Fired Engineer Tried To Wipe Out All Fannie Mae Computers

from the that-would've-been...-bad dept

We've seen plenty of stories of former disgruntled workers shutting down computer systems, locking others out or even running scams, but I don't think we've seen anything that had the potential to be as big a deal as the disgruntled tech who installed a logic bomb that would have wiped out all of Fannie Mae's computers, potentially shutting the organization down for at least a week to recover.

There are a few oddities here -- beyond just the simple question of how the system was set up in a way that would ever allow the ability to wipe out all machines in that way. First, the guy was fired -- but then allowed to finish up work that day, which gave him time to set the logic bomb. Why would you let someone who was fired (for a programming error) back to his computer to "finish" his day? These days it seems rather standard practice to escort fired employees off the premises. Next, the logic bomb wasn't spotted for five days. This turned out not to be a problem, since he had set the logic bomb to go off at the end of January (he was fired in October). Perhaps he did so to avoid having blame pointed in his direction, but if he had set it to go right away, or the next morning, it might have actually worked. Given Fannie Mae's role in the current financial mess, can you just imagine what would have happened if all their computers had melted down at once?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: disgruntled it workers
Companies: fannie mae


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Jan 2009 @ 5:39pm

    What a strange story

    "Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae"

    - Probably an H1B on low wages


    "he was being fired because of a scripting error"

    - Wow, that's a bit harsh.
    - note to self, do not ever work for Fannie Mae

    - Something about this story just doesn't add up.

    link to this | view in chronology ]

    • identicon
      Not believing all that is written, 30 Jan 2009 @ 10:18pm

      Re: What a strange story

      It does sound odd.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 Jan 2009 @ 9:59pm

      Re: What a strange story

      >Probably an H1B on low wages
      How is this relevant in the context of story? I mean, dont you think you are missing the point here..

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2009 @ 8:13am

        Re: Re: What a strange story

        #27 -> ">Probably an H1B on low wages
        How is this relevant in the context of story? I mean, dont you think you are missing the point here.."

        I do not condone what this person did or what FM did.

        The whole point to the H1B program is to bring in foreign nationals and pay then much less than what is readily available in the marketplace.

        It is relevant because he thought he was being screwed over, how would you react ?

        link to this | view in chronology ]

    • identicon
      One line of code can equal millions of dollars, 1 Feb 2009 @ 6:46pm

      Re: What a strange story

      Its not harsh at all. Being who Fanny Mae was, one line of coded can introduce a bug that could cost millions of dollars in damages. I would suspect that the programming error he made was a bit more than just a JavaScript field validation method not checking email format correctly. Or possibly he has a pattern of bugs that make him detrimental to the company, and this was the straw that broke the camels back.

      link to this | view in chronology ]

  • identicon
    Joel Coehoorn, 30 Jan 2009 @ 6:09pm

    Not hard

    I wanted to call out this remark:

    > the simple question of how the system was set up in a way
    > that would ever allow the ability to wipe out all machines
    > in that way.

    Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial.

    link to this | view in chronology ]

    • identicon
      Jesse McNelis, 30 Jan 2009 @ 7:08pm

      Re: Not hard

      The only reason it's not trivial is because the systems have been setup to allow this attack.
      If the systems had been setup correctly it becomes trivial to prevent this attack. But seeing as though the major OS don't do this, we all have to deal with it.

      I still find the way OSs just run whatever random code is given to them to be fairly disturbing. One wrong move and you're screwed and you probably won't even be able to detect it. Rootkit detectors aren't really useful unless you take the system offline, which you can't do in a production environment.

      link to this | view in chronology ]

    • identicon
      Pauli, 1 Feb 2009 @ 5:08pm

      Re: Not hard

      "Pretty much every computer network out there ultimately allows this. Securing networks from someone who already has domain admin access is not trivial."

      For starters, only one or two employees in any enterprise should have domain admin access. In my company, all the helpdesk guys (even 3rd level) use a specially written console to control other users' accounts. This lets them do their job without having admin access.

      One would assume that a giant financial institution would have processes that guaranteed this sort of security.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Feb 2009 @ 5:26am

        Re: Re: Not hard

        "One would assume that a giant financial institution would have processes that guaranteed this sort of security"

        Maybe if it wasn't a Government run institution...oh wait, private doesn't work either...lol

        link to this | view in chronology ]

  • identicon
    bish, 30 Jan 2009 @ 6:09pm

    Finish up the day

    It's actually NOT uncommon for terminated employees to be continue working. In the real world, that's a transitional time where the employee is expected to hand off all the current tasks in a proper and respectable manner -- I've seen some people working for 3 months after being given termination notice, and that's even before severance kicks in. Only at the pathetic sweatshops (some large, with well-known names, Hal) do they escort the poor schmo off the premises.

    As someone whose employment was bought up by a sweatshop, I expect I'll be in the same boat as that H1B in but a month or 3. Pity the fool for his attempt at justice.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jan 2009 @ 8:01pm

      Re: Finish up the day

      I worked one place for two years that had announced a planned termination before I was hired as a temp. Lots of seriously grumpy employees just holding out for the package. I got my first professional job that was a real resume builder.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Jan 2009 @ 8:49pm

      Re: Finish up the day

      There is a difference between terminated via layoff vs terminated for a screw up. Also it's very, very common for someone with admin access to just be escorted out immediately, even if they simply resign.

      link to this | view in chronology ]

    • identicon
      SweatShopBoss, 30 Jan 2009 @ 11:23pm

      Re: Finish up the day

      Seriously?? You've got to be kidding. When an employee at this level is termed - you call them in, explain the situation, have security or hr pack up his/her things pat them on the back and wish them well.

      link to this | view in chronology ]

    • identicon
      Sopor42, 31 Jan 2009 @ 6:46am

      Re: Finish up the day

      Are you in IT Bish? It is standard practice in IT, depending only slightly on the details of the termination, to get the employee off-sight as quickly as possible. Often, the employees accounts and access are locked down while he/she is talking to the boss, so they're not even able to do anything if they go back to their desk.

      link to this | view in chronology ]

  • identicon
    Denny, 30 Jan 2009 @ 6:16pm

    Does this mean my school loan would have been wiped from existence? *sigh* one can only dream.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jan 2009 @ 6:22pm

    What the 'f is a 'logic bomb'?

    Sounds like a science fiction invention.

    My guess is that he just put rm -rf / in the root crontab* that was copied to all Unix servers. Some 'bomb', it takes all of 30 seconds to do that.

    *from the article: "malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m"

    link to this | view in chronology ]

  • identicon
    JoJo, 30 Jan 2009 @ 6:24pm

    Re: Finish up the day

    --It's actually NOT uncommon for terminated employees to be continue working.

    There is a difference between fire and layoff. When an employee is being let go for financial reasons, yes, transitions are the norm and necessary and there are usually some niceties to try to help the person. If you fire someone, it is you f'ed up too big and you are done so letting him stick around is odd.

    link to this | view in chronology ]

  • identicon
    scott, 30 Jan 2009 @ 7:28pm

    much more than a simple crontab

    If you follow the chain of links back to the wired story and then the fbi doc it gives a fairly detailed description of how it all came about including numerous scripts this guy wrote and their details. It is quite involved. After reading about it along with some other details it doesn't see possible he did all this in a few hours form when he was first until he left the building - it seems more like he had this planned for a long time and then once fired just copied the files over.

    link to this | view in chronology ]

  • identicon
    Papafox, 30 Jan 2009 @ 10:15pm

    "he was being fired because of a scripting error"

    Actually, if you follow the links and read the FBI affidavit, you'll see that he was fired for a process violation - he made system changes without authorization.

    It appears he was a bit of loose canon.

    link to this | view in chronology ]

  • identicon
    mark, 30 Jan 2009 @ 10:26pm

    Consultant, huh....

    link to this | view in chronology ]

  • identicon
    TW Burger, 30 Jan 2009 @ 10:30pm

    Lucky

    If he was really good the code bomb would never have been found until it went off.

    His career is over. No matter how badly you are treated a true IT professional would never damage a system.

    He must have been really abused by Fannie Mae to do it, but it's still not right.

    link to this | view in chronology ]

    • identicon
      Pauli, 1 Feb 2009 @ 5:14pm

      Re: Lucky

      "His career is over."

      Really? Since his name isn't in the article, it would be difficult to know that the bright IT Pro in the interview chair is actually the guy who tried to destroy data at FM.

      link to this | view in chronology ]

      • identicon
        Laws Are our friends, 1 Feb 2009 @ 6:50pm

        Re: Re: Lucky

        Well this is going to be considered hacking, by law he is going to be banned from using computers for a good while. So yeah, career is over.

        link to this | view in chronology ]

  • identicon
    Dick Carlson, 31 Jan 2009 @ 5:23am

    Would It Have Been Worse?

    Considering how effective Fannie May had been, wiping out all their data and putting them out of business for a week might have actually saved us tax payers some money.

    link to this | view in chronology ]

    • identicon
      Totally Paranoid, 31 Jan 2009 @ 5:36am

      Re: Would It Have Been Worse?

      Perhaps he's the fall guy in a botched attempt to hide something else?

      link to this | view in chronology ]

  • identicon
    NullOp, 31 Jan 2009 @ 5:44am

    Let go...

    Here is how it works in my play book:

    1. You let me go without making arrangements for consulting then you get zip. If you want answers, you pay, period. Those that tout loyalty in business always expect you to be loyal to them, not visa-versa.

    2. Errors happen. Sometimes it takes years for the right set of conditions to occur that triggers the error. You don't fire someone over it.

    3. You don't 'retaliate' for managements apparent stupidity or lack of common sense. Retaliation just gives them a reason to call the lawyers.

    4. Document testing done on code. Get signatures stating the testing was reviewed.

    5. Attempts to defend yourself should be adequate but minimal. Use lawyers. A company will never understand your point-of-view unless its being stated by a lawyer.

    6. Always keep the resume up-to-date.

    I've found these rules work well. Its stupid and futile to try to hurt the company by damaging the systems and it just gives them legal ammunition. In short, be a pro!

    link to this | view in chronology ]

  • identicon
    Bradley Stewart, 31 Jan 2009 @ 6:34am

    WE ARE GOING TO SEE A LOT MORE

    of this sort of thing. People are really angry and they are getting a lot more upset. I believe society in the US which in the best of times is one of the most violent society's on Earth is going to get a lot more violent. People will start making company's pay whether its justified or not.

    link to this | view in chronology ]

  • identicon
    Get off the property you evil do-er!, 31 Jan 2009 @ 7:28am

    Escorts

    I had plenty of jobs in HS where I was escorted off the property. These were menial jobs like warehouse work, retail, etc. Each firing was because I would call out too much, show up late, etc. Like I said they were after school type jobs. I just always thought it was funny that they would have people escorted outside like I'm going to go berserk getting let go from a $5/hour job! Being walked outside like an infant is what makes me want to sneak back in and spray the entire place with cheeze wiz. ;-D

    link to this | view in chronology ]

  • identicon
    Blitz, 31 Jan 2009 @ 12:12pm

    Planned...

    most likely the guy already had the script set and ready to go before he got fired or wrote it when he found out he didnt have permissions that he thought he "deserved" lol... going to school with many programmers, i know for a fact over half of them have these scripts already wrote and ready to go if their employer does something unrespectful...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Jan 2009 @ 1:03pm

    Foriegn National

    "Makwana, an Indian national, was a consultant who worked full time on-site at Fannie Mae's massive data center in Urbana, Maryland, for three years."

    I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

    I realize that outsourcing is the big rage, but this looks like gross mismanagement in the IT dept and possibly in the security dept also. I would expect termination of some middle management types, but that probably will not haqppen.

    link to this | view in chronology ]

    • identicon
      Anon, 31 Jan 2009 @ 10:02pm

      Re: Foriegn National

      >I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

      With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2009 @ 8:23am

        Re: Re: Foriegn National

        #28 -> "With all due respect Sir, but these are guys who run the IT part of things, not only in US but elsewhere too. And I am sure this is not exactly the time to event to for a heightened sense of patriotism."

        The comment was not intended to inspire any sort of patriotism. It was more in line with pragmatism.

        I'm not sure what you mean by
        "these are guys who run the IT part of things"
        like no one else is capable of such tasks - get real.
        The only reason this guy was there is because FM was cutting corners and didn't want to pay anyone what the job is worth.

        link to this | view in chronology ]

    • identicon
      Shohat, 1 Feb 2009 @ 4:43am

      Re: Foriegn National

      I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.



      I know what you mean :). While managing the deployment of a major IT project in Russia, someone decided to parachute in an American consultant (QA/Standardization).
      Everyone just smiled and nodded for a few weeks while denying him access to anything meaningful.

      link to this | view in chronology ]

  • identicon
    Patric, 31 Jan 2009 @ 6:22pm

    Disturbing

    I do find it a bit disturbing that they are outsourcing this type of high level work. Either way I do not agree with trying to get back at an employer, it seems pretty childish and very unprofessional.

    These days companies are looking for anything they can hold over our heads in court, so don't give them something they can use to tie you to the stake.

    -----------
    Patric H.
    Real Estate License Direct

    link to this | view in chronology ]

  • identicon
    Zeather, 31 Jan 2009 @ 6:38pm

    Fate of data?

    I read that his password was not canceled for over two weeks.

    Question: If this had been successful, what would have been the result for Fannie Mae--and its customers--besides the week-long fix? Would a lot of data have been lost?

    link to this | view in chronology ]

    • identicon
      Snipergod87, 31 Jan 2009 @ 7:56pm

      Re: Fate of data?

      Probably not much, as there is software that allows you to recover all deleted data from a hard disk, which I myself have used in the past very successfully. However it does take a awhile to recover the data. They may have also had previous backup's off site as this is a standard pratice for IT. The main concern for the company would be wha the customers thought of it if this attack went through, I think the "Millions of dollar's in damage" would have been customers leaving and income lost due to downtime.

      link to this | view in chronology ]

  • identicon
    E JAy, 1 Feb 2009 @ 12:25am

    Re: Foriegn National

    >>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

    Hmmm, no "American" would do such a thing would they.

    Typical comment from the typical US citizen.

    BTW, thanks for the global recession.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2009 @ 8:31am

      Re: Re: Foriegn National

      E JAy -> "Hmmm, no "American" would do such a thing would they.

      - Interesting that you would think that, but no, I neither said that nor intended same. Certainly this has happened in many places perpetrateed by many differnet people.

      Typical comment from the typical US citizen.
      BTW, thanks for the global recession."

      - Wow, got issues? And who is assuming that I am from any particular country? Oh, and btw ... I had nothing to do with the major screw up by ultra rich assholes across the globe to which you refer.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2009 @ 8:39am

      Re: Re: Foriegn National

      Worse things have happened dear...Have you hear about Bernie Madoff?

      link to this | view in chronology ]

    • identicon
      A. Coward, 1 Feb 2009 @ 8:17pm

      Re: Re: Foriegn National

      >>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

      >Hmmm, no "American" would do such a thing would they.


      No... we've *never* heard of 'mericuns doing horrific things in these situations... no-one *has* ever gone postal...

      link to this | view in chronology ]

    • icon
      chris (profile), 3 Feb 2009 @ 6:22am

      Re: Re: Foriegn National

      >>I find it disturbing that a foriegn national was given that level of access to what appears to be a crucial resource.

      Hmmm, no "American" would do such a thing would they.

      Typical comment from the typical US citizen.


      IF the perpetrator is a foreign national on a work visa, and IF he lost his job, chances are he's in danger of getting shipped back to wherever he's from.

      that means he has [potentially] more to lose than a local national, and has the potential to be miles away when the logic bomb goes off.

      i didn't see much (if any) nationalism in the original statement. i think a lot of americans would be tempted to seek revenge on a employer if they had the option of leaving the country.

      link to this | view in chronology ]

  • identicon
    meddows, 1 Feb 2009 @ 4:51am

    I was there....

    I worked the Fannie Mae contract while this guy was there, but left long before he did. I was in a different location (Reston VA), but remember seeing this guy's name on our call-out list. All of the data/network guys were on speed-dial for us. When I left FM, I came back a day or so later, and spent a few hours, without supervision, at my desk getting "personal items". I made back ups of emails, saved other data I thought I might need for a rainy day, and otherwise had infinite time to do whatever I wanted. I didn't do anything malicious (in fact, the called 9 mos later and offered me a better position at a different location), but could have done some nasty things in my time there. I imagine their termination policy it much tighter, now, but considering how it was during my time, I am not surprised this happened-- but am surprised that it didn't happen sooner. They let people go constantly, and it was only a matter of time.

    link to this | view in chronology ]

  • identicon
    Mr.Database, 1 Feb 2009 @ 7:07am

    Hire Better IT Staff

    This is why you pay your IT staff more. I believe they under payed there IT staff because the executives didn't believe this could happen. They need to fire there IT staff and hire someone like myself to come in and set standards.

    All passwords should have been reset immediately and he should have been walked out of the office.

    I wonder how they stumbled upon the script...This doesn't make sense. If all passwords were reset then when the script started it would have displayed in the event logs as "ACCESS DENIED." Therefore, his replacement would see the alert and figure out where it came from. Fannie Mae might have covered the story up and said that the script was found ahead of time....When in fact the script probably executed and displayed in the logs access "ACCESS DENIED."

    link to this | view in chronology ]

  • identicon
    Lick my balls, 1 Feb 2009 @ 8:17am

    Dam IT I wish it had worked.

    link to this | view in chronology ]

  • identicon
    Overcast, 1 Feb 2009 @ 9:47am

    The joys of outsourcing!

    link to this | view in chronology ]

  • identicon
    shaman, 1 Feb 2009 @ 10:20am

    Is my memory foggy?

    Is this the same fannie mae that almost went bankrupt a few months ago, avoiding it by getting bailed out by the american taxpayers - or is my memory foggy? These things speak to deep seated upper management problems, not out sourced employees, who do not set policy and protocol, or create and implement appropiate safe guards to prevent either technological or financial disasters. He may well have been a loose cannon, but he was also not managed in an effective manner.

    link to this | view in chronology ]

  • identicon
    ed, 1 Feb 2009 @ 1:24pm

    This man is guilty of attempted murder. Had his plot worked, he would have been responsible for billions of dollars in lost productivity, which is money, which takes time from life to earn. Taking life, even a portion, is murder. Therefore, attempting to do so is attempted murder. Time for a lynching.

    link to this | view in chronology ]

  • identicon
    Twinrova, 2 Feb 2009 @ 4:39am

    If only to dream.

    "can you just imagine what would have happened if all their computers had melted down at once?"
    Actually, I do. And not just from Fannie Mae.

    I was watching a show recently talking about the computer attacks of the future and how easy it is to do today. While companies struggle with protecting their sites, it's a constant, never-ending battle.

    I expect this day to come in the future. I expect people pissed off at "online disputes" to begin "fighting back" with attacks against corporate computers.

    Personally, I can not begin to fathom why anyone would want to do this, despite how angry they are. The consequences of such actions would be far worse than being fired/disgruntled at the company.

    On a personal note, I sometimes feel computers place a great distance between consumers and customer service. It seems "contacts" are now nothing more than emails, and trying to talk with anyone live seems to disappear every day.

    link to this | view in chronology ]

  • identicon
    anita, 2 Feb 2009 @ 8:47am

    He is from Omnitech

    Just another of million consulting gigs started by ex-employees/contractors of fannie..

    link to this | view in chronology ]

  • identicon
    chad, 10 Feb 2009 @ 12:43am

    Software QA

    You mean he actually coded on a live system and no subversioning was involved along with quality testing of his code before going to the live servers with it? One would think that FM being a bank would have a database management system with built in audit trails and roll back capability. I smell a patsy!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.