Fired Engineer Tried To Wipe Out All Fannie Mae Computers

from the that-would've-been...-bad dept

We’ve seen plenty of stories of former disgruntled workers shutting down computer systems, locking others out or even running scams, but I don’t think we’ve seen anything that had the potential to be as big a deal as the disgruntled tech who installed a logic bomb that would have wiped out all of Fannie Mae’s computers, potentially shutting the organization down for at least a week to recover.

There are a few oddities here — beyond just the simple question of how the system was set up in a way that would ever allow the ability to wipe out all machines in that way. First, the guy was fired — but then allowed to finish up work that day, which gave him time to set the logic bomb. Why would you let someone who was fired (for a programming error) back to his computer to “finish” his day? These days it seems rather standard practice to escort fired employees off the premises. Next, the logic bomb wasn’t spotted for five days. This turned out not to be a problem, since he had set the logic bomb to go off at the end of January (he was fired in October). Perhaps he did so to avoid having blame pointed in his direction, but if he had set it to go right away, or the next morning, it might have actually worked. Given Fannie Mae’s role in the current financial mess, can you just imagine what would have happened if all their computers had melted down at once?

Filed Under:
Companies: fannie mae

If you liked this post, you may also be interested in...
Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Fired Engineer Tried To Wipe Out All Fannie Mae Computers”

Subscribe: RSS Leave a comment
52 Comments
Anonymous Coward says:

What a strange story

“Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae”

– Probably an H1B on low wages

“he was being fired because of a scripting error”

– Wow, that’s a bit harsh.
– note to self, do not ever work for Fannie Mae

– Something about this story just doesn’t add up.

Anonymous Coward says:

Re: Re: What a strange story

#27 -> “>Probably an H1B on low wages
How is this relevant in the context of story? I mean, dont you think you are missing the point here..”

I do not condone what this person did or what FM did.

The whole point to the H1B program is to bring in foreign nationals and pay then much less than what is readily available in the marketplace.

It is relevant because he thought he was being screwed over, how would you react ?

One line of code can equal millions of dollars says:

Re: What a strange story

Its not harsh at all. Being who Fanny Mae was, one line of coded can introduce a bug that could cost millions of dollars in damages. I would suspect that the programming error he made was a bit more than just a JavaScript field validation method not checking email format correctly. Or possibly he has a pattern of bugs that make him detrimental to the company, and this was the straw that broke the camels back.

Joel Coehoorn says:

Not hard

I wanted to call out this remark:

> the simple question of how the system was set up in a way
> that would ever allow the ability to wipe out all machines
> in that way.

Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.

Jesse McNelis (user link) says:

Re: Not hard

The only reason it’s not trivial is because the systems have been setup to allow this attack.
If the systems had been setup correctly it becomes trivial to prevent this attack. But seeing as though the major OS don’t do this, we all have to deal with it.

I still find the way OSs just run whatever random code is given to them to be fairly disturbing. One wrong move and you’re screwed and you probably won’t even be able to detect it. Rootkit detectors aren’t really useful unless you take the system offline, which you can’t do in a production environment.

Pauli says:

Re: Not hard

“Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.”

For starters, only one or two employees in any enterprise should have domain admin access. In my company, all the helpdesk guys (even 3rd level) use a specially written console to control other users’ accounts. This lets them do their job without having admin access.

One would assume that a giant financial institution would have processes that guaranteed this sort of security.

bish says:

Finish up the day

It’s actually NOT uncommon for terminated employees to be continue working. In the real world, that’s a transitional time where the employee is expected to hand off all the current tasks in a proper and respectable manner — I’ve seen some people working for 3 months after being given termination notice, and that’s even before severance kicks in. Only at the pathetic sweatshops (some large, with well-known names, Hal) do they escort the poor schmo off the premises.

As someone whose employment was bought up by a sweatshop, I expect I’ll be in the same boat as that H1B in but a month or 3. Pity the fool for his attempt at justice.

Sopor42 says:

Re: Finish up the day

Are you in IT Bish? It is standard practice in IT, depending only slightly on the details of the termination, to get the employee off-sight as quickly as possible. Often, the employees accounts and access are locked down while he/she is talking to the boss, so they’re not even able to do anything if they go back to their desk.

Anonymous Coward says:

What the 'f is a 'logic bomb'?

Sounds like a science fiction invention.

My guess is that he just put rm -rf / in the root crontab* that was copied to all Unix servers. Some ‘bomb’, it takes all of 30 seconds to do that.

*from the article: “malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m”

JoJo says:

Finish up the day

–It’s actually NOT uncommon for terminated employees to be continue working.

There is a difference between fire and layoff. When an employee is being let go for financial reasons, yes, transitions are the norm and necessary and there are usually some niceties to try to help the person. If you fire someone, it is you f’ed up too big and you are done so letting him stick around is odd.

scott says:

much more than a simple crontab

If you follow the chain of links back to the wired story and then the fbi doc it gives a fairly detailed description of how it all came about including numerous scripts this guy wrote and their details. It is quite involved. After reading about it along with some other details it doesn’t see possible he did all this in a few hours form when he was first until he left the building – it seems more like he had this planned for a long time and then once fired just copied the files over.

NullOp says:

Let go...

Here is how it works in my play book:

1. You let me go without making arrangements for consulting then you get zip. If you want answers, you pay, period. Those that tout loyalty in business always expect you to be loyal to them, not visa-versa.

2. Errors happen. Sometimes it takes years for the right set of conditions to occur that triggers the error. You don’t fire someone over it.

3. You don’t ‘retaliate’ for managements apparent stupidity or lack of common sense. Retaliation just gives them a reason to call the lawyers.

4. Document testing done on code. Get signatures stating the testing was reviewed.

5. Attempts to defend yourself should be adequate but minimal. Use lawyers. A company will never understand your point-of-view unless its being stated by a lawyer.

6. Always keep the resume up-to-date.

I’ve found these rules work well. Its stupid and futile to try to hurt the company by damaging the systems and it just gives them legal ammunition. In short, be a pro!

Get off the property you evil do-er! says:

Escorts

I had plenty of jobs in HS where I was escorted off the property. These were menial jobs like warehouse work, retail, etc. Each firing was because I would call out too much, show up late, etc. Like I said they were after school type jobs. I just always thought it was funny that they would have people escorted outside like I’m going to go berserk getting let go from a $5/hour job! Being walked outside like an infant is what makes me want to sneak back in and spray the entire place with cheeze wiz. ;-D

Blitz says:

Planned...

most likely the guy already had the script set and ready to go before he got fired or wrote it when he found out he didnt have permissions that he thought he “deserved” lol… going to school with many programmers, i know for a fact over half of them have these scripts already wrote and ready to go if their employer does something unrespectful…

Anonymous Coward says:

Foriegn National

“Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae’s massive data center in Urbana, Maryland, for three years.”

I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

I realize that outsourcing is the big rage, but this looks like gross mismanagement in the IT dept and possibly in the security dept also. I would expect termination of some middle management types, but that probably will not haqppen.

Anon says:

Re: Foriegn National

>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.

Anonymous Coward says:

Re: Re: Foriegn National

#28 -> “With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.”

The comment was not intended to inspire any sort of patriotism. It was more in line with pragmatism.

I’m not sure what you mean by
“these are guys who run the IT part of things”
like no one else is capable of such tasks – get real.
The only reason this guy was there is because FM was cutting corners and didn’t want to pay anyone what the job is worth.

Shohat says:

Re: Foriegn National

I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

I know what you mean :). While managing the deployment of a major IT project in Russia, someone decided to parachute in an American consultant (QA/Standardization).
Everyone just smiled and nodded for a few weeks while denying him access to anything meaningful.

Patric (user link) says:

Disturbing

I do find it a bit disturbing that they are outsourcing this type of high level work. Either way I do not agree with trying to get back at an employer, it seems pretty childish and very unprofessional.

These days companies are looking for anything they can hold over our heads in court, so don’t give them something they can use to tie you to the stake.

———–
Patric H.
Real Estate License Direct

Snipergod87 says:

Re: Fate of data?

Probably not much, as there is software that allows you to recover all deleted data from a hard disk, which I myself have used in the past very successfully. However it does take a awhile to recover the data. They may have also had previous backup’s off site as this is a standard pratice for IT. The main concern for the company would be wha the customers thought of it if this attack went through, I think the “Millions of dollar’s in damage” would have been customers leaving and income lost due to downtime.

Anonymous Coward says:

Re: Foriegn National

E JAy -> “Hmmm, no “American” would do such a thing would they.

– Interesting that you would think that, but no, I neither said that nor intended same. Certainly this has happened in many places perpetrateed by many differnet people.

Typical comment from the typical US citizen.
BTW, thanks for the global recession.”

– Wow, got issues? And who is assuming that I am from any particular country? Oh, and btw … I had nothing to do with the major screw up by ultra rich assholes across the globe to which you refer.

chris (profile) says:

Re: Foriegn National

>>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

Hmmm, no “American” would do such a thing would they.

Typical comment from the typical US citizen.

IF the perpetrator is a foreign national on a work visa, and IF he lost his job, chances are he’s in danger of getting shipped back to wherever he’s from.

that means he has [potentially] more to lose than a local national, and has the potential to be miles away when the logic bomb goes off.

i didn’t see much (if any) nationalism in the original statement. i think a lot of americans would be tempted to seek revenge on a employer if they had the option of leaving the country.

meddows says:

I was there....

I worked the Fannie Mae contract while this guy was there, but left long before he did. I was in a different location (Reston VA), but remember seeing this guy’s name on our call-out list. All of the data/network guys were on speed-dial for us. When I left FM, I came back a day or so later, and spent a few hours, without supervision, at my desk getting “personal items”. I made back ups of emails, saved other data I thought I might need for a rainy day, and otherwise had infinite time to do whatever I wanted. I didn’t do anything malicious (in fact, the called 9 mos later and offered me a better position at a different location), but could have done some nasty things in my time there. I imagine their termination policy it much tighter, now, but considering how it was during my time, I am not surprised this happened– but am surprised that it didn’t happen sooner. They let people go constantly, and it was only a matter of time.

Mr.Database (user link) says:

Hire Better IT Staff

This is why you pay your IT staff more. I believe they under payed there IT staff because the executives didn’t believe this could happen. They need to fire there IT staff and hire someone like myself to come in and set standards.

All passwords should have been reset immediately and he should have been walked out of the office.

I wonder how they stumbled upon the script…This doesn’t make sense. If all passwords were reset then when the script started it would have displayed in the event logs as “ACCESS DENIED.” Therefore, his replacement would see the alert and figure out where it came from. Fannie Mae might have covered the story up and said that the script was found ahead of time….When in fact the script probably executed and displayed in the logs access “ACCESS DENIED.”

shaman says:

Is my memory foggy?

Is this the same fannie mae that almost went bankrupt a few months ago, avoiding it by getting bailed out by the american taxpayers – or is my memory foggy? These things speak to deep seated upper management problems, not out sourced employees, who do not set policy and protocol, or create and implement appropiate safe guards to prevent either technological or financial disasters. He may well have been a loose cannon, but he was also not managed in an effective manner.

Twinrova says:

If only to dream.

“can you just imagine what would have happened if all their computers had melted down at once?”
Actually, I do. And not just from Fannie Mae.

I was watching a show recently talking about the computer attacks of the future and how easy it is to do today. While companies struggle with protecting their sites, it’s a constant, never-ending battle.

I expect this day to come in the future. I expect people pissed off at “online disputes” to begin “fighting back” with attacks against corporate computers.

Personally, I can not begin to fathom why anyone would want to do this, despite how angry they are. The consequences of such actions would be far worse than being fired/disgruntled at the company.

On a personal note, I sometimes feel computers place a great distance between consumers and customer service. It seems “contacts” are now nothing more than emails, and trying to talk with anyone live seems to disappear every day.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »