Fannie Mae virus attacker found guilty, faces 10 years in prison

A disgruntled software programmer has been found guilty of for planting a virus on US mortgage giant Fannie Mae's servers in late 2008.


A disgruntled software programmer has been found guilty of planting a virus on US mortgage giant Fannie Mae's servers in late 2008.

Rajendrasinh Makwana, a former Unix engineer for the Federal National Mortgage Association, better known as Fannie Mae, planted malicious code on the corporation's network that was designed to "destroy and alter" all of the data on the company's servers.

Makwana, a contractor, had his employment ended at a Fannie Mae data centre on 24 October, 2008, after he had "erroneously created a computer script that changed the settings on the Unix servers without the proper authority of his supervisor," according to the FBI.

Makwana had created a settings-changing script as much as two weeks before he was fired, law enforcement officials contended. If the malicious script had gone undiscovered it would have disabled monitoring alerts and all log-ins, deleted the root passwords to the approximately 4,000 Fannie Mae servers, and then erased all data and backup data on those servers by overwriting with zeros.

"Finally, this script would power off all servers, disabling the ability to remotely turn on a server," said the government's complaint. "Subsequently, the only way to turn the servers back on was physically getting to a data centre.”

The script would have "caused millions of dollars in damage” and reduced, if not shut down, operations for at least a week if it had not been found before the trigger date, the court was told.

The malicious script was discovered by another Fannie Mae engineer just five days after Makwana was fired. According to the criminal complaint filed in US District Court, Makwana tried to hide the malicious script by inserting a page of blank lines at the bottom of the legitimate script. "It was only by chance that [the Fannie Mae engineer] scrolled down to the bottom of the legitimate script to discover the malicious script," the case against Makwana read.

Makwana who was employed by a sub contractor of a Fannie Mae subcontractor, worked at the Maryland facility for three years before being dismissed. Makwana will be sentenced on 8 December and faces up to faces 10 years in prison.

"Recommended For You"

'Fraudulent' electronic mortgage registry lawsuit will go ahead Cyber-Ark unveils unified Windows, Unix management tool