Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fannie Mae Worker Indicted For Malicious Script

Posted by Soulskill on from the good-thing-their-engineers-bailed-them-out dept.

dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"

4 of 325 comments (clear)

  1. Re:erase my mortgage by jeff4747 · · Score: 5, Informative

    There would be records proving you own the home.

    When you take out a mortgage, the deed is still in your name. That's one of the main reasons foreclosure is actually kind of a pain in the ass for banks. They have to get the house transferred to their ownership before they can sell it.

    The deed is on paper in a filing cabinet in some county office (It's also stored electronically by the county). You should also have received a copy of it when you signed the flurry of paperwork when you bought the house.

  2. Re:Really? by Anonymous Coward · · Score: 5, Informative

    Former FNMA employee here- I left a couple years ago.

    1- The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack.

    2- They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.

    Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed. Not a virus by any stretch.

    Oh- and of course they have backups, but imagine restoring 2500+ servers from tape... Thats probably where the week of downtime came from, and it sounds accurate to me.

  3. Well, no, you still won't own your house by sirwired · · Score: 4, Informative

    When the deed was recorded at the local records office, the fact that the bank has a lien on it is recorded along with it. The only way to clear that lien is to get the lienholder to have a letter saying so attached to your deed, or you have to have a court do it.

    SirWired

  4. The Formal Criminal Complaint by Octorian · · Score: 5, Informative

    While reading through the article, and some of the talkback, I stumbled across this document which contains results of the actual investigation. It has lots of actual details, and is worth a read. (meanwhile, the news articles are a little too dumbed-down to be of any real value or interest).