Disgruntled Fannie Mae insider indicted for cyber intrusion

Share this article:
Updated Friday, Jan. 30, 2009 at 11:15 a.m. EST

On the day of his firing, a former Fannie Mae employee attempted to destroy 4,000 company servers with malicious code he planted in the system.

Rajendrasinh Makwana, 35 was indicted Tuesday on one count of computer intrusion and faces up to 10 years in prison.

Makwana, a native of India, came to America in 2006 on a work visa and began working at Fannie Mae in Urbana, Md.

He was a Unix engineer and had full access to Fannie Mae computer servers, according to court documents signed by Jessica Nye, an FBI special agent.

On either Oct. 10 or 11, Makwana created a computer script that changed the Unix servers, despite being unauthorized to do so, and was fired Oct. 24, records show.

At 2:53 p.m., a couple of hours before he was required to return his laptop, Fannie Mae computer logs show that Makwana accessed a company server and embedded a malicious script that was set to execute on Jan. 31 and destroy data on all 4,000 Fannie Mae servers.

On Oct. 29, a Unix engineer by chance discovered the malware hidden at the bottom of a legitimate script, and IT personnel removed the script, documents show.

“Had this malicious script executed, Fannie Mae engineers expect it would have caused millions of dollars of damage and reduced, if not shutdown, operations at Fannie Mae for at least one week,” according to court documents.

“What this says to other organizations is, don't take the power that you give your employees for granted,” Adam Bosnian, vice president of products and strategy at identity management vendor Cyber-Ark, told SCMagazineUS.com Thursday.

Enterprises should identify what their key systems are and who should have access to them, experts said.

“There's this odd shock that occurs every time one of these stories breaks,” Jeff Nielsen, director of development at identity and access solutions provider Symark International, told SCMagazineUS.com Thursday.

Observers said these incidents could only continue to occur, given the state of the economy and the number of layoffs taking place.

"Organizations that are considering or facing layoffs need to understand the importance of revoking access entitlements to information resources and validating that the change request took effect as soon as the business relationship with a user is terminated," Brian Cleary, vice president of marketing and products at Aveksa, said in an email to SCMagazineUS.com Thursday.

A Fannie Mae spokeswoman declined to comment about the incident on Friday.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.