A software engineer who was fired from his job as a contractor for Fannie Mae is accused of planting a malicious script that could have wiped out the data on all 4,000 of the company’s servers and halted the processing of mortgages for at least a week had it not been discovered, authorities said.
Rajendrasinh Babubhai Makwana, who the FBI said was employed by OmniTech as a contractor at Fannie Mae’s Urbana, Md., facility for three years, is accused of planting the script on Oct. 24.
The script, which was scheduled to run on Jan. 31, was discovered five days after Makwana was fired, the FBI said in a criminal complaint.
"Had this malicious script executed, (Fannie Mae) engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at (Fannie Mae) for at least one week," the FBI alleged in the complaint.
Damage would have included cleaning out and restoring all 4,000 Fannie Mae servers, restoring and securing the automation of mortgages, and restoring all data that was erased, the complaint said.
Makwana, who had full access to Fannie Mae Unix servers around the country, was told about 1 p.m. Oct. 24 that he was being terminated as a Fannie Mae contractor because of an alleged incident that occurred about two weeks before. Makwana was terminated for creating a computer script that changed the settings on the Unix servers without permission from his supervisor, the complaint said.
But Fannie Mae’s procurement department did not block Makwana’s access to the company’s computers until later that evening, and records show he continued to use his company laptop until shortly before turning it in at 4:30 p.m. that day — more than three hours after he was fired.
Five days later, a Unix engineer employed by Fannie Mae discovered a malicious script embedded in another routine scheduled to run on a production server every morning at 9 a.m. The malicious script was created on a development server that only 10 to 20 Fannie Mae employees and contractors, including Makwana, had access to, the FBI said.
A review of the server’s logs showed someone using a user ID assigned to Makwana and an IP address assigned to his Fannie Mae laptop accessed the development server at 2:53 p.m. that day and surfed the Web until 3:32 p.m., the complaint said.
The complaint, which listed other evidence linking the malicious script to Makwana, described a software routine designed to create other scripts that would run on all of Fannie Mae’s production, contingency and backup servers. The scripts were to disable logins and clear out logs — including those that recorded Makwana’s "footprints" as he accessed the development server after he was fired, the FBI said.
Next, the script "would build a list of all servers that contain (Fannie Mae) data and wipe out all of the data," the complaint said. "This would also destroy the backup software on the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin."
Finally, the script would power off all servers, making it impossible to turn on a server remotely, the complaint alleged.
Makwana, a 35-year-old Glen Allen, Va., resident, was indicted Tuesday and is scheduled for arraignment today. If convicted, he faces a maximum sentence of 10 years in prison, the U.S. Attorney for the District of Maryland said.
***
What’s your opinion? Leave your comments below or send a letter to the editor. To contact the writer, click the byline at the top of the story.