A programmer facing up to 10 years in the cooler, and as much as $250,000 in fines, blew his guilty plea deal on Monday – after he tried to avoid admitting full blame for his actions.
David Tinley, 62, was in court to admit planting logic bombs [PDF] in spreadsheets he had developed for Siemens over a decade ago: if he pleaded guilty early and avoided a full-blown trial, the US justice system would cut him a deal resulting in a lesser sentence.
At the last minute, however, Tinley tried to push a more innocent explanation for his actions.
By logic bomb, we mean software or systems maliciously booby-trapped to crash or fail after certain conditions arise, or an amount of time has elapsed. They’re typically put in place by rogue employees who want to enact revenge on bosses, or generate work for themselves so they can stay employed seemingly repairing the mess they secretly caused.
IT plonker stuffed ‘destructive’ logic bomb into US Army servers in contract revenge attack
Part of Tinley’s plea deal required him to pay back Siemens some of the money it had spent tackling and fixing recurring glitches in spreadsheets that managed orders for electrical equipment – spreadsheets he built for the global giant in the early 2000s.
Tinley’s lawyer insisted on noting in court that the money was only to cover what the manufacturing goliath had paid other people to probe the spreadsheet gremlins, and it was not Tinley paying back money he had earned from the biz for his work.
A prosecutor for Uncle Sam took offense at that notion, however, according to an in-court report from Law360, and pointed out that it had invoices from Tinley to Siemens in which he charged the multinational to come in and fix problems with the spreadsheets.
The government said it has evidence that Tinley added code to the complex spreadsheets that “had no functional value, other than to randomly crash the program,” explained Assistant US Attorney Shardul Desai.
Uncle Sam’s position is that Tinley put a time delay in the code so it would start glitching at some future point and so prompt Siemens to pay him to come in and fix the problem – at which point he would simply reset the clock, invoice for his time, and wait for it to go wrong again.
It hadn’t included those details in the plea deal, Desai told the judge, because it wanted to move ahead with the case, unfolding in a US federal district court of Pennsylvania. It was planning to dig into precisely what Tinley did and why during sentencing – an event likely to happen weeks later.
But Tinley and his lawyer pushed back. He had not put the logic bombs in the code to prompt Siemens to hire him back to fix the issue, they argued, but to protect his proprietary code. “My motives were honorable,” Tinley told the court in Pittsburgh. He then started arguing that some of the problems weren’t a result of his code but had been due to changes made to the Microsoft Excel software itself.
I think not
That’s when Desai started seeing red. As the courtroom row intensified, Desai pointed out that Tinley had refused to hand over the password to unlock the spreadsheet for editing when asked for it back in 2011, claiming he was protecting his work product.
For years, the spreadsheet would glitch, Tinley would be hired to come in, would “fix” it, invoice Siemens, and head out again. But that all changed in May 2016 when Tinley was out of state, and Siemens called again about the spreadsheet. The company had an urgent order it had to put through, it told Tinley, and it wasn’t working properly again. Pushed, Tinley relented and handed over the password.
And that was when Siemens realized it had been had. It found the logic bombs in the sheet’s scripts, and put a team of people on it, including coders and lawyers, to figure out if the dodgy code had caused mistakes in the past. It spent $42,000 on the issue – more than the $5,000 in damages that turns something from an infraction or misdemeanor into a felony.
The only reason the US assistant attorney has been put on the case was because it had become a felony, and he was seemingly unwilling to see his whole case turned into nothing more than an innocent misunderstanding.
As the carefully coordinated plea deal fell apart and courtroom discussion grew increasingly heated, the judge stepped in. “You and your client have some disagreement with Mr Desai’s recitation,” noted District Judge Peter Phipps. “If that’s the core recitation and it’s still not accepted unconditionally… then I’m not taking a plea today.”
The judge called a 15-minute recess and told the two sides to go away and see if they could reach agreement over what Tinley was going to admit to. Fifteen minutes later and nothing. The judge turned to Tinley: “I asked you if you agreed, and you tried to put a gloss on it, which I understand,” he said, but then made it clear how it was going to go down. “I need an unconditional, no-conditions, no-gloss accounting of the factual basis for this, because if we don’t, I can’t accept a plea.”
Desai said that if Tinley, of North Huntington, Pennsylvania, wasn’t going to agree fully with the factual recitation he had put forward then the government was going to go to a grand jury. The judge shut the hearing down, and ordered a new one [PDF] for July 19.
Law360 tracked down Tinley’s lawyer Stanley Greenfield afterwards. He said he would work with prosecutors on new language. “We’re going to hopefully work it out,” he noted. “We thought that we had it so resolved as of today, but the judge is the judge and he made his decision.”
We’ll see next month what happens. ®