Threat Management, Incident Response, TDR, Vulnerability Management

Disgruntled Fannie Mae insider indicted for cyber intrusion

Updated Friday, Jan. 30, 2009 at 11:15 a.m. EST

On the day of his firing, a former Fannie Mae employee attempted to destroy 4,000 company servers with malicious code he planted in the system.

Rajendrasinh Makwana, 35 was indicted Tuesday on one count of computer intrusion and faces up to 10 years in prison.

Makwana, a native of India, came to America in 2006 on a work visa and began working at Fannie Mae in Urbana, Md.

He was a Unix engineer and had full access to Fannie Mae computer servers, according to court documents signed by Jessica Nye, an FBI special agent.

On either Oct. 10 or 11, Makwana created a computer script that changed the Unix servers, despite being unauthorized to do so, and was fired Oct. 24, records show.

At 2:53 p.m., a couple of hours before he was required to return his laptop, Fannie Mae computer logs show that Makwana accessed a company server and embedded a malicious script that was set to execute on Jan. 31 and destroy data on all 4,000 Fannie Mae servers.

On Oct. 29, a Unix engineer by chance discovered the malware hidden at the bottom of a legitimate script, and IT personnel removed the script, documents show.

“Had this malicious script executed, Fannie Mae engineers expect it would have caused millions of dollars of damage and reduced, if not shutdown, operations at Fannie Mae for at least one week,” according to court documents.

“What this says to other organizations is, don't take the power that you give your employees for granted,” Adam Bosnian, vice president of products and strategy at identity management vendor Cyber-Ark, told Thursday.

Enterprises should identify what their key systems are and who should have access to them, experts said.

“There's this odd shock that occurs every time one of these stories breaks,” Jeff Nielsen, director of development at identity and access solutions provider Symark International, told Thursday.

Observers said these incidents could only continue to occur, given the state of the economy and the number of layoffs taking place.

"Organizations that are considering or facing layoffs need to understand the importance of revoking access entitlements to information resources and validating that the change request took effect as soon as the business relationship with a user is terminated," Brian Cleary, vice president of marketing and products at Aveksa, said in an email to Thursday.

A Fannie Mae spokeswoman declined to comment about the incident on Friday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.