Insider Plants Logic Bomb – Fannie Avoids “Final Solution”

A senior Unix administrator known only as “SK” admitted she got lucky when she found the malicious script planted in a development server on the network.  The script was buried within lines of legitimate code according to an affidavit filed against Rajendrasinh Makwana, an Indian citizen living in the United States under a work visa.  Makwana is accused of illegally accessing Fannie’s network after being fired from the job. Had the script executed as planned, 4000 servers would have been wiped clean tomorrow, January 31st.

According to an InformationWeek article here:

The discovery occurred on Oct. 29. Makwana had been terminated as a Fannie Mae contractor on Oct. 24, around 1 or 1:30 p.m., the affidavit says, but his network access was not terminated until late that evening. Makwana was fired for allegedly creating a computer script earlier that month that changed server settings without the permission of his supervisor.

Makwana was not required to turn in his badge or Fannie Mae-supplied laptop until the end of the day on Oct. 24. According to Nye’s affidavit, it was during that afternoon that Makwana is alleged to have planted the malicious script.

Makwana had planted his script by using his existing credentials over an encrypted channel.  Since his accounts were still active and his access rights still in place, no technological solution could have prevented or stopped such an attack.  But it clearly highlights the threats posed by internal users.

When employees who hold root access to key network components are terminated, precautions must be followed to prevent any tampering from happening. Also, the employee needs to be protected from blame should any happenstance befall the network. That’s why most companies will send a security guard to watch as the person packs his belongings and to confiscate keys, badges, laptops and other items. Also, network access to all resources should be revoked while the termination takes place.

Everyone wants to trust their employees as friends and colleagues.  And enforcing a procedure that requires a security guard to watch the employee as he packs his things and turn in personal items just makes a company look like a cruel, bullying entity.  However, not following such a process could jeopardize your data.