Mortgage giant Fannie Mae recently uncovered a logic bomb that could have destroyed or altered data on its servers. Rajendrasinh Makwana, a former computer contractor, was indicted earlier this week on computer intrusion charges. At the very least, Fannie Mae would have been down days or even a week cleaning its servers, rebuilding, and reloading data.
Makwana was a UNIX engineer with Fannie Mae. He had root access and the keys to the systems, and was able to install a logic bomb that was due to go off on January 31, 2009. Had the logic bomb gone off, anyone logged into the system on that day would have seen the message, "Server Graveyard."
Makwana was terminated in late October of 2008 for creating a script that changed the settings on a UNIX server at Fannie Mae without the proper authority. According to the court complaint, he was terminated and told to turn in his badge, laptop, etc., by the end of the day. Unfortunately, his privileged access was not terminated immediately. The procurement department, which controls computer access for contractors at Fannie Mae, did not put through the request to terminate his access until late that evening. The following day, a senior UNIX engineer discovered that Makwana had installed malicious code in the bottom of a valid script that would have caused damage.
I wrote in a previous post that companies that are going through tough times are the most at risk. This recent incident at Fannie Mae is a good example of a company moving fast to terminate an employee and not having proper controls in place. This could have turned out negatively for Fannie Mae if it weren't for some good work by another engineer. As the saying goes, "it takes an engineer to catch an engineer."