PS: This has not happened in India but a person and company of Indian Origin is involved.
Jan 29, 2009
Perpetrator: Rajendrasinh Babubhai Makwana
Amount : x
Planting malicious software, unauthorized access, delayed termination of user account
Mr Makwana was on contract at Fannie Mae and his employers are / were Omnitech. He was terminated on Jan 24, 2009 and after he left his ID was not disabled until late in the evening.
Update October 10, 2010
Makwana was convicted of "computer intrusion arising from the transmission of malicious script to Fannie Mae's computer servers" and now faces sentencing on December 08, 2010 which can be upto to 10 years.
Update Feb 04, 2009....... As per statements from FBI there is a goof up in naming Makwana's employer - it is not OmniTech but another company Ionlabs. And Ionlabs have said that he is not their employee but belongs to Marlabs, NJ.Well Makwana accessed the system when he was not supposed to be doing this, created a directory, wrote and parked a few scripts which would wake up at 9 am to check the date. And if the date was Jan 31, 2009 - all hell was to break loose.
Now this is what I term surprising ! I mean it is so simple - FBI checks this guy's passport and the H-1 papers and it has to have his sponsoring employer's name ?? Duh !! Why are we having this runaround with different companies being named.
Or, for God's sake - ask Makwana ! One guy says I placed him, the other says I paid him the the guy who brought him in is not traceable. Bet there is another black hole here.
And yes......... Makwana has pleaded 'not guilty' ! Hello am I hearing this right ? I mean you have the deck stacked against you with incriminating evidence and you are not guilty. Cool.
Unfortunately for Makwana, and fortunately for Fannie Mae, another engineer 'accidentally' discovered the logic bomb and reported this and they brought the systems down and avoided a disaster waiting to happen.
So here we have another Indian IT professional in the news for the wrong reasons :( and thank God again that he is not from Satyam else one can imagine the additional big stink.
Fannie Mae erred in not revoking his access immediately since he seems to have indulged in all the malicious activity after he was terminated. He should not have logged in to the systems after being terminated, and I must say that most people try to use the official credentials after leaving the organization. And many a time, it works !
On a lighter note.... a number of responses to the articles mentioned below felt bad that the records / systems were not decimated by Makwana's bomb as it would have wiped out the records of a lot of defaulters ! .... maybe this would have cleared the backup too !!
DC Examiner: Ex-Fannie Mae worker charged with planting computer virus
eWeek: Fired Engineer at Fannie Mae Accused of Planting Malware Time Bomb
WIRED: Fannie Mae Logic Bomb Would Have Caused Weeklong Shutdown
ZD Net : Fannie Mae IT contractor indicted for planting malware; Mortgage giant didn’t revoke server privileges
Labels: disgruntled employee, fannie mae, logic bomb, malicious script, unauthorzed access