Local

[Print]  [Email]        

Ex-Fannie Mae worker charged with planting computer virus

By: Freeman Klopott
Examiner Staff Writer
January 29, 2009

A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say.

Rajendrasinh Makwana, an Indian citizen, was indicted Tuesday on computer intrusion charges. The former Gaithersburg resident is out on $100,000 bail, court documents said.

Makwana was fired from his contract position at Fannie Mae on Oct. 24 for changing computer settings without permission from his supervisor, FBI agent Jessica Nye wrote in a sworn statement. He had worked at Fannie Mae for three years as a computer engineer at the Urbana offices, where he had full access to all of the federally created mortgage company’s 4,000 servers. Before leaving work Oct. 24, Makwana allegedly tried to hide a code in server software that was set to activate the morning of Jan. 31, the agent wrote.

“Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week,” Nye wrote. “The total damage would include cleaning out and restoring all 4,000 of [Fannie Mae’s] servers, restoring and securing the automation of mortgages, and restoring all data that was erased.”

A spokeswoman for Fannie Mae declined to comment.

According to Nye’s statement, a senior computer engineer discovered the virus Oct. 29. The malicious code was hidden after a blank page, and “it was only by chance” that the senior engineer scrolled down and found the virus, Nye wrote. The engineer locked down Fannie Mae’s servers to determine whether other viruses were hidden inside and where the virus had come from, Nye wrote. Only about 20 Fannie Mae employees and contractors, including Makwana, had access to the server where the virus was stored.

An Internet Protocol address was eventually linked to Makwana’s company-issued laptop, Nye wrote. He was arrested Jan. 7.

The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae’s computer monitoring system and then cutting all access to the company’s 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying “Server Graveyard.”

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.

Since the virus’s discovery, engineers have double-checked the servers and found no evidence of other malicious codes, Nye wrote.
Makwana’s attorney, Christopher Nieto, did not return calls Wednesday.


To view this site, you need to have Flash Player 8.0 or later installed. Click here to get the latest Flash player.


Most Popular Headlines



 


 



 

Reader Comments

All comments on this page are subject to our Terms of Use and do not necessarily reflect the views of the Examiner or its staff. Comment box is limited to 250 words.

Trojanhorses

Jan 29, 2009

Thank you. Now you see there is no such thing as an hones to goodness H1B worker. Not only do they have the market cornered at Fannie along with Freddie They have no love for this country while we are trying to get above water Yes call me whatever you like I am sure tthe same people who planted a virus also covered up this Fannie Mae crisis for the higher ups at Fannie. America wake your sorry asses from the slumber.

 

H1B#36a

Jan 29, 2009

What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!

 

Skip

Jan 29, 2009

I would suggest that there is a lot more to this story than has been reveled so far. This man is a talented professional, and to risk his career with such an action doesn't make sense.

 

Jim

Jan 29, 2009

Trojanhorses! Hold your horses dear boy. You have no idea if he was really a H1B? Now do you? Stop spreading hate and go home to your mama.

 

Patrick

Jan 29, 2009

hey this one ought to make you smile

 

melancholyrb

Jan 29, 2009

Here is the text of the criminal complaint: http://i.zdnet.com/blogs/fmncomplaint.pdf The suspect's method and motivation are well outlined. Trojanhorses: Perhaps you should reconsider extrapolating the character of 85,000 people from the actions of one.

 

Vicente

Jan 29, 2009

Unbelievable. This employee might been doing us all a FAVOR if debt records were wiped and the company thrown into chaos. Maybe a PROPER AUDIT WOULD HAD TO BE CONDUCTED. Then we'd finally get to see some criminal CEO doing a perp walk. They did much more damage to the economy and this country but every single fatcat will walk away with giant bonusses.

 

Harold

Jan 29, 2009

Jessica Nye needs to learn that "shutdown" is not a verb. Maybe we need a Federal Bureau of Spelling.

 

to Trojanhorses

Jan 29, 2009

Let's not mischaracterize H1Bs from the actions of one foreigner, who is only here because local workers can't cut the mustard.

 

Wolf

Jan 29, 2009

@Harold: In the technical world (especially for UNIX administrators) shutdown is a verb. I am a UNIX administrator and I think Ms. Nye's report was very good, and I guess it is more important that she's competent at her job rather than able to translate technical jargon in perfect English. That said, I find it odd that a programmer fired for incompetence was able to devise such a scheme: especially because the code was apparently flawless and he had no way to test it.

 

Steve

Jan 29, 2009

@Vicente: With 4000 servers they surely have an extensive backup and restore policy and procedure. If the accused had somehow figured out a way to invalidate all the backups that were made, in addition to the "virus"'s reported capabilities, _then_ he would have done us a favor. Otherwise, it would have just been a headache for the administrators of those servers. And a short period of unavailability for some services.

 

QSECOFR

Jan 29, 2009

Thats why you implement a Change Control Process and you do not put your source on Production servers. As far as H1B's are concerned is not our students graduating from MIT, Berkley and other top universities not good enough? Now to add to Vicente comments, he probably would of done us all a favor... thanks melancholyrb for posting the complaint, I think I might use this as an example for current source code auditing when pushing changes to production.

 

blast3r

Jan 29, 2009

this was not a trojan as others are saying in the comments section. this is a logic bomb.

 

Joseph Durnal

Jan 29, 2009

Wow, this is an interesting story. A good security policy, that was actually implemented and followed would have prevented this. I want to see the script! :)

 

procedures/policy failure

Jan 29, 2009

Multiple failures, Change Management, Management and employee... Tisk Tisk. No worries he'll get a job with WiPro next month and will be back on the job with Homeland Security.

 

Stripped

Jan 29, 2009

One does not need to be a talented programmer these days to come up with a trojan (or a logic bomb script for that reason). Go download a copy of BackOrifice or a similar thing, click a couple of times, and -- voila! -- a new "trojaned" app has been created. If it weren't so, we wouldn't have so many script kiddies going for the low-hanging fruit. Going on with the fruit theme, one rotten apple doesn't mean all of H-1B's are vile, malicious, vindictive, and unprofessional. And as it's been already noted, proper CM procedures and security practices (separation of duties, anyone?) would've prevented this.

 

H1-B's

Jan 29, 2009

Jim my friend all the information is there to clue you in that he was here on a H1-B Visa. For those of us that work for these companies that are offshoring work to India and piling up H1-B Visa's we know what to look for in the written word to translate. 100% chance he was here on a H1-B Visa. Just another way for these firms to cut wages. Hey the CEO's bonus would suffer if he did not have all this cheap labor at their disposal.

 

His employer was OmniTech

Jan 29, 2009

If you want to see all the jobs OmniTech advertises for H1-B Visa's scroll down the page. OmniTech is based in Fairfax Va. http://jobsearch.monsterindia.com/searchresult.html?fts=infosolutions&loc=

 

Smarter

Jan 29, 2009

I am not sure that he is guilty or not. I think Fannie Mae is playing game. Next month, Fannie Mae will be say Bank losts more than 1 trillion dollor....and they does not have to pay money....their customer....GOD Bless USA

 

Cliff

Jan 29, 2009

We are assuming he is guilty and not being framed for some reason. But given that assumption, it demonstrates the weak security policies, as Joseph Durnal has pointed out. One must assume that security breaches will occur, given enough time, and therefore data should be compartmentalized: the scope of any malicious action should be limited. It is unconscionable that one account could have acted upon 4000 servers. That is the problem. I also very much dislike the comments by Trojanhorses. I have colleagues and friends who are Indian and H1B. We need to remember that there was a time when all of our ancestors emigrated here.

 

Striker

Jan 29, 2009

Having worked there, I'm not sure that their backup and restore procedures are the greatest. Even if they have improved since my departure, restoring 4000 servers has got to be quite a task. The points on separation of duties is well taken. However, other articles indicated that his first erroneous computer script was created on Oct. 10 or 11. They didn't get rid of him until the 24th!!! I don't recall anything about Fannie's contracting policies, but in most places, the contractor screws up and he's gone that day. All it takes is a call from the company's contracting officer to the contractor's home office. I agree with others that all we are seeing is what they needed to use in the criminal complaint and indictment. There is probably much more that took place.

 

Losers

Jan 29, 2009

Guess that some body is trying to put someone in a scape goat scene. Rajendrasinh Makwana is also stupid enough not to mask his step. If he wants to plant a virus, he should never use his own device and runs as far as possible. Guess again that the FBI also finds viruses on his home computers.

 

Tam

Jan 30, 2009

Almost every major issue at Fannie/Freddie center around kickbacks. Contractors bill an average of $100/hr. The placement agency keeps $15/hr. The hiring manager or their wife or offshore account earn $15 to $20/hr. Corruption is widespread and shameless. Does anyone believe the guy got fired for changing computer settings? Please. Likely his placement agency and the hiring manager fought over kickback shares, threats were made to remove the individual, and the individual probably threatened to go to the authorities (under a federal conservatorship, kickbacks become illegal.) I feel bad for the guy.

 

DaBomb

Jan 30, 2009

Hey, thanks for revealing all of that internal information about Fannie Nye and the court system/Judge. It is great that you have made public the IP address scheme, server names, and a whole host of other information to make somebody's job much easier to navigate around and plan an intrustion. Also, the guy just added a few lines of script to the bottom of a script that runs every day, on a date, it would actually execute causing the issue. This isn't a trojan. Nye, you should be ashamed for your poor abilities to do your job, your technical abilities and nomenclature are second rate. Obviously all of your information contained in the complaint came from the Fannie internal security team.

 

Pwnd

Jan 30, 2009

I find this tale suspicious on a few levels. First and foremost, what prompted the senior engineer to think there was anything odd and motivate him to scroll down and look at the end of the page? Second, if Rajendrasinh was creative enough to write a script to do what he is alleged, he should have been creative enough to simply replace an existing system configuration file with the malicious script, ensure that he retained the original file's timestamp, changed whatever passwords he could have, and done it all from a VM image on his laptop that was using a bridged connection and not NAT'd. If you're going to do something that holds dire consequences should you get caught, you should ensure that you take every precaution not to. Like H1B#36a said, this is an issue that should also bring question upon the quality of management that would hire someone into a position where their skills are lacking.

 

Elivs

Jan 30, 2009

What do you want to be he isn't and H-1B or an L-1 or some other alphabet soup visa? A recent study found more than one in five H-1B applications to be invalid for one reason or another. In 2001, while hundreds of thousands of American techs were being laid off, it is estimated that 9 out of 10 tech jobs created that year were reserved and given to foreigners. Fast forward to now: they keep their jobs while we are being laid off in droves. Horror stories of H-1Bs cramming for skillsets on the job that they were already supposed to posses are easy to find on the web, as are stories of what they did once they were on the job. See for yourself and make up your mind. Many already have.

 

SoCo

Jan 30, 2009

Doesn't anyone else think this is more than a little suspicious: "An Internet Protocol address was eventually linked to Makwana’s company-issued laptop". It seems that even your disgruntled script kiddy would use a different terminal or a method to conceal the implanting of such a script. I think this should be a serious red flag that foul play was possibly to a cause, as IPs have serious accountability short comings. I hope some technician isn't setting this guy up, or using him as a scape goat through his IP/laptop for his own failed attack. Accountability seems very marginal unless this guy confesses, which you usually don't do before/after posting $100K bond

 

cheapworker

Jan 30, 2009

You get what you pay for in the short term and then pay for it over and over in the long term.

 

FedupLibBS

Jan 30, 2009

Geez .. now this makes Watergate look like a WaterBalloon fight.

 

CMD

Jan 30, 2009

...and if they overlooked any instance of malicious code of this nature then we'll be hearing more about this sometime after 9:00 a.m. tomorrow (31 January).

 

PSquare

Jan 30, 2009

This consultant worked for IonIdea and not Omnitech. FBI made an error. You will soon see a correction. Already, the following links has the correction 1. http://www.theregister.co.uk/2009/01/29/fannie_mae_sabotage_averted/ 2. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9127040&taxonomyId=17&intsrc=kc_top PSquare

 

Chris Amsden

Jan 30, 2009

I hope they string this guy up by the nearest tree! As if the financial sector isn't already suffering enough, we have guys like this out there trying to ruin it for the rest of us!

 

Dude

Jan 30, 2009

=) what's an H1B? I have yet to read the full criminal complaint, but it seems to me that this code could not have ben created in less than a day when he was fired, so he must have been working on it for a while and that's probably where he had slipped up on a few other projects. But who hired in this contractor to whom did he report? If any of the records were tampered with the people indebted would not benefit, only the CEOs who cooked the books and left with their golden parachutes would. So maybe they should follow this guy's bank account to see who is paying his bail "out"

 

Ironhors

Jan 30, 2009

It is a crime to use Federal money to hire H1B people from overseas or engage firms registered overseas anyway. Most of the work done by H1B from India is sub-standard to begin with; let alone the people from there are not trust worthy.

 

Sadler

Jan 31, 2009

Apparently Makwana is currently working for Bank of America! I have notified BoA Security as well as the FBI. BoA needs to review everything he had access to... He should be considered an imminent threat and a flight risk. See www.D50.org for my predictions of this type event from years ago.

 

Clinton2012

Jan 31, 2009

All the H1Bs working in our tech industry are a ticking bomb, Obama should take this near miss as a warning and send Raj to jail and his buddies back home. How many layoffs of American workers does it take before we stop giving some of our best jobs away?

 

Sadler

Jan 31, 2009

To Clinton2012: Please Google: "hillary clinton" +tata

 

kgb999

Feb 1, 2009

From the complaint: "In one email, MAKWANA communicated to his relatives in India instructing them not to return to the United States." This guy was H1B. He would have been long gone to India by the time this thing executed. That's why he thought he didn't have to worry about the repercussions.

 

jasmin nay

Feb 2, 2009

rajendrasinh is innocent.some body is trying to entrapped him.think if he want to do any wrong to Fannie Mae data then he will use his own laptop for this malicious codes.he can use any other ip address also instead of his own.he is innocent.

 

jolly

Feb 2, 2009

rajendrasinh is innocent.some body is trying to entrapped him.think if he want to do any wrong to Fannie Mae data then why he will use his own laptop for this malicious codes.he can use any other ip address also instead of his own.he is innocent." and 24oct was his last day of job if he has done any wrong then he should gone back to india.but still he is in usa that means he is innocent.may some one has use rajendra ip address and edit malicious codes.some one has miss use rajendra laptop.he is innocent.FBI shoud reinvestigate this case again if possible.rajendra is innocent.

 

H2B

Feb 2, 2009

A high profile investigation on this case is needed. What is the benefit for Makwana if he plants virus on Jan 31. Don't you think it is a continuation of the corrupt republican regime to hide out many of their faults. Is there a clear proof of when this virus was planted? Was Makwana had access to that laptop on such date? Hope the examiner will examine such basic facts!

 

Mar 2, 2009

It is rubbish charges agaist him he never can do it.he is innocent.I know him since his childhood.I am sure he will come clean from this unrealastic. P.S.Bhullar India

 

Sys

Mar 17, 2009

America needs to restrict companies from hiring H1B workers and start to focus on US citizens. I'm not saying stop completly, just heavily tax companies that are hiring H1B workers.

 

sweta makwana

Apr 20, 2009

i m a wife of rajendrasinh makwana. right now i m in india. i passed 5 years with my husband. he can not do that cheapest thing. he is innocent.please,i request u all,do not blame him. i and my both kids r waiting eagerly of raj.do favour with him.

 

Tom

Oct 28, 2009

The references I find in the Bible about helping the poor refer to the "orphan and the widow" within the community who could not, in those days, help themselves. You people who are so intent on open borders (Tell me again, how many of the 6.2 BILLION in the world do you want us to support in this country ?)need to write Sr.El Presidente de Mexico and tell him to use some of that oil money, Am. aid, drug money, etc. to provide schools, jobs, and health care for his people. I refuse to take on his responsibility. You open-border types feel so righteous about helping others, but I'd be willing to bet you have some problems in your personal relationships, which you can't handle - so, you "relate" to those far afield; it's so much easier.
phentermine side effects

 


Post a comment


Email:
(This will not be displayed or shared. Privacy Policy)

Display Name:

Comment:




Sports

Dale Earnhardt Jr. runs laps during a NASCAR Sprint Cup Series practice at Texas Motor Speedway in Fort Worth, Texas, on Friday, Nov. 6, 2009. (AP Photo/Larry Papke)

Earnhardt Jr.: Danica Patrick would be good for NASCAR; nothing new on her joining his team

Dale Earnhardt Jr. says Danica Patrick would be good for NASCAR, but there's nothing new to report on the IndyCar star joining his team. Full story

Politics

Demonstrators chant on Capitol Hill in Washington, Thursday, Nov. 5, 2009, during a Republican health Care reform rally. (AP Photo/Jose Luis Magana)

House Democrats clear impasse over abortion holding up vote on health care legislation

Capping months of months of struggle, House Democrats cleared an abortion-related impasse blocking a vote on sweeping health care legislation late Friday and officials expressed optimism they had finally lined up the support needed to pass President Barack Obama's top domestic priority. Full story

Entertainment

'Golden Girls' star McClanahan has bypass surgery

Rue McClanahan, who played sexy Southern belle Blanche Devereaux on "The Golden Girls," was recovering Thursday from heart bypass surgery at a New York City hospital. Full story