A logic bomb allegedly planted by a former engineer at mortgage finance company Fannie Mae last fall would have decimated all 4,000 servers at the company, causing millions of dollars in damage and shutting down Fannie Mae for a least a week, prosecutors say.
Unix engineer Rajendrasinh Babubha Makwana, 35, was indicted in federal court in Maryland on a single count of computer sabotage for allegedly writing and planting the malicious code on Oct. 24, the day he was fired from his job. The malware had been set to detonate at 9:00 a.m. on Jan. 31, but was instead discovered by another engineer five days after it was planted, according to court records.
Makwana, an Indian national, was an employee of technology consulting firm OmniTech, but he worked full time on-site at Fannie Mae’s massive data center in Urbana, Maryland, for three years.
On the afternoon of Oct. 24, he was told he was being fired because of a scripting error he’d made earlier in the month, but he was allowed to work through the end of the day, according to an FBI affidavit in the case. “Despite Makwana’s termination, Makwana’s computer access was not immediately terminated,” wrote FBI agent Jessica Nye.Five days later, another Unix engineer at the data center discovered the malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m. Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company’s monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes.
Now do you understand why IT departments consider it sound management to cut off someone’s privileges just before they’re fired?
If this story was about a company in an industry other than finance it might matter. As it is, BFD.
Yet another example of Fannie Mae’s incompetent leadership. If you are going to terminate someone, it should be immediate and that person escorted out and all access terminated immediately. It may be harsh, but once you fire someone they have nothing to lose.
Here is a good example about why the government shouldn’t be running larger organizations like this.
The only thing that this guy’s guilty of is not hiding the bomb better!
To bad we can’t drop a “logic bomb” on the Hill.
No sympathy from this corner.
What the sarcastic comments condoning this action don’t realize is the cost of vandalism.
I can see Cow-Paddy enjoying something like this though. He still hasn’t come to terms with the November election results. Besides, if he ever actually worked for a living he might just understand that quite a few people’s jobs depend upon those servers.
Just proves that revenge is not a good option.
AND, that he never read Simon’s excellent seven + years running blog, BOFH. Just go to http://www.TheRegister.co.uk/odds
Simon is the definitive expert on IT managing a business, rather than a business managing IT.
// meant as humour – spelled with a U
If he’s smart, then this program is just fake – so they won’t look any further for the real bomb, which will go off tonight.
Chuck…do if I get a big-ass student loan today, before the daily backup, maybe they’ll cut a check asap, and whammo…all records are gone. My own personal bailout. Too bad I didn’t hear about this earlier.
Seriously though…fired for a scripting error? There’s got to be more to the story.
What’s with the photo of a motel? Is this supposed to be Fannie’s Wisconsin Avenue HQ building? Get a file photo for that.
He should tell them that he wanted to test their disaster recovery plan.
Fired for a scripting error?!?!?!
I’d have been fired a few hundred times if I was fired every time I make an error in a script…
Guess he’ll be going to a Federal “pound me in the ass” prison.
I read that the so called scripting error was a backdoor so that he could change user permissions. Definitely something worth firing someone over. As to why they didn’t lock his ass out is another question, maybe they we’re expecting him to incriminate himself which is exactly what he did.
You never, ever, give sysadmins with root access a whiff of information that they’re going to be terminated.
>>Unix engineer, another engineer, Unix
>>engineer, another Unix engineer
When did programmers become “engineers”?
Is that like the “sanitation engineers” who ride on the back of the garbage truck?
So the people at the top of this company were neither reasonible nor prudent? I think we may have already suspected that but don’t worry their bills are our bills.