A computer-engineering employee fired from troubled US mortgage giant Fannie Mae is accused of preparing a malware computer time bomb, which had it not been detected, might have destroyed millions of files, according to reports.
Rajendrasinh Makwana, the computer contract employee in question, was indicted earlier this week on computer intrusion charges, according to the "DC Examiner" report citing court documents. Makwana, said to be an Indian citizen and former contract employee at Fannie Mae for three years, was terminated Oct. 24 for changing computer settings without permission from his employer and allegedly hiding malware code in a server that was programmed to become active Jan. 31.
Court documents include a statement from FBI agent Jessica Nye that the malicious script, had it gone off, would have "reduced if not shut down operations" at Fannie Mae for at least a week. "The total damage would include cleaning out and restoring of 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."
It was apparently by chance that a Fannie Mae computer engineer discovered the virus on Oct. 29, and the incident was linked to Makwana., who is said to be out on US$100,000 bail.
"Let's remember this guy hasn't yet been found guilty," commented Sophos senior technical consultant Graham Cluley, who has written a blog about the Fannie Mae incident. "But imagine if this had happened. People's confidence is already shaken in financial institutions. Confidence would go from low to beneath the gutter. In this time of economic crisis, firms will be letting people go. And they're not going to like it."
The disgruntled employee is a real issue, and firms need to be thinking carefully about security issues, such as changing passwords and access control, in situations of layoffs, Cluley noted.