Fannie Mae contractor indicted for planting malware

The US mortgage agency did not revoke the access privileges of an IT contractor who had been dismissed, allowing the contractor to insert a malware bomb, the FBI alleges
Written by Larry Dignan, Contributor

A former Fannie Mae IT contractor has been indicted for allegedly planting a malware bomb on the US mortgage agency's systems.

The piece of malicious code, timed to execute next January, would have destroyed all the data on Fannie Mae's servers and caused millions of dollars of damage, the FBI alleges.

Contractor Rajendrasinh Makwana was indicted on Tuesday in the US District Court for Maryland. The FBI alleges that Makwana was able to plant malicious code in Unix script on Fannie Mae's servers due to his access privileges not being revoked immediately following his dismissal.

Makwana, who had been contracted out from software development company Omnitech, worked for Fannie Mae from early 2006 until 24 October, 2008. According to a criminal complaint lodged by the FBI, Makwana allegedly targeted Fannie Mae's servers after his contract was terminated. Malicious code found on the servers after Makwana was sacked was set to execute on 31 January, 2009.

Makwana worked at Fannie Mae's datacentre in Urbana as a Unix engineer. He had root access to all of Fannie Mae servers. According to the FBI complaint, Makwana had been informed of his dismissal in the afternoon of 24 October, 2008, while his access privileges were revoked on that evening.

Writing in a blog post on Thursday, Sophos senior technology consultant Graham Cluley warned that companies laying off staff due to the worsening global conditions should think about possible security risks from disgruntled ex-employees.

"As belts tighten and the credit crunch continues to hit around the world, more and more companies will be making the decision to make staff redundant," wrote Cluley. "As we've written before, a disaffected employee could create havoc inside your organisation so make sure that appropriate security is in place."

ZDNet UK's Tom Espiner contributed to this article.

Editorial standards