Fannie Mae Virus Scare

I came across this interesting news and I think there is a warning here, particularly in these times of global financial uncertainty, job losses, and personal financial hardship.

The message is quite clear in respect to being more vigilant with physical data centre and application data security to ensure the business is not exposed to disgruntled persons that find themselves on the wrong end of staff reductions.

Make sure that your security processes and procedures are clearly defined and administered diligently. Ensure that staff exit procedures are thorough and that system checks are performed to address any abnormalities.

It was reported that a computer engineer for Fannie Mae's Urbana data centre in Maryland, USA was fired and allegedly on the same day of his release he loaded a Unix script on the main administrative server. The script was programmed to remain dormant for three months, when it would greet administrators with a login message that read "Server Graveyard". The rogue programme would then systematically replace all data with zeros on every production, administrative, and backup server in the company, designed to destroy millions of dollars worth of information.

By fortune, a Fannie Mae engineer stumbled across the script and it was reported before the script could take affect.

Rajendrasinh Babubahai Makwana, 35, of Virginia, was a contract employee at Fannie Mae's Urbana, Maryland data center for about three years and had unfettered root access to the entire company's system. He was arrested on January 7, 2009 and released on $100,000 bond. He faces a maximum sentence of 10 years in prison and has pleased not guilty.