Disgruntled Fannie Mae insider indicted for cyber intrusion

Share this article:
Updated Friday, Jan. 30, 2009 at 11:15 a.m. EST

On the day of his firing, a former Fannie Mae employee attempted to destroy 4,000 company servers with malicious code he planted in the system.

Rajendrasinh Makwana, 35 was indicted Tuesday on one count of computer intrusion and faces up to 10 years in prison.

Makwana, a native of India, came to America in 2006 on a work visa and began working at Fannie Mae in Urbana, Md.

He was a Unix engineer and had full access to Fannie Mae computer servers, according to court documents signed by Jessica Nye, an FBI special agent.

On either Oct. 10 or 11, Makwana created a computer script that changed the Unix servers, despite being unauthorized to do so, and was fired Oct. 24, records show.

At 2:53 p.m., a couple of hours before he was required to return his laptop, Fannie Mae computer logs show that Makwana accessed a company server and embedded a malicious script that was set to execute on Jan. 31 and destroy data on all 4,000 Fannie Mae servers.

On Oct. 29, a Unix engineer by chance discovered the malware hidden at the bottom of a legitimate script, and IT personnel removed the script, documents show.

“Had this malicious script executed, Fannie Mae engineers expect it would have caused millions of dollars of damage and reduced, if not shutdown, operations at Fannie Mae for at least one week,” according to court documents.

“What this says to other organizations is, don't take the power that you give your employees for granted,” Adam Bosnian, vice president of products and strategy at identity management vendor Cyber-Ark, told SCMagazineUS.com Thursday.

Enterprises should identify what their key systems are and who should have access to them, experts said.

“There's this odd shock that occurs every time one of these stories breaks,” Jeff Nielsen, director of development at identity and access solutions provider Symark International, told SCMagazineUS.com Thursday.

Observers said these incidents could only continue to occur, given the state of the economy and the number of layoffs taking place.

"Organizations that are considering or facing layoffs need to understand the importance of revoking access entitlements to information resources and validating that the change request took effect as soon as the business relationship with a user is terminated," Brian Cleary, vice president of marketing and products at Aveksa, said in an email to SCMagazineUS.com Thursday.

A Fannie Mae spokeswoman declined to comment about the incident on Friday.
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.