The government-backed mortgage bank Fannie Mae has already had its share of negative headlines over the past year, but officials there were close to suffering another major setback: a case of computer sabotage that would have resulted in millions of dollars in damage and wiped out customer mortgage data on the lender’s 4,000 computer servers.
Rajendrasinh Babubha Makwana, a former IT contractor at Fannie Mae who was fired for making a coding mistake, was charged this week with placing a “logic bomb” within the company’s Urbana, Md., data center in late October of last year. The malware was set to go into effect at 9 a.m. EST Saturday and would have disabled internal monitoring systems as it did its damage. Anyone logging on to Fannie Mae’s Unix server network after that would have seen the words “Server Graveyard” appear on their workstation screens.
Fortunately for Fannie Mae, another engineer discovered the sabotage within a week of its apparent placement in the network. “Had this malicious script executed, engineers expect it would have caused millions of dollars of damage and reduced if not shut down operations for at least one week,” reads a complaint filed by investigating FBI agent Jessica Nye.
Makwana is free on US$100,000 bond.
Revenge of the Nerd
The circumstances surrounding Makwana’s termination are the kind that make corporate computer security experts cringe. An employee of an outside consulting firm who had worked at Fannie Mae for three years, the 35-year old Indian national was told during the early afternoon of Oct. 24 that he would be fired for making a Unix scripting error two weeks earlier. The FBI complaint says the error was not done maliciously, but Makwana was told that it would be his last day and to turn in his security badge and laptop computer when he left work.
“Despite Makwana’s termination, Makwana’s computer access was not immediately terminated,” reads the complaint. “Access to computers for contractor’s employees was controlled by the procurement department, which … did not terminate his computer access until late in the evening on Oct. 24, 2008.”
“This is one more indication that we’ve moved into a world where computers are the desired medium of exchange for all manner of things, including, apparently, revenge,” David Perry, global education director for security firm Trend Micro, told TechNewsWorld.
The Inner Workings of a Logic Bomb
In the world of information security, logic bombs are considered old-school forms of creating computer code mischief. “They’ve been around for a long time,” Kevin Simzer, senior vice president at Entrust, told TechNewsWorld. “It’s basically the same type of logic bomb that is placed on desktops, but this one had a time trigger.”
Perry says most logic bombs are themselves carrying payloads like viruses or worms, and a trigger of some sort (time, user action, etc.) will release the payload into a network. “We don’t tend to see destructive malware like this out in the field anymore.”
FannieMae could have had processes in place to protect the server data had the logic bomb not been discovered in time, Simzer said.
“If the sensitive information were encrypted or protected in some way, shape or form, the repercussions of the bomb would have been reduced dramatically. You can’t rely on people to make the right choices all the time. You need checks and balances. You need to have separation of duties. You need to have mechanisms in place to make sure sensitive information remains intact and protected.”
Perry says if the allegations are proven, in addition to making the wrong choice regarding the logic bomb, Makwana also chose the wrong company. “Fannie Mae is in everybody’s crosshairs right now. Everybody’s paying attention, it’s already in the eyes of the public.”