Fired Engineer Tried To Wipe Out All Fannie Mae Computers
from the that-would've-been...-bad dept
We've seen plenty of stories of former disgruntled workers shutting down computer systems, locking others out or even running scams, but I don't think we've seen anything that had the potential to be as big a deal as the disgruntled tech who installed a logic bomb that would have wiped out all of Fannie Mae's computers, potentially shutting the organization down for at least a week to recover.There are a few oddities here -- beyond just the simple question of how the system was set up in a way that would ever allow the ability to wipe out all machines in that way. First, the guy was fired -- but then allowed to finish up work that day, which gave him time to set the logic bomb. Why would you let someone who was fired (for a programming error) back to his computer to "finish" his day? These days it seems rather standard practice to escort fired employees off the premises. Next, the logic bomb wasn't spotted for five days. This turned out not to be a problem, since he had set the logic bomb to go off at the end of January (he was fired in October). Perhaps he did so to avoid having blame pointed in his direction, but if he had set it to go right away, or the next morning, it might have actually worked. Given Fannie Mae's role in the current financial mess, can you just imagine what would have happened if all their computers had melted down at once?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: disgruntled it workers
Companies: fannie mae
Reader Comments
Subscribe: RSS
View by: Time | Thread
What a strange story
- Probably an H1B on low wages
"he was being fired because of a scripting error"
- Wow, that's a bit harsh.
- note to self, do not ever work for Fannie Mae
- Something about this story just doesn't add up.
[ link to this | view in chronology ]
Re: What a strange story
[ link to this | view in chronology ]
Re: What a strange story
How is this relevant in the context of story? I mean, dont you think you are missing the point here..
[ link to this | view in chronology ]
Re: Re: What a strange story
How is this relevant in the context of story? I mean, dont you think you are missing the point here.."
I do not condone what this person did or what FM did.
The whole point to the H1B program is to bring in foreign nationals and pay then much less than what is readily available in the marketplace.
It is relevant because he thought he was being screwed over, how would you react ?
[ link to this | view in chronology ]
Re: What a strange story
[ link to this | view in chronology ]
Not hard
> the simple question of how the system was set up in a way
> that would ever allow the ability to wipe out all machines
> in that way.
Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.
[ link to this | view in chronology ]
Re: Not hard
If the systems had been setup correctly it becomes trivial to prevent this attack. But seeing as though the major OS don't do this, we all have to deal with it.
I still find the way OSs just run whatever random code is given to them to be fairly disturbing. One wrong move and you're screwed and you probably won't even be able to detect it. Rootkit detectors aren't really useful unless you take the system offline, which you can't do in a production environment.
[ link to this | view in chronology ]
Re: Not hard
For starters, only one or two employees in any enterprise should have domain admin access. In my company, all the helpdesk guys (even 3rd level) use a specially written console to control other users' accounts. This lets them do their job without having admin access.
One would assume that a giant financial institution would have processes that guaranteed this sort of security.
[ link to this | view in chronology ]
Re: Re: Not hard
Maybe if it wasn't a Government run institution...oh wait, private doesn't work either...lol
[ link to this | view in chronology ]
Finish up the day
As someone whose employment was bought up by a sweatshop, I expect I'll be in the same boat as that H1B in but a month or 3. Pity the fool for his attempt at justice.
[ link to this | view in chronology ]
Re: Finish up the day
[ link to this | view in chronology ]
Re: Finish up the day
[ link to this | view in chronology ]
Re: Finish up the day
[ link to this | view in chronology ]
Re: Finish up the day
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What the 'f is a 'logic bomb'?
My guess is that he just put rm -rf / in the root crontab* that was copied to all Unix servers. Some 'bomb', it takes all of 30 seconds to do that.
*from the article: "malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m"
[ link to this | view in chronology ]
Re: Finish up the day
There is a difference between fire and layoff. When an employee is being let go for financial reasons, yes, transitions are the norm and necessary and there are usually some niceties to try to help the person. If you fire someone, it is you f'ed up too big and you are done so letting him stick around is odd.
[ link to this | view in chronology ]
much more than a simple crontab
[ link to this | view in chronology ]
"he was being fired because of a scripting error"
It appears he was a bit of loose canon.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Lucky
His career is over. No matter how badly you are treated a true IT professional would never damage a system.
He must have been really abused by Fannie Mae to do it, but it's still not right.
[ link to this | view in chronology ]
Re: Lucky
Really? Since his name isn't in the article, it would be difficult to know that the bright IT Pro in the interview chair is actually the guy who tried to destroy data at FM.
[ link to this | view in chronology ]
Re: Re: Lucky
[ link to this | view in chronology ]
Would It Have Been Worse?
[ link to this | view in chronology ]
Re: Would It Have Been Worse?
[ link to this | view in chronology ]
Let go...
1. You let me go without making arrangements for consulting then you get zip. If you want answers, you pay, period. Those that tout loyalty in business always expect you to be loyal to them, not visa-versa.
2. Errors happen. Sometimes it takes years for the right set of conditions to occur that triggers the error. You don't fire someone over it.
3. You don't 'retaliate' for managements apparent stupidity or lack of common sense. Retaliation just gives them a reason to call the lawyers.
4. Document testing done on code. Get signatures stating the testing was reviewed.
5. Attempts to defend yourself should be adequate but minimal. Use lawyers. A company will never understand your point-of-view unless its being stated by a lawyer.
6. Always keep the resume up-to-date.
I've found these rules work well. Its stupid and futile to try to hurt the company by damaging the systems and it just gives them legal ammunition. In short, be a pro!
[ link to this | view in chronology ]
WE ARE GOING TO SEE A LOT MORE
[ link to this | view in chronology ]
Re: WE ARE GOING TO SEE A LOT MORE
[ link to this | view in chronology ]
Escorts
[ link to this | view in chronology ]
Planned...
[ link to this | view in chronology ]
Foriegn National
I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.
I realize that outsourcing is the big rage, but this looks like gross mismanagement in the IT dept and possibly in the security dept also. I would expect termination of some middle management types, but that probably will not haqppen.
[ link to this | view in chronology ]
Re: Foriegn National
With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.
[ link to this | view in chronology ]
Re: Re: Foriegn National
The comment was not intended to inspire any sort of patriotism. It was more in line with pragmatism.
I'm not sure what you mean by
"these are guys who run the IT part of things"
like no one else is capable of such tasks - get real.
The only reason this guy was there is because FM was cutting corners and didn't want to pay anyone what the job is worth.
[ link to this | view in chronology ]
Re: Foriegn National
I know what you mean :). While managing the deployment of a major IT project in Russia, someone decided to parachute in an American consultant (QA/Standardization).
Everyone just smiled and nodded for a few weeks while denying him access to anything meaningful.
[ link to this | view in chronology ]
Disturbing
I do find it a bit disturbing that they are outsourcing this type of high level work. Either way I do not agree with trying to get back at an employer, it seems pretty childish and very unprofessional.
These days companies are looking for anything they can hold over our heads in court, so don't give them something they can use to tie you to the stake.
-----------Patric H.
Real Estate License Direct
[ link to this | view in chronology ]
Fate of data?
Question: If this had been successful, what would have been the result for Fannie Mae--and its customers--besides the week-long fix? Would a lot of data have been lost?
[ link to this | view in chronology ]
Re: Fate of data?
[ link to this | view in chronology ]
Re: Foriegn National
Hmmm, no "American" would do such a thing would they.
Typical comment from the typical US citizen.
BTW, thanks for the global recession.
[ link to this | view in chronology ]
Re: Re: Foriegn National
- Interesting that you would think that, but no, I neither said that nor intended same. Certainly this has happened in many places perpetrateed by many differnet people.
Typical comment from the typical US citizen.
BTW, thanks for the global recession."
- Wow, got issues? And who is assuming that I am from any particular country? Oh, and btw ... I had nothing to do with the major screw up by ultra rich assholes across the globe to which you refer.
[ link to this | view in chronology ]
Re: Re: Foriegn National
[ link to this | view in chronology ]
Re: Re: Foriegn National
>Hmmm, no "American" would do such a thing would they.
No... we've *never* heard of 'mericuns doing horrific things in these situations... no-one *has* ever gone postal...
[ link to this | view in chronology ]
Re: Re: Foriegn National
Hmmm, no "American" would do such a thing would they.
Typical comment from the typical US citizen.
IF the perpetrator is a foreign national on a work visa, and IF he lost his job, chances are he's in danger of getting shipped back to wherever he's from.
that means he has [potentially] more to lose than a local national, and has the potential to be miles away when the logic bomb goes off.
i didn't see much (if any) nationalism in the original statement. i think a lot of americans would be tempted to seek revenge on a employer if they had the option of leaving the country.
[ link to this | view in chronology ]
I was there....
[ link to this | view in chronology ]
Hire Better IT Staff
All passwords should have been reset immediately and he should have been walked out of the office.
I wonder how they stumbled upon the script...This doesn't make sense. If all passwords were reset then when the script started it would have displayed in the event logs as "ACCESS DENIED." Therefore, his replacement would see the alert and figure out where it came from. Fannie Mae might have covered the story up and said that the script was found ahead of time....When in fact the script probably executed and displayed in the logs access "ACCESS DENIED."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Is my memory foggy?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If only to dream.
Actually, I do. And not just from Fannie Mae.
I was watching a show recently talking about the computer attacks of the future and how easy it is to do today. While companies struggle with protecting their sites, it's a constant, never-ending battle.
I expect this day to come in the future. I expect people pissed off at "online disputes" to begin "fighting back" with attacks against corporate computers.
Personally, I can not begin to fathom why anyone would want to do this, despite how angry they are. The consequences of such actions would be far worse than being fired/disgruntled at the company.
On a personal note, I sometimes feel computers place a great distance between consumers and customer service. It seems "contacts" are now nothing more than emails, and trying to talk with anyone live seems to disappear every day.
[ link to this | view in chronology ]
He is from Omnitech
[ link to this | view in chronology ]
Re: He is from Omnitech
the eweek story
[ link to this | view in chronology ]
Software QA
[ link to this | view in chronology ]