Hell hath no fury like a laid-off It contractor. At least that's what mortgage giant Fannie Mae must be thinking after it revealed that a computer-engineering employee that it had fired, had been accused of preparing a computer time bomb that might have destroyed millions of files.
Rajendrasinh Makwana, the computer contract employee in question, was indicted earlier this week on computer intrusion charges, according to the "DC Examiner" report citing court documents. Makwana, said to be an Indian citizen and former contract employee at Fannie Mae for three years, was alleged to have changed computer settings without permission from his employer and hid malware code in a server that was programmed to become active 31 January.
Court documents include a statement from FBI agent Jessica Nye that the malicious script, had it gone off, would have "reduced if not shut down operations" at Fannie Mae for at least a week. "The total damage would include cleaning out and restoring of 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased."
It was apparently by chance that a Fannie Mae computer engineer discovered the virus on 29 October, five days after Makwana had been laid off, and the incident was linked to Makwana., who is said to be out on $100,000 bail.
"Let's remember this guy hasn't yet been found guilty," commented Sophos senior technical consultant Graham Cluley, who has blogged about the Fannie Mae incident. "But imagine if this had happened. People's confidence is already shaken in financial institutions. Confidence would go from low to beneath the gutter. In this time of economic crisis, firms will be letting people go. And they're not going to like it."
The disgruntled employee is a real issue, and firms need to be thinking carefully about security issues, such as changing passwords and access control, in situations of layoffs, Cluley noted.