Programmer jailed three years over plot to wipe out all of Fannie Mae’s financial data
A computer programmer who almost succeeded in wiping out all of the Federal National Mortgage Association’s financial data at the height of the housing market crash was sentenced to three years in prison earlier this month.
Rajendrasinh Babubhai Makwana, 36, worked as a contractor with the home mortgage lender, better known as Fannie Mae, from 2006 through Oct. 2008. He was abruptly fired for writing an erroneous piece of software code that changed settings on the company’s Unix servers without proper authorization.
Ordered to turn in his equipment and security badge on Oct. 24, 2008, Makwana, a foreign national from India, complied and returned to his workstation to finish out the day. His administrative access to the company’s 4,000 servers, however, was not terminated until that evening.
In the interim, sometime between 1:30 p.m. and 4:30 p.m., Makwana created a potentially devastating logic bomb script that authorities claimed would have wiped out all of the home lender’s financial data, causing untold damage to the US financial system and erasing the mortgages of millions of homeowners.
The software was set to auto-execute on Jan. 31, 2009 — but that never happened.
Instead, on Oct. 29, a senior Unix engineer found the code embedded below a legitimate script. The two scripts were separated by about a page of blank lines, according to a criminal complaint (PDF) filed with a US district court in Maryland by FBI Special Agent Jessica Nye.
The script would have disabled all server login attempts and blocked the company’s server monitoring systems. Any effort to access the network would have resulted in a message that read “Server Graveyard,” the complaint said. It would have also erased log files, ensuring Makwana’s trail would not be followed.
When the script was discovered days later, Fannie Mae’s IT department went into full emergency mode, locking down their servers to ensure no other malicious scripts had been inserted. A criminal complaint was soon to follow.
Makwana was convicted on October 4, 2010, and faced up to 10 years in jail. He was sentenced to 41 months in prison on December 17 by US District Judge J. Fredrick Motz.
His professional profile on business networking website LinkedIn was still available and featured a small image of Makwana apparently skydiving.
“Computer intrusion cases are a high priority for federal law enforcement because of the potential to cause serious damage,” US Attorney Rod J. Rosenstein said, according to a US Department of Justice advisory. “Mr. Makwana was trusted with access to the computer system, and he violated that trust.”