Fannie Mae Consultant Indicted

Fired Programmer Accused of Planting Malware 'Timebomb' This is an example of the heightened insider threat that financial institutions now fear.

A federal grand jury in Maryland has indicted a disgruntled software programmer for planting a virus on mortgage giant Fannie Mae's servers in late 2008. Had the malware not been discovered shortly after the programmer's termination, it could have shut down Fannie's systems completely for a week or more and would have cost millions to repair and restore data on the firm's 4,000 computer servers, says the FBI agent who investigated the case.

Rajendrasinh Babubhai Makwana, a 35-year-old ex-consultant of Fannie Mae, is charged with planting malicious code designed to wipe out data on the company's 4,000 computer servers. (See copy of indictment, FBI complaint affidavit-PDF files)

Makwana, an Indian citizen, had worked as a software engineer at Fannie Mae's offices in Urbana, MD since 2006 and for three years was given access to all of the firm's 4,000 servers. He allegedly embedded the destructive code on the company's servers, and it was triggered to go off at 9 a.m. on January 31, 2009, designed to wipe out all data across the network by overwriting the data with zeroes. The complaint states that anyone who would have tried to log onto the network after that time would receive the message "Server Graveyard."

Makwana was fired from his contract position at Fannie Mae on October 24 for changing computer settings without permission from his supervisor, says FBI agent Jessica Nye in her sworn statement. After being told he was terminated, he was told to surrender his ID badge and computer laptop, but was allowed to remain on site. Before leaving work on October 24, Makwana allegedly tried to hide a code in server software, Nye says in her statement.

"Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week," Nye states. "The total damage would include cleaning out and restoring all 4,000 of [Fannie Mae's] servers, restoring and securing the automation of mortgages, and restoring all data that was erased."

Nye says a senior computer engineer later discovered the virus on October 29. The malicious code was hidden below a blank page, and "it was only by chance" by scrolling down the senior engineer discovered the virus, she states. Fannie Mae's servers were locked down to ascertain if other viruses were embedded elsewhere and to track down where and who had planted the virus, she explained. There were only 20 Fannie Mae employees and contractors who had access to the server where the virus was found. Makawana was one of them. After a forensic investigation, Makawana's company-issued laptop was linked to an Internet Protocol address where the virus was sent from, Nye states.

Makawana was arrested on January 7. If found guilty, he could face up to 10 years in prison. He is out on $100,000 bail and has had to surrender his passport.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.