Ex server admin for Fannie Mae faces 10 years in prison for malicious script insertion
Corporations large and small place a lot of trust in administrators when they give them unfettered access to the lifeblood of virtually every business -- computer data. If a person with access to the computer data of a company decides to destroy all or part of the data, it can have dire consequences for the company.
A federal grand jury has indicted a former Fannie Mae contractor for an alleged attempt to destroy all of the data on Fannie Mae's servers. Rajendrasinh Babubhai Makwana was a computer programmer for Fannie Mae with access to all of the company’s servers across America.
Charges against Makwana allege that when he was terminated from his employment on October 24, 2008 and told to turn in all of his equipment, including his company notebook, the man installed a malicious script into the Fannie Mae server network. The man was terminated for changing computer settings without permission and had been employed for three years.
It only took a day for Fannie Mae personnel to recognize the malicious script in with the normal code inside the servers. The code was immediately removed and a lock-down of the server network was ordered.
According to the indictment, the malicious code was set to execute on January 31, 2009 and was designed to propagate across the entire Fannie Mae network and destroy all of the data present on the systems. Makwana faces a maximum sentence of ten years in prison and his arraignment is set for today.
If the script had executed the massive mortgage giant could have been forced to shut down for at least a week and could have cost the company in the area of $1 million to fix. Makwana is an Indian citizen and is currently out of jail on $100,000 bail.
The malicious code contained four scripts that were designed to copy themselves to all systems on the network, prevent engineers from receiving warning messages, and disable all logins to the production control server and its backup among other things.