Former govt contractor sentenced in “logic bomb” national security case
There’s what appears to be the final chapter in a case that was first reported in April, 2016. A contractor, Mittesh Das, who was convicted in September, 2017 for sabotaging an army program, was sentenced to two years in federal prison.
Here’s the DOJ’s press release of September 11:
GREENVILLE – The United States Attorney for the Eastern District of North Carolina, Robert J. Higdon, Jr., announced that today, Senior United States District Judge Malcom J. Howard, sentenced MITTESH DAS, 49, of Atlanta, Georgia, to 24 months of imprisonment followed by 3 years of supervised release and ordered to pay 1.5 million dollars in restitution.
On September 20, 2017, a federal jury found DAS guilty of knowingly transmitting malicious code with the intent to cause damage to a U.S. Army computer used in furtherance of national security.
A Grand Jury in the Eastern District of North Carolina indicted DAS on April 5, 2016 for conduct that occurred in 2014.
In November of 2014, a national level computer program responsible for handling pay and personnel actions for nearly 200,000 U.S. Army reservists began experiencing unusual issues. Five of the servers associated with the program are located at Ft. Bragg, North Carolina. Standard internal troubleshooting uncovered suspicious code that led to an investigation by the Army’s Criminal Investigation Command (CID). The investigation revealed that in 2012, due to DAS’s vast experience with the system, the contracted company responsible for oversight of the computer system had subcontracted with DAS to assume lead responsibility for the system. However, the contract was subsequently re-bid and awarded to a different company with a hand-over date of November 24, 2014. The investigation revealed that DAS inserted malicious code – commonly referred to as a “logic bomb” – in the days leading up to the contract changeover and that the progressively destructive nature of this code began taking effect the day after the changeover.
The damage had to be corrected through removal of the malicious code, restoration of all information and features, and a thorough review of the entire system to locate any further malicious code, amounting to a total labor cost to the U.S. Army of approximately $2.6 million.
The case was investigated by U.S. Army Criminal Investigation Command, which received assistance from the Department of Homeland Security and the Johns Creek, Georgia, Police Department. Assistant United States Attorney Jason Kellhofer represented the government in this case.
“Mr. Das exploited his position as a cleared defense contractor to sabotage the U.S. Army Reserve’s personnel system and disrupt pay to our nation’s Soldiers,” said Director Daniel Andrews of the Computer Crime Investigative Unit, U.S. Army Criminal Investigation Command. “Cybercrime and insider threats present significant challenges to national security and military operations, and today’s sentencing serves as a stark reminder that we will continue to preserve strategic readiness by bringing violators to justice.”
Robert J. Higdon, Jr., U.S. Attorney for the Eastern District of North Carolina remarked that, “We are strong supporters of the brave work accomplished by the United States Army Reserve Command and are honored to have been able to hold this criminal accountable for the harmful attack on what is much more than just a computer system. The cyber attack in this instance directly affected thousands of Army reservists. Such conduct will be prosecuted to the fullest extent of the law by this office.”