A former Fannie Mae IT contractor has been indicted for allegedly planting a malware bomb on the US mortgage agency's systems.
The piece of malicious code, timed to execute next January, would have destroyed all the data on Fannie Mae's servers and caused millions of dollars of damage, the FBI alleges.
Contractor Rajendrasinh Makwana was indicted on Tuesday in the US District Court for Maryland. The FBI alleges that Makwana was able to plant malicious code in Unix script on Fannie Mae's servers due to his access privileges not being revoked immediately following his dismissal.
Makwana, who had been contracted out from software development company Omnitech, worked for Fannie Mae from early 2006 until 24 October, 2008. According to a criminal complaint lodged by the FBI, Makwana allegedly targeted Fannie Mae's servers after his contract was terminated. Malicious code found on the servers after Makwana was sacked was set to execute on 31 January, 2009.
Makwana worked at Fannie Mae's datacentre in Urbana as a Unix engineer. He had root access to all of Fannie Mae servers. According to the FBI complaint, Makwana had been informed of his dismissal in the afternoon of 24 October, 2008, while his access privileges were revoked on that evening.
Writing in a blog post on Thursday, Sophos senior technology consultant Graham Cluley warned that companies laying off staff due to the worsening global conditions should think about possible security risks from disgruntled ex-employees.
"As belts tighten and the credit crunch continues to hit around the world, more and more companies will be making the decision to make staff redundant," wrote Cluley. "As we've written before, a disaffected employee could create havoc inside your organisation so make sure that appropriate security is in place."
ZDNet UK's Tom Espiner contributed to this article.
Talkback
There are are infinite number of networked consulting companies within the Fannie Mae IT.. every hiring is backed by n number of kick backs. You can rarely see a contractor working there who got hired just because his abilities! and most of these consulting companies providing people are owned by fannie employees or their spouses! Even this omni tech owner started as a tester there and then grew into a big consulting firm.. now all his relatives - whether qualified or not - are working there!!
One of the first steps people think about in cases like this is - why don't they have appropriate anti-virus programs in place - the reality is that these are only the first step to security. There is value, since these programs perform a thorough cleaning of existing (or known) virus and malware infections, returning the systems to a
relatively stable state. BUT, they are typically just behind the current day and computers are vulnerable to newly released viruses or attacks until the code is identified and the anti-virus agents are updated on every machine – a process that can take weeks.
Here we have a custom piece of malware being created so there is no way the traditional approach would have worked and this therefore turns many computers that are exposed to the malware into zombie machines, running background programs that carry out widespread attacks or tapping into business communications and databases. In order to restore the "status quo" any infected computers must be completely wiped and rebuilt to clear the operating system of the malware, causing downtime, overloading
IT, and impacting productivity.
The alternative approach – ensuring that only approved and valid applications run on every computer – requires a shift in mindset from defense to offense.
In this example, we see that the traditional approaches to endpoint protection have become ineffective in today’s dynamic computing environments. A whitelist solution provides the means to take
charge of your information environment by making the shift from focusing only on what you know is bad to allowing only what you know to be good. Knowing what applications you have, and which you need, is half the battle. By defining the necessary
applications in a whitelist and authorising them to run on the appropriate computers, you automatically place everything else on a virtual blacklist. Simply put, any executable – whether a business application, a video driver, or a web browser plug-in – not specified on the whitelist cannot load and run. Controlling exactly which applications can run on each computer keeps information secure while offering many other operational benefits.
In which case a whitelist doesn't help much either!
I was led to believe a standard system script was used but with a bit added on at the end which would have been activated three months later.