Friday, January 30, 2009

"Logic bomb" almost blows up Fannie

By Rick C. Hodgin
Friday, January 30, 2009 09:34
tgdaily.com
Washington (DC)

On October 29, 2008, a vigilant senior Unix engineer happened across a "logic bomb" that was allegedly planted by a contractor, Rajendrasinh Babubhai Makwana, who had worked in their Urbana, MD facility until October 24, 2008 when his contract was terminated. The script was set to activate on January 31, 2009 and would completely wipe all of Fannie Mae's 4,000 servers. According to engineers, had it done so it would've caused "millions of dollars in damage, and possibly shut down operations for a week."

Fannie Mae is a government-sponsored mortgage lender. Makwana, 35, was indicted for "unauthorized computer access" this past Tuesday in a Maryland District Court, though he is currently free on $100,000 bail after surrendering his passport. Makwana's public defender told reporters he would enter a plea of "not guilty" today, but did not comment further.

According to an FBI affidavit by the Unix engineer who found Makwana's alleged work, "The malicious script [called only 'SK'] was at the bottom of the legitimate script, separated by approximately one page of blank lines, apparently in an effort to hide the malicious script within the legitimate script."

As a result, the script was removed immediately and a lockdown of all Fannie Mae servers was ordered to prevent additional hostile access.

Makwana allegedly used a Fannie Mae laptop computer, which had been assigned IP address 172.17.38.29, to gain root access to the system and implant the script. This is how the senior Unix engineer was able to discover who may have inserted it.

No comments: