Fannie Mae sabotaged?

[Updated 2/2 5.30pm EST, after Omnitech Systems' Suresh Kalyanaraman disavowed responsibility for employment of the suspect.] In Friday's IT Blogwatch, Richi Jennings watches a former Fannie Mae contractor try to erase all its data. Not to mention how to write a book...

Gregg Keizer reports:

Fannie Mae logo
A former Unix engineer for the Federal National Mortgage Association, better known as Fannie Mae, has been accused of planting malicious code on the corporation's network that was to "destroy and alter" all of the data on the company's servers this Saturday, court documents show.

Rajendrasinh Babubhai Makwana, 35, was indicted Tuesday ... [He] embedded a malicious script in a legitimate script that ran on Fannie Mae's network every morning ... [that] was set to trigger Jan. 31 ... It would have disabled monitoring alerts and all log-ins, deleted the root passwords to the approximately 4,000 Fannie Mae servers, then erased all data and backup data on those servers by overwriting with zeros.

Dan Goodin adds:

His script was programmed to remain dormant for three months, when it would greet administrators with a login message that read "Server Graveyard" ... [and] can fairly be described as vicious, even in the high-stress world of IT administration, where sabotage by disgruntled employees is common ... It would have wiped out millions of mortgage records just as the meltdown in the US housing market is reaching the boiling point.
The allegations also lay out a cautionary tale ... Despite his dismissal on October 24, Makwana's highly privileged computer access wasn't terminated until late into the evening because of bureaucratic procedures in Fannie's procurement department ... [They] demonstrate the awesome powers vested in a single, well-placed IT administrator, who with a few hundred keystrokes has the ability to wreak substantial damage on an entire economy.

Jeremy Wagstaff has been digging:

What must also be a bit awkward is that the suspect, Rajendrasinh Makwana, has a recommendation on his LinkedIn profile from a project manager at AT&T ... the person in question gets a recommendation from Makwana as well. But what adds to the awkwardness is that the recommendation was posted on October 25, 2008 ... the day after Makwana’s last day of work—which was when he allegedly planted the virus.
Ouch. If the FBI is right, the suspect was buffing his CV, seeking recommendations from former colleagues right after planting a script that could have deleted all of Fannie Mae’s data..

John Murrell tells a tale of lucky PR folk:

In a recession, companies are often forced to take steps that leave a broad wake of unhappy and stressed workers, and according to a new McAfee global survey, disgruntlement-driven damage is the No. 1 security worry of IT decision makers. In the study, McAfee ... estimated that data theft and cybercrime breaches last year cost businesses worldwide more than $1 trillion in property loss and recovery expenses, and it warned that companies are more vulnerable now than ever.
Fortune favored McAfee’s warning with an example fresh from the headlines.

This Anonymous Coward claims to have worked at Fannie Mae:

The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack. They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.

Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed ... Oh- and of course they have backups, but imagine restoring 2500+ servers from tape.

Shawn "cowscows" Pitz has this pointless observation:

Technically, all of the data in a computer is really just a bunch of ones and zeros, so assuming a fairly even mix of those two possibilities, writing over everything with zeros would only change half of their data.

And finally...

Buffer overflow:

Other Computerworld bloggers:

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email:

Previously in IT Blogwatch:

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon