Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Malware plant at Fannie Mae serves as corporate warning

Sophos : 30 January, 2009  (Technical Article)
Sophos is warning companies to be alert for malicious code planted by disgruntled former employees after ex-Fannie Mae employee indicted on charges of planting malicious code on his former company's servers
IT security and control firm Sophos is reminding businesses of the importance of properly safeguarding IT networks following the news that a federal grand jury in Maryland, US, has indicted a 35-year-old ex-employee of Fannie Mae for planting a malicious script, designed to destroy data on the US financial giant's servers.

According to media reports, Rajendrasinh Babubhai Makwana worked as a software engineer at Fannie Mae's offices in Maryland for three years, where he is said to have had access to all of the company's 4,000 servers.

During this time, Makwana, an Indian citizen who now resides in Virginia, is alleged to have embedded destructive code on the company's server which was due to trigger at 9:00 am on 31 January 2009, wiping out all data across the network by overwriting it with zeroes. According to the prosecution case, anyone trying to log in to the network on 31 January would have received a message saying 'Server Graveyard'.

Documents presented to the court state that, Fannie Mae terminated Makwana's employment in October 2008 - the malicious script was allegedly found the following day. If found guilty, Makwana could face a sentence of up to ten years in prison.

'Obviously this case is ongoing, with charges not yet proven against Makwana, but it should serve as a timely reminder to all companies as to what they should be prepared for,' said Graham Cluley, senior technology consultant at Sophos. 'Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks - and ultimately their business - against such incidents.'

'As the credit crunch forces companies to tighten their belts around the world, more and more firms will be making the difficult decision to make staff redundant. But it's important to remember that a disaffected employee could create havoc inside your organisation,' continued Cluley. 'We can only imagine the impact if an attack like this hadn't been intercepted and had successfully struck a financial institution - with public confidence in the financial system at an all-time low, coupled with an unstable economy, the consequences would be dire.'

'Had this malicious script executed, it would have probably caused millions of dollars of damage and reduced - if not shutdown - operations at Fannie Mae for at least one week,' said FBI agent Jessica Nye in a sworn statement. 'The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased.'

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo