US economy narrowly avoids hacking disaster (fails to avoid self-made one)

Got to love this.Sophos have just sent out a press release warning about a near miss hack attack on US financial giant Fannie Mae.
Written by Andrew Donoghue, Contributor

Got to love this.

Sophos have just sent out a press release warning about a near miss hack attack on US financial giant Fannie Mae.

Apparently a disgruntled employee planned to set off a "malware timebomb" that would have wiped the organisations databases - potentially triggering an economic meltdown which would have plunged financial markets into a recession which we have not seen the likes of since the great depression. Fear, confusion and chaos would have been widespread.

Phew! Good job that didn't happen then!

Actually Sophos goes on to say that with the markets in turmoil already, the hacking attack would have caused untold miser. I disagree, I think no one would have noticed. I think this could be a new tactic to defeat hackers and even terrorists, let''s just let society and the economy implode and the malcontents won't be able to disrupt anything - self-made scorched-earth policy -it's genius.

Here is the missive in full:


Disgruntled software engineer attempted to obliterate 4,000 servers with malicious script

IT security and control firm Sophos is reminding businesses of the importance of properly safeguarding IT networks following the news that a federal grand jury in Maryland, US, has indicted a 35-year-old ex-employee of Fannie Mae for planting a malicious script, designed to destroy data on the US financial giant's servers.

According to media reports, Rajendrasinh Babubhai Makwana worked as a software engineer at Fannie Mae's offices in Maryland for three years, where he is said to have had access to all of the company's 4,000 servers.

During this time, Makwana, an Indian citizen who now resides in Virginia, is alleged to have embedded destructive code on the company's server which was due to trigger at 9:00 am on 31 January 2009, wiping out all data across the network by overwriting it with zeroes. According to the prosecution case, anyone trying to log in to the network on 31 January would have received a message saying 'Server Graveyard'.

Documents presented to the court state that, Fannie Mae terminated Makwana's employment in October 2008 - the malicious script was allegedly found the following day. If found guilty, Makwana could face a sentence of up to ten years in prison.

"Obviously this case is ongoing, with charges not yet proven against Makwana, but it should serve as a timely reminder to all companies as to what they should be prepared for," said Graham Cluley, senior technology consultant at Sophos. "Implementing a combination of robust user policies and security measures is crucial in order to safeguard their IT networks - and ultimately their business - against such incidents."

"As the credit crunch forces companies to tighten their belts around the world, more and more firms will be making the difficult decision to make staff redundant. But it's important to remember that a disaffected employee could create havoc inside your organisation," continued Cluley. "We can only imagine the impact if an attack like this hadn't been intercepted and had successfully struck a financial institution - with public confidence in the financial system at an all-time low, coupled with an unstable economy, the consequences would be dire."

"Had this malicious script executed, it would have probably caused millions of dollars of damage and reduced - if not shutdown - operations at Fannie Mae for at least one week," said FBI agent Jessica Nye in a sworn statement. "The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."

Editorial standards