Saturday, January 31, 2009

Fannie Mae Logic Bomb Would Have Caused Weeklong Shutdown

 

Fannie Mae Logic Bomb Would Have Caused Weeklong Shutdown

By Kevin Poulsen January 29, 2009 | 1:41:19 PM

 

A logic bomb allegedly planted by a former engineer at mortgage finance company Fannie Mae last fall would have decimated all 4,000 servers at the company, causing millions of dollars in damage and shutting down Fannie Mae for a least a week, prosecutors say.

Unix engineer Rajendrasinh Babubha Makwana, 35, was indicted (.pdf) Tuesday in federal court in Maryland on a single count of computer sabotage for allegedly writing and planting the malicious code on Oct. 24, the day he was fired from his job. The malware had been set to detonate at 9:00 a.m. on Jan. 31, but was instead discovered by another engineer five days after it was planted, according to court records.

Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae's massive data center in Urbana, Maryland, for three years.

On the afternoon of Oct. 24, he was told he was being fired because of a scripting error he'd made earlier in the month, but he was allowed to work through the end of the day, according to an FBI affidavit (.pdf) in the case.  "Despite Makwana's termination, Makwana's computer access was not immediately terminated," wrote FBI agent Jessica Nye.

Five days later, another Unix engineer at the data center discovered the malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m. Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company's monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes.

"This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin," wrote Nye.

As a final measure, the logic bomb would have powered off the servers.

The trigger code was hidden at the end of the legitimate program, separated by a page of blank lines. Logs showed that Makwana had logged onto the server on which the logic bomb was created in his final hours on the job.

Makwana is free on a $100,000 signature bond. His lawyer didn't immediately return a phone call Thursday.

(Updated January 30, 2009 | 3:00:00 PM to correct Makwana's employment information)

Fannie

Photo:  Fannie Mae's data center in Urbana, Maryland

Fannie Mae Logic Bomb Would Have Caused Weeklong Shutdown | Threat Level from Wired.com

No comments:

Blog Archive