Friday, January 30, 2009

Ex-Fannie Mae worker charged with planting virus

TROJAN : Ex-Fannie Mae worker charged with planting virus

By Freeman Klopott

Examiner Staff Writer

January 29, 2009


A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say.

Rajendrasinh Makwana, an Indian citizen, was indicted Tuesday on computer intrusion charges. The former Gaithersburg resident is out on $100,000 bail, court documents said.

Makwana was fired from his contract position at Fannie Mae on Oct. 24 for changing computer settings without permission from his supervisor, FBI agent Jessica Nye wrote in a sworn statement. He had worked at Fannie Mae for three years as a computer engineer at the Urbana offices, where he had full access to all of the federally created mortgage company’s 4,000 servers. Before leaving work Oct. 24, Makwana allegedly tried to hide a code in server software that was set to activate the morning of Jan. 31, the agent wrote.

“Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week,” Nye wrote. “The total damage would include cleaning out and restoring all 4,000 of [Fannie Mae’s] servers, restoring and securing the automation of mortgages, and restoring all data that was erased.”

A spokeswoman for Fannie Mae declined to comment.

According to Nye’s statement, a senior computer engineer discovered the virus Oct. 29. The malicious code was hidden after a blank page, and “it was only by chance” that the senior engineer scrolled down and found the virus, Nye wrote. The engineer locked down Fannie Mae’s servers to determine whether other viruses were hidden inside and where the virus had come from, Nye wrote. Only about 20 Fannie Mae employees and contractors, including Makwana, had access to the server where the virus was stored.

An Internet Protocol address was eventually linked to Makwana’s company-issued laptop, Nye wrote. He was arrested Jan. 7.

The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae’s computer monitoring system and then cutting all access to the company’s 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying “Server Graveyard.”

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.

Since the virus’s discovery, engineers have double-checked the servers and found no evidence of other malicious codes, Nye wrote.

Makwana’s attorney, Christopher Nieto, did not return calls Wednesday.

No comments:

This Day in History

Thanks for your Visit