Terminated IT contractor indicted for planting malicious code on Fannie Mae servers

A former Fannie Mae IT contractor has been indicted for planting a virus that would have nuked the mortgage agency’s computers, caused millions of dollars in damages and even shut down operations. How’d this happen? The contractor was terminated, but his server privileges were not.

Rajendrasinh Makwana was indicted on Tuesday in the U.S. District Court for Maryland (press reports, complaint and indictment PDFs). From early 2006 to Oct. 24, Makwana was a contractor for Fannie Mae. According to the indictment, Makwana allegedly targeted Fannie Mae’s network after he was terminated. The goal was to “cause damage to Fannie Mae’s computer network by entering malicious code that was intended to execute on January 31, 2009.” And given Fannie Mae–along with Freddie Mac–was nationalized in an effort to stabilize the mortgate market Makwana could caused a good bit of havoc.

Makwana worked at Fannie Mae’s data center in Urbana, MD as a Unix engineer as a contractor with a firm called OmniTech. He had root access to all Fannie Mae servers.

http://blogs.zdnet.com/BTL/?p=11905&tag=nl.e539

damn, it feels good to be a gangsta...

funny it is not mentioned in the article.

I believe there was some discussion here a year or so ago about the national security implications of H1-B people working on sensitive systems.

Not that a disgruntled H1-B contractor is any more or less likely to do damage than your average disgruntled ex-employee, but it sure seems like an easy way in.

much better still than a lot of us.