A "logic bomb" found on the IT systems of Fannie Mae had the potential to wipe out all data on more than 4,000 servers in the mortgage giant's data center in Urbana, Md., according to prosecutors, who say the malware was planted by a disgruntled engineer. Kevin Poulsen at Threat Level provides details of the incident, in which the employee was fired but allowed to keep his system access until the end of his shift.
In an indictment filed Tuesday, prosecutors allege Unix engineer Rajendrasinh Makwana used that access to try and sabotage Fannie Mae's systems. Here are the worrisome details:
Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company's monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes. "This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin," wrote (FBI agent Jessica) Nye. As a final measure, the logic bomb would have powered off the servers.
Makwana, who reportedly worked at the Fannie Mae facility for three years, is free on bail and has not yet filed a response. Cases like this are sometimes more complex than they first appear, but the incident serves as a stark reminder of the importance of access control.
Authorities say the logic bomb was discovered five days after Makwana was terminated, when another Unix engineer at the data center found the malicious code hidden inside a legitimate script that ran every morning. It was reportedly timed to go off Jan. 31 at 9 a.m. See Threat Level and Slashdot for more.