Jury convicts programmer of planting Fannie Mae server bomb
Faces 10 years in prison for trying to erase data on nearly 5,000 servers
Computerworld - A programmer who worked for the Federal National Mortgage Association, better known as Fannie Mae, was convicted Monday on a charge that he tried to destroy data on the organization's nearly 5,000 servers.
Rajendrasinh Babubhai Makwana, 36, was found guilty by a federal jury on a single charge of computer intrusion, according to court filings, and statements by the FBI and the U.S. Attorney in Maryland.
Makwana was fired from his contract position at Fannie Mae's Urbana, Md. data center on Oct. 24, 2008. Five days later, Fannie Mae engineers uncovered a malicious script -- dubbed a "server bomb" -- tucked into a routine that executed every morning on all Fannie Mae's servers.
The malware bomb was to go off Jan. 31, 2009, when it would spread throughout Fannie Mae's servers and networks, destroying all data, including financial, securities and mortgage information. Anyone who tried to log onto the network after 9:00 a.m. on that date would see the message "Server Graveyard," according to a sworn statement by FBI Special Agent Jessica Nye last year.
Fannie Mae programmers traced the malicious script to Makwana through network logs, and by comparing the contents of a directory that Makwana created on his laptop the day he was terminated.
Makwana's employment record was a matter of some confusion last year, with various contractors denying that he worked for them, but was instead a "pass-through" employee paid by another company.
IonIdea, an IT contractor with offices in the Washington D.C. area, acknowledged that it had billed Fannie Mae for Makwana's work, but argued that Makwana was actually employed by yet another firm, N.J.-based Marlabs.
Makwana, an Indian national, did not testify at his trial, which ran five days during a stretch between Sept. 27 and Oct. 4. He faces a maximum sentence of 10 years in prison, and is currently free on bond pending a Dec. 8 sentencing hearing.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Legal in Computerworld's Legal Topic Center.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Legal White Papers | Webcasts