Federal prosecutors indicted an information-technology administrator for placing malicious code on a critical server owned by mortgage lender Fannie Mae, charging that, if the script had run, it would have hindered if not halted the company's operation for at least a week.
The federal indictment charges Rajendrashinh Makwana, an Indian citizen working for outsourcing firm OmniTech, with a single count of computer intrusion. On October 24, 2008, after hearing he had been laid off by the company, Makwana allegedly placed a modified a critical script that ran every morning to overwrite and destroy data on all of Fannie Mae's servers. The malicious code would have run on January 31, 2009, according to both the indictment and a criminal complaint.
"Had this malicious script executed, (Fannie Mae) engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at (the company) for at least one week," stated FBI Special Agent Jessica Nye in the criminal complaint. "The total damage would include cleaning out and restoring all 4,000 (of the firm's) servers, restoring and securing the automation of mortgages, and restoring all data that was erased."
Security companies have argued that fired IT workers are a major threat to corporate networks and intellectual property. In July, former San Francisco network administrator Terry Childs was accused of allegedly locking all the other administrators out of the city's FiberWAN network. In 2006, an administor for financial firm UBS PaineWebber, Roger Duronio, was sentenced to 8 years in prison for planting malicious code in the form of a logic bomb set to delete files on a specific day, hoping it would cause the company's stock to drop.
The malicious script was found by chance five days after it was allegedly planted by Makwana.
"The malicious script was at the bottom of the legitimate script, separated by approximately one page of blank lines, apparently in an effort to hide the malicious script within a legitimate script," the FBI's Nye wrote in the criminal complaint. "It was only by chance that (another administrator) scrolled down to the bottom of the legitimate script to discover the malicious script."
While the criminal complaint anonymized the name of the victim, referring to the company as "ABC," the indictment specified that the affected firm was Fannie Mae. The charges were first reported by The Examiner in Washington D.C. and ZDNet. ZDNet has posted copies of the criminal complaint and indictment.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos