January 30, 2009 – A former Fannie Mae contractor pled not guilty to a charge of computer intrusion in federal court. Rajendrasinh Makwana was fired from his contract position at Fannie Mae’s data center on October 24, 2008. According to an affidavit from the FBI agent working on the case, within 90 minutes after being notified of his termination (but several hours before his access to the Fannie Mae network was terminated), Makwana embedded malicious code set to trigger on January 31, 2009, in a legitimate script that ran on Fannie Mae’s network every morning. A Fannie Mae engineer found the malicious code five days after Makwana was fired. If the script had not been discovered, it would have disabled all logins, deleted the root passwords to all the servers on the Fannie Mae network, and deleted all the data on the servers. News story.
The incident emphasizes the need to for companies to have procedures in place to immediately terminate network and systems access when an employee is fired or otherwise leaves the company. Disgruntled employees, especially those with higher-level access to IT systems, can do a lot of damage in a very short amount of time.