14 DAY TRIAL // A former Fannie Mae computer engineer was convicted of computer intrusion for planting a hidden malicious program with the purpose of destroying all data on the mortgage giant's network.
Rajendrasinh Babubhai Makwana, age 36, of Montgomery County, Maryland, worked as a UNIX engineer at Fannie Mae's Urbana Technology Center between 2006 and October 24, 2008, when he was fired.
Five days after Makwana's departure from the company, another engineer stumbled across a hidden script, which was set to execute a malicious payload on January 31, 2009.
The program was aimed at disabling network monitoring systems and deleting all data from the company's 5,000 servers.
The FBI investigators estimated that if the script had activated, operations at Fannie Mae would have been crippled or completely shut down for at least a week. This would have cost the company millions of dollars in losses and other costs.
An analysis of the logs revealed that the program was uploaded on October 24 from the IP address assigned to Makwana's company-issued laptop.
On the same day the computer engineer emailed his family, who were in India at the time, and told them not to return to the United States.
Makwana was arrested on January 7, 2009. His sentencing has been scheduled for December 8, 2010 and he faces a maximum sentence of ten years in prison.
Despite the recent increase in sophisticated targeted attacks, disgruntled current and former employees remain the biggest threat to corporate networks.
Mitigating such threats require implementing strict access control policies, but even such measures are not always enough.
Back in July 2009, we reported about a programmer, who was arrested for stealing the source code for a proprietary piece of high-volume stock trading software, during his last days of contract with a large US financial organization.