Fired Engineer at Fannie Mae Accused of Planting Malware Time Bomb

A contractor working at a Fannie Mae facility in Maryland has been indicted on charges of planting malicious script on a server after he was fired. The incident underscores the dangers of the insider threat, some say.

A fired Unix engineer stands accused of planting a malware time bomb at the mortgage firm Fannie Mae that had the potential to destroy countless computer files, federal officials said.

Rajendrasinh Makwana, 35, of Frederick, Md., was indicted on Jan. 27 for the attempted malware attack. Makwana was an employee for a firm called OmniTech, and worked at Fannie Mae's facility in Urbana, Md., as a contract employee. After being terminated on Oct. 24, federal officials say Makwana retaliated by hiding malicious code on a Fannie Mae server and setting it to go active Jan. 31.

Five days later, another Unix engineer discovered the malicious script embedded within a pre-existing, legitimate script. According to a federal affidavit, the legitimate script runs every morning at 9 a.m. and validates that there are two storage area network paths running correctly and operationally through all Fannie Mae servers. The malicious script was at the bottom of the legitimate script and was separated by roughly one page of blank lines in an apparent attempt to hide the malicious script within a legitimate script.

Federal officials said Makwana was terminated because on or about Oct. 10 or Oct. 11 he created a computer script that changed the setting on the Unix servers without getting the nod of his supervisor. That script was not malicious.

"Despite Makwana's termination, [his] computer access was not immediately terminated," FBI agent Jessica A. Nye stated in the affidavit.

Nye goes on to explain that access to Fannie Mae's computers for contractors' employees was controlled by the company's procurement department, which did not terminate Makwana's computer access until late in the evening Oct. 24.

According to the affidavit, Fannie Mae's nationwide internal computer network includes about 4,000 computer servers. Had the malicious script executed, the script would have propagated itself out to all 4,000 servers, thereby damaging all of Fannie Mae's data. Nye estimated the damage would have cost millions and possibly shutdown operations at Fannie Mae for at least a week.

Sophos Senior Technology Consultant Graham Cluley noted in a blog post that the case underscores the damage disgruntled employees can potentially do to a network.

"Obviously this case is ongoing, and charges have not been proven against Makwana," Cluley wrote. "But imagine what the impact could have been if an attack like this were not intercepted and had successfully struck a financial institution."

*This story was updated with additional information.