How do you get revenge on a company that fires you? You might be tempted to plant a nice big logic bomb, but when it would have destroyed millions of dollars from Fannie Mae, then perhaps you’ve gone too far.
Disgraced IT Engineer Rajendrasinh Babubahai Makwana, 35, of Virginia, was informed he was going to be fired from the Federal National Mortgage Association (Fannie Mae) on October 24, 2008. According to court documents Makwana’s highly privileged computer access wasn’t terminated until late into the evening because of bureaucratic procedures in Fannie’s procurement department, leaving him just enough time to plant a nice little UNIX bomb.
His script was programmed to remain dormant for three months, when it would greet administrators with a login message that read “Server Graveyard” and systematically replace all data with zeros on every production, administrative, and backup server in the company.
Now, given that Fannie Mae’s assets are worth $882.5 billion, this could have caused a little bit of a stir. If the bomb had gone off, it would have wiped out millions of mortgage records just as the meltdown in the U.S. housing market is reaching the boiling point.
The bomb itself was a piece of software engineering that Guy Fawkes would have been proud of. On January 31, 2009, the first worm would be released, blocking the monitor system for 61 minutes, so that no-one could detect changes. Once this was done, all log ins would be disabled, the root access would be removed, all the data would be re-written with zeroes, (targeting any “high availability” systems) and then replicate itself to all 4000 servers. At this point, the second worm would perform the same job through the administrative servers in case the first had missed something.
Fortunately, dumb luck intervened. A senior engineer stumbled upon the script five days after Makwana’s dismissal, when an IP address he’d been given was being cleaned out.
Makwana was arrested on January 7 and released on a $100,000 bond. He faces the maximum jail term of 10 years.
Source: The Register
Published: Jan 30, 2009 08:51 pm