Defence contractor guilty of planting 'logic bomb' in US Army computer network

Mittesh Das, 48, planted destructive code into an army computer programme.

US General Stanley McChrystal (C), top US commander in Afghanistan, works at his computer inside a C-130 Hercules airplane on the way to Kabul on December 2, 2009Mustafa Quraishi/AFP/Getty Images

A man accused of attempting to sabotage a computer network of the US Army by planting a "logic bomb" has been convicted this week following a three-day trial.

48-year-old Mittesh Das of Atlanta, Georgia, was found guilty by jury of stealthily planting malicious computer code "with intent to cause damage" into a network linked to national security – a crime that reportedly cost the US taxpayer $2.6m (£1.9m) to investigate and resolve.

Last year, a grand jury in North Carolina indicted Das for the incident, which occurred three years ago. He is set to be formally sentenced in January 2018.

Advertisement

Court filings, released Thursday (21 September) by the US justice department, explained how in November 2014 a system used for handling pay for nearly 200,000 army reservists began experiencing issues.

When it happened, officials blamed problem on a mysterious "glitch" in the programme, which is known as the Regional Level Application Software (RLAS).

It delayed US Army paychecks by roughly 17 days.

"All functions are slowed," Lt. Col. William Ritter, a spokesman for the reserve, said at the time "Anything that RLAS would have handled is now being done in an alternate manner."

But an investigation later uncovered lines of "suspicious code" that led to a wider probe, conducted by the army's Criminal Investigation Command (CID).

Investigators found that in 2012 a company that had been contracted for oversight of the computer system had subcontracted Das to take over lead responsibility.

However, the sought-after contract was subsequently re-bid and awarded to a different, unnamed, company with a handover date set for 24 November 2014.

Advertisement

The investigation revealed that Das inserted malicious code – commonly referred to as a "logic bomb" – in the days leading up to the contract changeover.

Mittesh Das placed a "logic bomb" in army networksLuca Bravo/Unsplash

The destructive nature of the code began taking effect the day after the changeover.

The damage had to be corrected through removal of the code, restoration of all information and a "review of the entire system to locate any further malicious code", which amounting to a cost of $2.6m, the DoJ said.

"Cyber-sabotage is not a 'prank.' It is a very serious crime with real victims and real costs," said John Stuart Bruce, United States attorney for the Eastern District of North Carolina, where five of the computer servers linked to the targeted software were located.

Advertisement

He added: "In this case, the crime cost taxpayers $2.6m. Thanks to great work by the investigators and prosecutor, Das is being held accountable for his criminal acts."

Daniel Andrews, of the CID's Computer Crime Unit, said: "We are very pleased with today's guilty verdict and will do everything in our power to help bring to justice those who attempt to sabotage or disrupt US Army operations in the defence of our nation.

"Let this be a warning to anyone who thinks they can commit a crime in cyberspace and not get caught," he added. "We have highly trained and specialised investigators who will work around the clock to uncover the truth and preserve Army readiness."

Das's charges are punishable by up to 10 years imprisonment, a fine of up to $250,000, and a term of supervised release of up to three years, the DoJ said last year.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.