Disgruntled Fannie Mae insider indicted for cyber intrusion

Share this article:
Updated Friday, Jan. 30, 2009 at 11:15 a.m. EST

On the day of his firing, a former Fannie Mae employee attempted to destroy 4,000 company servers with malicious code he planted in the system.

Rajendrasinh Makwana, 35 was indicted Tuesday on one count of computer intrusion and faces up to 10 years in prison.

Makwana, a native of India, came to America in 2006 on a work visa and began working at Fannie Mae in Urbana, Md.

He was a Unix engineer and had full access to Fannie Mae computer servers, according to court documents signed by Jessica Nye, an FBI special agent.

On either Oct. 10 or 11, Makwana created a computer script that changed the Unix servers, despite being unauthorized to do so, and was fired Oct. 24, records show.

At 2:53 p.m., a couple of hours before he was required to return his laptop, Fannie Mae computer logs show that Makwana accessed a company server and embedded a malicious script that was set to execute on Jan. 31 and destroy data on all 4,000 Fannie Mae servers.

On Oct. 29, a Unix engineer by chance discovered the malware hidden at the bottom of a legitimate script, and IT personnel removed the script, documents show.

“Had this malicious script executed, Fannie Mae engineers expect it would have caused millions of dollars of damage and reduced, if not shutdown, operations at Fannie Mae for at least one week,” according to court documents.

“What this says to other organizations is, don't take the power that you give your employees for granted,” Adam Bosnian, vice president of products and strategy at identity management vendor Cyber-Ark, told SCMagazineUS.com Thursday.

Enterprises should identify what their key systems are and who should have access to them, experts said.

“There's this odd shock that occurs every time one of these stories breaks,” Jeff Nielsen, director of development at identity and access solutions provider Symark International, told SCMagazineUS.com Thursday.

Observers said these incidents could only continue to occur, given the state of the economy and the number of layoffs taking place.

"Organizations that are considering or facing layoffs need to understand the importance of revoking access entitlements to information resources and validating that the change request took effect as soon as the business relationship with a user is terminated," Brian Cleary, vice president of marketing and products at Aveksa, said in an email to SCMagazineUS.com Thursday.

A Fannie Mae spokeswoman declined to comment about the incident on Friday.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.