Fannie Mae Servers Targeted By Logic Bomb6:46 PM EST Thu. Jan. 29, 2009
A former engineer at mortgage finance company Fannie Mae was indicted for allegedly planting a "logic bomb" that would have shut down the company for at least a week by destroying all 4,000 of its servers, costing the company millions in lost productivity and damages.
Rajendrasinh Makwana, 35, who worked as a Unix engineer from the beginning of 2006 until October 2008, was indicted for sabotaging the mortgage lender's computer network by entering malicious code known as a logic bomb that would have resulted in destroying and altering the entirety of data on Fannie Mae's servers, according to the U.S. District Court indictment.
The logic bomb was embedded with legitimate code and set to launch at 9 a.m. on Jan. 31, but was impeded when another Fannie Mae engineer discovered the malware several days after it was planted.
Makwana, a native of India on a U.S. work visa, was an engineer for IT consulting firm OmniTech, but worked full time as a contracted employee at Fannie Mae's data center in Urbana, Md., from the beginning of 2006 to October of 2008. Makwana was terminated the afternoon of Oct. 24 due to a scripting error he had made earlier in the month.
However, after his termination, Makwana's access to the computer systems did not immediately end, and he retained full access rights until at least 10 p.m. that evening, according to an FBI affidavit. Makwana used his extended legitimate access to clear out all logs that revealed his access to the server, eliminating any "footprint" of his malicious activities on Oct. 24. He then gained launch code that would allow him access to Fannie Mae's servers remotely. Upon gaining root access to Fannie Mae's system, Makwana created a file in which he developed the malicious code on Oct. 25, the day after his termination.
An examination of Makwana's e-mails in the days before he created the malicious code indicated that he instructed relatives in India not to return to the U.S., the FBI affidavit said.
Meanwhile, security experts say that companies can anticipate more insiders that pose threats to corporate environments as the economy worsens and disgruntled or laid off employees seek some kind of retribution.
Brian Cleary, vice president of marketing for security company Aveksa, said that many data leaks and malware attacks committed from the inside, such as the near attack on Fannie Mae, often stem from a lack of access control and ineffective or outdated security policies.
"This is definitely an access governance control failure," Cleary said. "It's an important message for any organization considering layoffs en masse. Some of this information people have access to could be critical or sensitive to the company."
Cleary said that contracted employees will likely become a bigger security threat as companies increasingly outsource and offshore crucial functions in an effort to cut costs in the weak economy.
To fully protect themselves from insider threats, companies will increasingly need to automate their access control, Cleary said.
"An automated approach is crucial to making sure you're protecting your operation's resources," Cleary said. "[Makwana] definitely had malfeasance in mind. We've seen this where organizations with disgruntled employees have mal-intent toward the company and want to hurt it. You have to find a way to protect the operation of the enterprise so it can conduct business."