A 51-year-old systems administrator from New Jersey has received the longest federal prison sentence for attempting a crime designed to damage a computer system. Yung-Hsun Lin (also known as Andy Lin) was given 30 months in jail for planting code on a company server in 2003 that was supposed to destroy a medical drug database. He was also ordered by US District Judge Jose Linares to pay $81,200 in restitution to his former employer, Medco Health Solutions.

The story goes like this: Lin was employed at Medco because he was "proficient in the HP-Unix computer language designed to operate computer servers," according to court documents seen by Ars. In the fall of 2003, Lin learned through the grapevine that the company was planning to lay off some sysadmins, and sent off e-mails to colleagues stating that he wasn't sure if he would survive the anticipated layoffs. A day later, he decided to plant code into Medco's servers designed to delete almost everything once triggered. "Among other information, the Destructive Code was designed to delete the [Drug Utilization Review Database], as well as databases identifying subscribers, plan coverage, prescription administration, and billing data," reads one court document. The code was set to deploy automatically on April 23, 2004—Lin's birthday.



Mr. Lin, your name is not Zero Cool

Well, it turns out that Mr. Lin may have gotten a little bit ahead of himself, because several days later, Medco did in fact lay off four sysadmins—none of them him. A month after that, Lin attempted to edit the code, presumably to ensure that it would not deploy as scheduled. It turns out that Lin maybe wasn't as good a programmer as he thought, because come April 23, 2004, the code deployed anyway. To Medco's relief, he was apparently really bad, because when deployed, the code failed to do its duty due to a bug. Oops.

Oh, but that's not all. Lin figured out the bug and decided, "What the hell, I didn't get laid off, but I'll set this thing to go off on April 23, 2005 anyway!" Fortunately, another Medco sysadmin found the code while looking into another system error in January of 2005, and Lin was officially caught. Last September, Lin pleaded guilty to one count of transmitting computer code with the intent to cause damage in excess of $5,000, and he was sentenced this week.

The US Attorney General for New Jersey, Christopher Christie, praised Medco for moving quickly and turning the case over to the government. "Disgruntled or rogue employees are a real threat to corporate technology infrastructures and can cause extensive damage," he said in a statement. "The results of this prosecution send a message to systems administrators and employees; and industry should feel comfortable and confident in coming to us when such cases arise."