at some time before the changeover, he placed malicious code on the RLAS database that would execute days after the new company took over and would destroy locally-stored records.
This code –which investigators referred to as a “logic bomb”– started executing on November 24, the date the new company started RLAS management duties.
The US Army Criminal Investigation Command, which investigated the case, says the code wiped data from five servers associated with the RLAS systems stored at Fort Bragg, North Carolina.
The US Army eventually removed the logic bomb code and restored all data, but by that time days had passed. Several consequences resulted from this event.
For starters, the US Army was on the hook for $2.6 million labor costs for the investigation and the audit of the RLAS system.
Second, over 200,000 US Army reservists had to wait weeks for their pay, as the affected servers managed payroll data. US military press covered the incident at the time, calling it a “glitch” in the Regional Level Application Software, and reported payment delays for US Army reservists of 17 days, on average.
Third, US Army Reserve operations were also affected because orders for mobilizing soldiers were also handled through the same systems affected by the logic bomb. This prevented the US Army Reserve from mobilizing any soldiers in December 2014 for their scheduled monthly drills.
Following a long-winded investigation, authorities charged and arrested Das in April 2016, and he later pleaded guilty in September 2017. Besides the two-year prison sentence and three years of supervised released, Das was also ordered to pay $1.5 million in restitution for the damages he caused.