14 DAY TRIAL // A former IT admin, who used to work for Fannie Mae at their Urbana Technology Center in Maryland, has been indicted by a grand jury for planting a malicious script to destroy data on all of the company's servers. The computer time bomb was designed to go off on the 31st of January, 2009 at 9:00 am.
The Federal National Mortgage Association, also known as Fannie Mae, is a financial enterprise sponsored by the government, and founded during the Great Depression in 1938. Given its main activities of buying and guaranteeing mortgages, the company is particularly vital in these difficult times of world crisis.
According to the indictment, Rajendrasinh Babubhai Makwana, 35, who is an Indian citizen, worked for three years as a computer engineer at Fannie Mae, until October 24, 2008, when his contract was terminated. During this time Makwana had root access to all of the main systems, credentials which the company failed to revoke until the evening of the day of his layoff.
Finding out that he was being let go, the software engineer, in a true BOFH style taken to extreme, came up with a viciously evil plan to bring all the operations of the enterprise down. His intention was nothing short of replacing the entire financial data, including the backups, from all of the company's production servers, with zeroes.
Profiting from the fact that his credentials were not yet revoked, the admin appended malicious code to a legitimate script, leaving a page-worth of blank lines between the two in order to avoid detection. This code was to be executed three months later, making it more difficult for the investigators to trace the incident back to him.
"When the program ascertained it was January 31, 2009, it would copy the rest of the files from the '.soti' file from the dsysadm01 server and run the .y.sh script. The .y.sh script would place a blocker on the monitoring system disabling any engineers from receiving a monitoring alert for any problems on any machines in the entire environment for 61 minutes," FBI Agent Jessica Nye, explained in a sworn statement.
The script was set to greet the administrators trying to log in with a message that read "Server Graveyard," which might have really been the case if another senior engineer hadn't discovered the code a few days after Makwana was fired. “Had this malicious script executed, engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at Fannie Mae for at least one week. The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased,” said the FBI agent.
The investigators were able to determine that Makwana was responsible, because the script upload was made from the IP assigned to his company-issued laptop. In addition, a message sent from his Fannie Mae e-mail address to his family, who were in India at the time, instructed them not to return to the U.S. The rogue administrator, who was living in Glen Allen, Virginia, has been arrested on January 7 and is facing a maximum sentence of 10 years behind bars.
“Obviously this case is ongoing, and charges have not been proven against Makwana. But imagine what the impact could have been if an attack like this were not intercepted, and had successfully struck a financial institution. With economies so rocky at the moment anyway and confidence in the financial system amongst the general public badly shaken in recent months, it would be very bad news indeed for any institution to be hit in this way,” commented Graham Cluley, senior technology consultant for Sophos.
Given the current sensitive financial situation around the world, a lot of people are bound to lose their jobs, while many already have. Companies have to be more vigilant than ever when it comes to revoking the accounts of ex-employees, otherwise they might face serious data breaches or system downtimes. Former workers have wrecked havoc on the networks of their past employers many times before, but now more of them might be tempted to do it, being angered because they are left without a job in such difficult times, with few prospects of new employment.