Fannie Mae Case Is a Reminder Not to Take Data Backup Lightly


I read about the indictment of a former Unix engineer from Fannie Mae with macabre fascination. The engineer in question, Rajendrasinh Babubhai Makwana, was sacked for his lack of performance. It would have been just a typical firing had Makwana not decided to surreptitiously insert additional system script of his making in the few hours before his system access was revoked.


Having worked "in the trenches" in IT for more than five years, the first thought - assuming that the news reports on the potential effects of his shenanigans were true - is that this engineer is really quite talented. To be sure, the ramifications of the malicious code would have been severe to the extreme if he not for the fortuitous - and accidental - discovery of the modifications by another engineer days later.


According to reports, the code changes were designed to run many months later, which would effectively hide his tracks. Upon completion, over 4,000 Fannie Mae servers would have had their data irretrievably overwritten. On this front, I estimate no less than a complete rebuilding of all 4,000 servers to be necessary. Indeed, investigators alleged that the potential damage number into the millions of dollars. I am sure most - if not all - small and medium business would have closed down outright.


If anything, this case exemplifies my earlier advice on the importance of off-site backup, as with my recommendation that the handling of such tasks should not be under the purview of the same employee that oversees daily operations. In addition, it is also important to prepare for the worst by periodically testing these backups.


All is not lost for the SMB without deep pockets, though. As outlined earlier, the judicious use of virtualization can certainly be leveraged to allow for a rapid recovery where business continuity is concerned. All that is really needed would be the proper backup of working virtual machines which can be quickly restored.

While we might not be able to predict when the storm might come, we can certainly prepare for it. Don't wait any longer - start taking backup seriously today.


You can read the original report at Computerworld.