Fired Engineer at Fannie Mae Accused of Planting Malware Time Bomb
A contractor working at a Fannie Mae facility in Maryland has been indicted on charges of planting malicious script on a server after he was fired. The incident underscores the dangers of the insider threat, some say.A fired Unix engineer stands accused of planting a malware time bomb at the mortgage firm Fannie Mae that had the potential to destroy countless computer files, federal officials said. Rajendrasinh Makwana, 35, of Frederick, Md., was indicted on Jan. 27 for the attempted malware attack. Makwana was an employee for a firm called OmniTech, and worked at Fannie Mae's facility in Urbana, Md., as a contract employee. After being terminated on Oct. 24, federal officials say Makwana retaliated by hiding malicious code on a Fannie Mae server and setting it to go active Jan. 31.
Five days later, another Unix engineer discovered the malicious script embedded within a pre-existing, legitimate script. According to a federal affidavit, the legitimate script runs every morning at 9 a.m. and validates that there are two storage area network paths running correctly and operationally through all Fannie Mae servers. The malicious script was at the bottom of the legitimate script and was separated by roughly one page of blank lines in an apparent attempt to hide the malicious script within a legitimate script.
Sophos Senior Technology Consultant Graham Cluley noted in a blog post that the case underscores the damage disgruntled employees can potentially do to a network."Obviously this case is ongoing, and charges have not been proven against Makwana," Cluley wrote. "But imagine what the impact could have been if an attack like this were not intercepted and had successfully struck a financial institution." *This story was updated with additional information.