Slashdot Mirror
Fannie Mae Worker Indicted For Malicious Script
dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"
the only thing that matters to me... will it erase my mortgage??!??!
We've gotta wipe the system, man. Give everyone a blank slate!
http://www.chaotickingdoms.com
Either a laughing skull and bones or an animated version of him as a bobblehead that pisses off Samuel L. Jackson with his hacker crap?
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
The "Fight Club" guy in me would like to have seen that particular bomb go off. I know the damage would not have been , permanent, perfect or complete (That's what backups are for... right?) but still. Taking those financial giants down a peg might have tickled me. (It damn sure wouldn't have taught anyone any moral lessons or anything.
Look like he was flying through a cyberspace version of his city while he was doing it???
...turned Fannie Mae into a financial failure.
Considering that Fannie Mae has been losing billions every week, the idea of only losing a few million for a week sounds like a great idea.
I am Jack's complete lack of surprise
Technically, all of the data in a computer is really just a bunch of ones and zeros, so assuming a fairly even mix of those two possibilities, writing over everything with zeros would only change half of their data.
One time I threw a brick at a duck.
Of course it isn't verifiable, but I thought this was interesting:
H1B#36a: "What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!"
-t.
Not in the financial business.
Everything needs to be approved, certified and someone has to get a kickback. Only the former two are official, the third is most likely the reason for the first two because I, at least, couldn't find any other sensible explanation, but that's just how it is. To be allowed in some important network, this can be some auditing standard or information exchange, you almost certainly have to use one of the "approved" systems.
So it's quite likely, actually, that you find a monoculture of servers in financial companies. And guess what kind of monoculture it will be?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bruce Schneier is right; security is a process, not a product. The internal threats are just as great, if not greater, than the external ones.
And it appears their security process was rather good - they caught and stopped the threat in time.
Why?
Fanne May more than likely uses Server 2003 with MSSQL. and I'm betting all on the same domain with a global user list.
This would not a hard thing to do. 1 afternoon with VB and I can write the same thing. Hacker 101 stuff.
Most financial places have REALLY SHITTY IT security.
Do not look at laser with remaining good eye.
This is like if someone mixed the movies Office Space and Fight Club together!
Former FNMA employee here- I left a couple years ago.
1- The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack.
2- They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.
Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed. Not a virus by any stretch.
Oh- and of course they have backups, but imagine restoring 2500+ servers from tape... Thats probably where the week of downtime came from, and it sounds accurate to me.
Obviously virus is what the idiot who wrote the article is calling it (and possibly a term used in whatever he has been charged with), but since he had root access to all the servers it wouldn't really be a virus. Just a script installed on them, probably run via plain old cron.
When you terminate a contractor or employee it is wise to also terminate their access to your servers...
#!/bin/sh /dev/[sh]d* /dev/zero >"$i" &
for i in
do
cat
done
is not exactly a great piece of programming (and the above is obviously untested, and since he was a unix admin he would actually know what the drive device names are in the presence of wierdo RAID setups...)
Fannie Mae most certainly does have backups. Having a backup and the time to recover said backup, though, are two very different things.
df -h
Yeah, but his friends call him "Raj".
My gods man, have you never placed a call to tech support, his name is (Tom, Mike, George, or Larry)
They don't need to, I'm sure that:
1- he was fired that day
2- the edits came from his account
3- the login came from his workstation
Thats more than enough evidence to convict, unless he can prove otherwise. Don't think you need to be caught red-handed with photographic proof to be sent to prison. Circumstantial evidence is more than enough unless you have a good defense.
When the deed was recorded at the local records office, the fact that the bank has a lien on it is recorded along with it. The only way to clear that lien is to get the lienholder to have a letter saying so attached to your deed, or you have to have a court do it.
SirWired
couldn't somebody at the credit company do this...and not get caught?
The Kruger Dunning explains most post on
From there, the virus would wipe out all Fannie Mae data, replacing it with zeros
Wouldn't zero be an improvement over negative whatever?
Set your phasers on "funky"!
They fired him. And let him have some access before he left.
Not a good idea. Sadly, you have to be aware of the threat. If you're firing someone with admin access, you should meet with them in a room without a workstation, explain the situation, and send them back to their desk to clean it out - with a monitor to ensure their workstation stays turned off.
While you're having the meeting, someone shuts down their workstation, disables network access, and - if not concurrently - immediately revokes their privileges. You do not finish the meeting until you receive confirmation that they no longer have access. Usually you have to let them be interviewed before you can kill their access, since some people get suspicious when they can't sign on. Forbid that the Help Desk will assist them in resetting their password. You gotta kill their privileges. The ideal scenario is letting them sign on but have no access to anything. After they are gone, then you can reset the password. Some systems need the access left in place to do forensics or establish their replacement (a sign of inadequate documentation) and thus you have to resort to the password trick.
If in doubt, I've cut their network cable right off, or even superglued blank plugs in their office jacks while I go back over their privileges. I can replace the jacks easily.
An unfortunate oversight. Some places have this 'exit interview' with security present. Some, Like Fannie Mae back then, don't think it through.
Can't be too careful.
Here, I work in a fairly secure environment. In spite of that, some of my IDs got associated with another employee with the (mostly) same name, go figure. He left at the end of the year. I've been getting access established to many systems as our security group has dutifully deleted my access as his. Too damned efficient.
deleting the extra space after periods so i can stay relevant, yeah.
Because of a bug in the script which made it error...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Depends on the jury you get.
Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
Wrong on all 3.
a) "Bunch" is singular. That is one bunch of bananas.
b) I shouldn't have to explain this, but in said bunch, there are ones, and there are zeros. A single bit is a one or a zero; multiple bits, each of which is either a one or a zero, provide a set of that contains both ones and zeros. (Assuming that there is at least 1 one and 1 zero in a given set. If the set were all ones or all zeros, then it would indeed be correct to call it a set of "ones or zeros.")
c) Spellcheck should provide the insight on this one.
I don't believe in time. It's a grand conspiracy designed to sell watches.
Which is obviously part of their overall security policy, to only hire incompetent programmers.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
While reading through the article, and some of the talkback, I stumbled across this document which contains results of the actual investigation. It has lots of actual details, and is worth a read. (meanwhile, the news articles are a little too dumbed-down to be of any real value or interest).
Very true. It amazes me that middle class anarchists believe that if the current society is obliterated it will be a net gain for them because a more equitable society will replace it. Historically you're much more likely to end up with a some sort of Pol Pot style nightmare.
Even as a hardcore liberal, that's my main argument in favor of gun ownership, a well-armed populace, with personal liberty and responsibility as our most essential civic virtues. Where guns are prohibited, the only people with guns are criminals... and the government. In Cambodia, the Khmer took the guns first, and then massacred 40% of their population.
I just wish other people looked at history and saw the same cautionary tales. The concept that democratic societies are somehow automagically inoculated against totalitarianism strikes me as hopelessly naive. For example, I'm really creeped out at the growing state-sponsored helplessness of our our brothers and sisters in the UK.
Just more proof that the motheaten left/right paradigm that talking heads are always blathering about hasn't been relevant since the French Revolution. We're all in this together as a society, and if you can't trust your law-abiding neighbors with guns, you need to get to know them better.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
I heard of a dead man switch script that an admin left that triggered when he was terminated (and not *touching* a seemingly innocuous file every week).
He was much more effective: he modified the backup script so it would encrypt all its data. The file sizes where correct, names correct, at a glance all looked right, but all files contained encrypted data.
The company only kept 6 months of backups. After six months, the script wiped the servers. The company couldn't recover anything.
They couldn't pin point it on anyone: they had fired a bunch of admins at the same time.
That is one mean, mean trick.
If you really think about, their idiotic top level management were still able to do more damage to the company than this virus would have. Now that's amazing!
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
From reading the actual court complaint, it seems the hacker put his malicious script at the bottom of a valid script which ran at well determined times. If that work place is anything like the work places I've haunted, then that script was probably kept in CVS. No doubt the boss in question was looking at the script because he wondered what the just fired employee would have put in the script.
Not being able to buy conforming loans is not an option for Fannie Mae or Freddie Mac. The bank goes, "Here is a consolidated loan that meets the specs. Give me money." They have a little control over why types of loans and the ratio mix they currently accept, but much of the control over what is rejected is based on the conformity.
I remember that FM in the beginning stated that due to the newly realized risk (which the banks actually restated), they would have to cut down on the number of subprime and similar loans accepted by them to reduce the over all reassessed risk of its assets. But then the government stepped in and said no, as that would adversely effect the current messed up market. A kind of "Keep doing the wrong thing, maybe it will blow over."
There are many parties involved here well beyond FM. The largest blame goes to banks and the real estate industry which in some cases, fudged the load parameters to pass the conformity as they knew NO one else would buy that crappy $500k loan to the guy who made $30k a year. The bank always took the blunt of the liability (due to the load structure w/ FM), but they got greedy thinking the house comes with the liability, and if the house appreciates, they come out way on top. The house estimates weren't realistic as they were based on the past few years of performance and not actual market conditions (key factor: rate of increase in people's salaries). The agents enticed the home owners and sellers to buy or sell on this false home evaluation.
China and US are also to blame as the former kept buying the securities backed by the US. China owns the majority of US debt through the securities. Normally what would have happened is that a buyer of a loan will eventually go "You got enough debt, I don't think you can afford anymore." or "I hold enough of your debt, and cash, you got to give me a far better return." Instead, China just kept regulating their currency, keeping the dollar well over valued and kept buying securities. On the flip side, the seller of the loan, not being able to make payments would have either stopped asking for crack money (reduce riskly loans) or default on many of the loans. But instead we stole money from those who still had it, to keep the lender happy and STILL asked for a shit load of loans (FM tax bailout by government via infusion of cash).
Home owners and home builders are to blame. People don't like this idea but the majority of the owners who can't pay fall into two groups: those who were stupid, and those who saw it as a great short term investment. Both of these should have done more homework. The later deserve losing their assets and the bankruptcy. And stupidity doesn't mean you get a bailout. Instead of letting these folks fall into bankruptcy (remember, this is a viable option in the US), we want to protect them and keep them in their homes. What people don't realize is that bankruptcy gives you a clean slate, quickly resets assets to their correct values, and teaches a valuable lesson. But instead we would rather protect them from a lesson learned, keep the home price overinflated (the perpetuating cause of this mess) and require overinflated loans to continue the mess. So basically we let the idiots keep the homes, new owners (includes honest, responsible ppl) out in the cold (plus we take their money through taxes), and reward poor decisions (some of them being mistakes is irrelevant). Our HOPE is that dollar inflation (bailouts, government overspending not compensated via taxes, overvalued assets, and China floating their currency) will devalue the homes and increase salaries (not actual value) enough to make us whole again. The retarded home builders didn't think, "There are 10 skyscrapers being built in Atlanta, will there be a market for a 11th?" or "I am building 500 overpriced $500k homes here, are there that many buyers in this area?" Their business cycles are in terms of 3-5 years, yet they based their estimates AT most on the last 6?!!! If they looked further back, ins