Slashdot Mirror
Fannie Mae Worker Indicted For Malicious Script
dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"
Leading to a downturn in mortgages issued to people who have no chance of paying them back.
Sounds like a white hat to me.
The "Fight Club" guy in me would like to have seen that particular bomb go off. I know the damage would not have been , permanent, perfect or complete (That's what backups are for... right?) but still. Taking those financial giants down a peg might have tickled me. (It damn sure wouldn't have taught anyone any moral lessons or anything.
The more important question for me is if my mortgage gets erased do the records that I'm at least part owner of the property get erased or does the company just get the deed to my home? Well it was mortgaged, but we don't have the records anymore we'll just assume you owe the full purchase value of the property until you can prove otherwise.
Of course it isn't verifiable, but I thought this was interesting:
H1B#36a: "What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!"
-t.
They don't need to, I'm sure that:
1- he was fired that day
2- the edits came from his account
3- the login came from his workstation
Thats more than enough evidence to convict, unless he can prove otherwise. Don't think you need to be caught red-handed with photographic proof to be sent to prison. Circumstantial evidence is more than enough unless you have a good defense.
So if someone say nuked the Fannie Mae servers then millions of people would get free homes?
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
...turned Fannie Mae into a financial failure
... which it never was during the 30 years from 1968 to 2000, roughly when banking deregulation took effect. It may be that such an institution is a bad idea, but you have to consider that financial institutions of all kinds are in desperate condition as well, so you can't use the financial disasters of 2008 as proof that Fannie is any worse an idea than, say, a private investment bank.
The idea that Fannies failure shows that it ought never have been, applied consistently, would argue for nationalizing banks. I, as one who has been a staunch liberal though the long winter of liberal dispute, think nationalization is a terrible idea. This is not because the government is bad and business is good, but because government and business would be indistinguishable, leaving nobody to watch the foxes in the chicken coop.
All in all, I think the widespread calamity in the financial sector more probably indicates that the particular kind of banking deregulation practiced in the post Gramm-Leach-Bliley era has at the very least unintended consequences.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Wrong on all 3.
a) "Bunch" is singular. That is one bunch of bananas.
b) I shouldn't have to explain this, but in said bunch, there are ones, and there are zeros. A single bit is a one or a zero; multiple bits, each of which is either a one or a zero, provide a set of that contains both ones and zeros. (Assuming that there is at least 1 one and 1 zero in a given set. If the set were all ones or all zeros, then it would indeed be correct to call it a set of "ones or zeros.")
c) Spellcheck should provide the insight on this one.
I don't believe in time. It's a grand conspiracy designed to sell watches.
I heard of a dead man switch script that an admin left that triggered when he was terminated (and not *touching* a seemingly innocuous file every week).
He was much more effective: he modified the backup script so it would encrypt all its data. The file sizes where correct, names correct, at a glance all looked right, but all files contained encrypted data.
The company only kept 6 months of backups. After six months, the script wiped the servers. The company couldn't recover anything.
They couldn't pin point it on anyone: they had fired a bunch of admins at the same time.
That is one mean, mean trick.
True, but the wise men of wall street were supposed to have their exalted status because they knew how to grade and price risk better than ordinary mortals. If I were a Citibank investor, and Charlie Prince told me to my face that the reason my stock was in the toilet wast that Franklin Raines pulled a two bit Svengali act on him, I'd spit in Prince's eye.
And with respect to Fannie and Freddie's "special status with the government", what, exactly is this special status they enjoy? That they are too big to fail? That's hardly confined to Fannie and Freddie. The only thing that is special is that they were started by the government; aside from that they don't have any more clout than any other private institution that controls astronomical sums of money (which admittedly leaves room for that being too much clout).
In fact Freddie was started for the exact too-many-eggs-in-one-basket concerns you raise. It doesn't matter how many baskets the economy's eggs are in, if the rules create an incentive to place them all in the same precarious position.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
You have no idea how right you are:
http://www.nydailynews.com/money/2008/12/02/2008-12-02_it_took_90_minutes_for_daily_news_to_ste.html
"Presumably, since you are actually here to post about it, you didn't go to Cambodia while Pol Pot was in power. I assure you, disappointment would be the least of your worries in Cambodia in the 70's." I went to Cambodia several times in the last decade. Quite obviously there was not a whole lot of tourism in the kingdom in the last quarter of the 20th century. I think everyone knows this even without you announcing it on /.
I'm not sure why two people mentioning some songs and making a silly comment brings two such pedantic, pompous and condescending replies. I don't know what your problem is, or why you think you ought to give me a lecture (about a country I visited many times...did you?) or what kind of asshole mods up your pedantic and stupid remarks. To summarize: piss off.
From reading the actual court complaint, it seems the hacker put his malicious script at the bottom of a valid script which ran at well determined times. If that work place is anything like the work places I've haunted, then that script was probably kept in CVS. No doubt the boss in question was looking at the script because he wondered what the just fired employee would have put in the script.
Of course, the way around this would be a "deadman switch" that required input NOT to trash the system.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."