John and I do a lot of lecturing on IT security. Like harpies, we repeat over and over "as soon as someone is terminated, cut their access." Seems as though someone at Fannie Mae forgot to do just that.
Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland. From early 2006 to October 24, 2008, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly targeted Fannie Mae’s network after he was terminated. The goal was to “cause damage to Fannie Mae’s computer network by entering malicious code that was intended to execute on January 31, 2009.” Makwana worked at Fannie Mae’s data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers.
Apparently, his intention was to bring down all those servers, destroying or altering data. Fannie Mae was just plain lucky. A senior UNIX engineer stumbled on the malicious script and Fannie Mae security was able to put everything right. Had they not been so lucky, it is estimated that millions of dollars of damage would have been done and Fannie Mae would have been out of business for a week.
In this economy, where employees are being terminated by the thousands every day, it is more important than ever that employers make sure the employee's access is terminated promptly. It is hard to imagine a better cautionary tale than this one.
Further information may be found here.
Hat tip to Debbie Knapp.
E-mail: firstname.lastname@example.org Phone: 703-359-0700