Fired Engineer Tried To Wipe Out All Fannie Mae Computers
from the that-would've-been...-bad dept
We’ve seen plenty of stories of former disgruntled workers shutting down computer systems, locking others out or even running scams, but I don’t think we’ve seen anything that had the potential to be as big a deal as the disgruntled tech who installed a logic bomb that would have wiped out all of Fannie Mae’s computers, potentially shutting the organization down for at least a week to recover.
There are a few oddities here — beyond just the simple question of how the system was set up in a way that would ever allow the ability to wipe out all machines in that way. First, the guy was fired — but then allowed to finish up work that day, which gave him time to set the logic bomb. Why would you let someone who was fired (for a programming error) back to his computer to “finish” his day? These days it seems rather standard practice to escort fired employees off the premises. Next, the logic bomb wasn’t spotted for five days. This turned out not to be a problem, since he had set the logic bomb to go off at the end of January (he was fired in October). Perhaps he did so to avoid having blame pointed in his direction, but if he had set it to go right away, or the next morning, it might have actually worked. Given Fannie Mae’s role in the current financial mess, can you just imagine what would have happened if all their computers had melted down at once?
Filed Under: disgruntled it workers
Companies: fannie mae
Comments on “Fired Engineer Tried To Wipe Out All Fannie Mae Computers”
What a strange story
“Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae”
– Probably an H1B on low wages
“he was being fired because of a scripting error”
– Wow, that’s a bit harsh.
– note to self, do not ever work for Fannie Mae
– Something about this story just doesn’t add up.
Re: What a strange story
It does sound odd.
Re: What a strange story
>Probably an H1B on low wages
How is this relevant in the context of story? I mean, dont you think you are missing the point here..
Re: Re: What a strange story
#27 -> “>Probably an H1B on low wages
How is this relevant in the context of story? I mean, dont you think you are missing the point here..”
I do not condone what this person did or what FM did.
The whole point to the H1B program is to bring in foreign nationals and pay then much less than what is readily available in the marketplace.
It is relevant because he thought he was being screwed over, how would you react ?
Re: What a strange story
Its not harsh at all. Being who Fanny Mae was, one line of coded can introduce a bug that could cost millions of dollars in damages. I would suspect that the programming error he made was a bit more than just a JavaScript field validation method not checking email format correctly. Or possibly he has a pattern of bugs that make him detrimental to the company, and this was the straw that broke the camels back.
Not hard
I wanted to call out this remark:
> the simple question of how the system was set up in a way
> that would ever allow the ability to wipe out all machines
> in that way.
Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.
Re: Not hard
The only reason it’s not trivial is because the systems have been setup to allow this attack.
If the systems had been setup correctly it becomes trivial to prevent this attack. But seeing as though the major OS don’t do this, we all have to deal with it.
I still find the way OSs just run whatever random code is given to them to be fairly disturbing. One wrong move and you’re screwed and you probably won’t even be able to detect it. Rootkit detectors aren’t really useful unless you take the system offline, which you can’t do in a production environment.
Re: Not hard
“Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.”
For starters, only one or two employees in any enterprise should have domain admin access. In my company, all the helpdesk guys (even 3rd level) use a specially written console to control other users’ accounts. This lets them do their job without having admin access.
One would assume that a giant financial institution would have processes that guaranteed this sort of security.
Re: Re: Not hard
“One would assume that a giant financial institution would have processes that guaranteed this sort of security”
Maybe if it wasn’t a Government run institution…oh wait, private doesn’t work either…lol
Finish up the day
It’s actually NOT uncommon for terminated employees to be continue working. In the real world, that’s a transitional time where the employee is expected to hand off all the current tasks in a proper and respectable manner — I’ve seen some people working for 3 months after being given termination notice, and that’s even before severance kicks in. Only at the pathetic sweatshops (some large, with well-known names, Hal) do they escort the poor schmo off the premises.
As someone whose employment was bought up by a sweatshop, I expect I’ll be in the same boat as that H1B in but a month or 3. Pity the fool for his attempt at justice.
Re: Finish up the day
I worked one place for two years that had announced a planned termination before I was hired as a temp. Lots of seriously grumpy employees just holding out for the package. I got my first professional job that was a real resume builder.
Re: Finish up the day
There is a difference between terminated via layoff vs terminated for a screw up. Also it’s very, very common for someone with admin access to just be escorted out immediately, even if they simply resign.
Re: Finish up the day
Seriously?? You’ve got to be kidding. When an employee at this level is termed – you call them in, explain the situation, have security or hr pack up his/her things pat them on the back and wish them well.
Re: Finish up the day
Are you in IT Bish? It is standard practice in IT, depending only slightly on the details of the termination, to get the employee off-sight as quickly as possible. Often, the employees accounts and access are locked down while he/she is talking to the boss, so they’re not even able to do anything if they go back to their desk.
Does this mean my school loan would have been wiped from existence? *sigh* one can only dream.
What the 'f is a 'logic bomb'?
Sounds like a science fiction invention.
My guess is that he just put rm -rf / in the root crontab* that was copied to all Unix servers. Some ‘bomb’, it takes all of 30 seconds to do that.
*from the article: “malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m”
Finish up the day
–It’s actually NOT uncommon for terminated employees to be continue working.
There is a difference between fire and layoff. When an employee is being let go for financial reasons, yes, transitions are the norm and necessary and there are usually some niceties to try to help the person. If you fire someone, it is you f’ed up too big and you are done so letting him stick around is odd.
much more than a simple crontab
If you follow the chain of links back to the wired story and then the fbi doc it gives a fairly detailed description of how it all came about including numerous scripts this guy wrote and their details. It is quite involved. After reading about it along with some other details it doesn’t see possible he did all this in a few hours form when he was first until he left the building – it seems more like he had this planned for a long time and then once fired just copied the files over.
"he was being fired because of a scripting error"
Actually, if you follow the links and read the FBI affidavit, you’ll see that he was fired for a process violation – he made system changes without authorization.
It appears he was a bit of loose canon.
Consultant, huh….
Lucky
If he was really good the code bomb would never have been found until it went off.
His career is over. No matter how badly you are treated a true IT professional would never damage a system.
He must have been really abused by Fannie Mae to do it, but it’s still not right.
Re: Lucky
“His career is over.”
Really? Since his name isn’t in the article, it would be difficult to know that the bright IT Pro in the interview chair is actually the guy who tried to destroy data at FM.
Re: Re: Lucky
Well this is going to be considered hacking, by law he is going to be banned from using computers for a good while. So yeah, career is over.
Would It Have Been Worse?
Considering how effective Fannie May had been, wiping out all their data and putting them out of business for a week might have actually saved us tax payers some money.
Re: Would It Have Been Worse?
Perhaps he’s the fall guy in a botched attempt to hide something else?
Let go...
Here is how it works in my play book:
1. You let me go without making arrangements for consulting then you get zip. If you want answers, you pay, period. Those that tout loyalty in business always expect you to be loyal to them, not visa-versa.
2. Errors happen. Sometimes it takes years for the right set of conditions to occur that triggers the error. You don’t fire someone over it.
3. You don’t ‘retaliate’ for managements apparent stupidity or lack of common sense. Retaliation just gives them a reason to call the lawyers.
4. Document testing done on code. Get signatures stating the testing was reviewed.
5. Attempts to defend yourself should be adequate but minimal. Use lawyers. A company will never understand your point-of-view unless its being stated by a lawyer.
6. Always keep the resume up-to-date.
I’ve found these rules work well. Its stupid and futile to try to hurt the company by damaging the systems and it just gives them legal ammunition. In short, be a pro!
WE ARE GOING TO SEE A LOT MORE
of this sort of thing. People are really angry and they are getting a lot more upset. I believe society in the US which in the best of times is one of the most violent society’s on Earth is going to get a lot more violent. People will start making company’s pay whether its justified or not.
Re: WE ARE GOING TO SEE A LOT MORE
WTF are you smoking? (can i have some?)
Escorts
I had plenty of jobs in HS where I was escorted off the property. These were menial jobs like warehouse work, retail, etc. Each firing was because I would call out too much, show up late, etc. Like I said they were after school type jobs. I just always thought it was funny that they would have people escorted outside like I’m going to go berserk getting let go from a $5/hour job! Being walked outside like an infant is what makes me want to sneak back in and spray the entire place with cheeze wiz. ;-D
Planned...
most likely the guy already had the script set and ready to go before he got fired or wrote it when he found out he didnt have permissions that he thought he “deserved” lol… going to school with many programmers, i know for a fact over half of them have these scripts already wrote and ready to go if their employer does something unrespectful…
Foriegn National
“Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae’s massive data center in Urbana, Maryland, for three years.”
I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
I realize that outsourcing is the big rage, but this looks like gross mismanagement in the IT dept and possibly in the security dept also. I would expect termination of some middle management types, but that probably will not haqppen.
Re: Foriegn National
>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.
Re: Re: Foriegn National
#28 -> “With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.”
The comment was not intended to inspire any sort of patriotism. It was more in line with pragmatism.
I’m not sure what you mean by
“these are guys who run the IT part of things”
like no one else is capable of such tasks – get real.
The only reason this guy was there is because FM was cutting corners and didn’t want to pay anyone what the job is worth.
Re: Foriegn National
I know what you mean :). While managing the deployment of a major IT project in Russia, someone decided to parachute in an American consultant (QA/Standardization).
Everyone just smiled and nodded for a few weeks while denying him access to anything meaningful.
Disturbing
I do find it a bit disturbing that they are outsourcing this type of high level work. Either way I do not agree with trying to get back at an employer, it seems pretty childish and very unprofessional.
These days companies are looking for anything they can hold over our heads in court, so don’t give them something they can use to tie you to the stake.
———–
Patric H.
Real Estate License Direct
Fate of data?
I read that his password was not canceled for over two weeks.
Question: If this had been successful, what would have been the result for Fannie Mae–and its customers–besides the week-long fix? Would a lot of data have been lost?
Re: Fate of data?
Probably not much, as there is software that allows you to recover all deleted data from a hard disk, which I myself have used in the past very successfully. However it does take a awhile to recover the data. They may have also had previous backup’s off site as this is a standard pratice for IT. The main concern for the company would be wha the customers thought of it if this attack went through, I think the “Millions of dollar’s in damage” would have been customers leaving and income lost due to downtime.
Foriegn National
>>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
Hmmm, no “American” would do such a thing would they.
Typical comment from the typical US citizen.
BTW, thanks for the global recession.
Re: Foriegn National
E JAy -> “Hmmm, no “American” would do such a thing would they.
– Interesting that you would think that, but no, I neither said that nor intended same. Certainly this has happened in many places perpetrateed by many differnet people.
Typical comment from the typical US citizen.
BTW, thanks for the global recession.”
– Wow, got issues? And who is assuming that I am from any particular country? Oh, and btw … I had nothing to do with the major screw up by ultra rich assholes across the globe to which you refer.
Re: Foriegn National
Worse things have happened dear…Have you hear about Bernie Madoff?
Re: Foriegn National
>>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
>Hmmm, no “American” would do such a thing would they.
No… we’ve *never* heard of ‘mericuns doing horrific things in these situations… no-one *has* ever gone postal…
Re: Foriegn National
>>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
Hmmm, no “American” would do such a thing would they.
Typical comment from the typical US citizen.
IF the perpetrator is a foreign national on a work visa, and IF he lost his job, chances are he’s in danger of getting shipped back to wherever he’s from.
that means he has [potentially] more to lose than a local national, and has the potential to be miles away when the logic bomb goes off.
i didn’t see much (if any) nationalism in the original statement. i think a lot of americans would be tempted to seek revenge on a employer if they had the option of leaving the country.
I was there....
I worked the Fannie Mae contract while this guy was there, but left long before he did. I was in a different location (Reston VA), but remember seeing this guy’s name on our call-out list. All of the data/network guys were on speed-dial for us. When I left FM, I came back a day or so later, and spent a few hours, without supervision, at my desk getting “personal items”. I made back ups of emails, saved other data I thought I might need for a rainy day, and otherwise had infinite time to do whatever I wanted. I didn’t do anything malicious (in fact, the called 9 mos later and offered me a better position at a different location), but could have done some nasty things in my time there. I imagine their termination policy it much tighter, now, but considering how it was during my time, I am not surprised this happened– but am surprised that it didn’t happen sooner. They let people go constantly, and it was only a matter of time.
Hire Better IT Staff
This is why you pay your IT staff more. I believe they under payed there IT staff because the executives didn’t believe this could happen. They need to fire there IT staff and hire someone like myself to come in and set standards.
All passwords should have been reset immediately and he should have been walked out of the office.
I wonder how they stumbled upon the script…This doesn’t make sense. If all passwords were reset then when the script started it would have displayed in the event logs as “ACCESS DENIED.” Therefore, his replacement would see the alert and figure out where it came from. Fannie Mae might have covered the story up and said that the script was found ahead of time….When in fact the script probably executed and displayed in the logs access “ACCESS DENIED.”
Dam IT I wish it had worked.
The joys of outsourcing!
Is my memory foggy?
Is this the same fannie mae that almost went bankrupt a few months ago, avoiding it by getting bailed out by the american taxpayers – or is my memory foggy? These things speak to deep seated upper management problems, not out sourced employees, who do not set policy and protocol, or create and implement appropiate safe guards to prevent either technological or financial disasters. He may well have been a loose cannon, but he was also not managed in an effective manner.
This man is guilty of attempted murder. Had his plot worked, he would have been responsible for billions of dollars in lost productivity, which is money, which takes time from life to earn. Taking life, even a portion, is murder. Therefore, attempting to do so is attempted murder. Time for a lynching.
If only to dream.
“can you just imagine what would have happened if all their computers had melted down at once?”
Actually, I do. And not just from Fannie Mae.
I was watching a show recently talking about the computer attacks of the future and how easy it is to do today. While companies struggle with protecting their sites, it’s a constant, never-ending battle.
I expect this day to come in the future. I expect people pissed off at “online disputes” to begin “fighting back” with attacks against corporate computers.
Personally, I can not begin to fathom why anyone would want to do this, despite how angry they are. The consequences of such actions would be far worse than being fired/disgruntled at the company.
On a personal note, I sometimes feel computers place a great distance between consumers and customer service. It seems “contacts” are now nothing more than emails, and trying to talk with anyone live seems to disappear every day.
He is from Omnitech
Just another of million consulting gigs started by ex-employees/contractors of fannie..
Re: He is from Omnitech
http://www.eweek.com/c/a/Security/Fired-Engineer-at-Fannie-Mae-Accused-of-Planting-Malware-Time-Bomb/
the eweek story
Software QA
You mean he actually coded on a live system and no subversioning was involved along with quality testing of his code before going to the live servers with it? One would think that FM being a bank would have a database management system with built in audit trails and roll back capability. I smell a patsy!