Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fannie Mae Worker Indicted For Malicious Script

Posted by Soulskill on from the good-thing-their-engineers-bailed-them-out dept.

dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"

37 of 325 comments (clear)

  1. erase my mortgage by tritonman · · Score: 5, Funny

    the only thing that matters to me... will it erase my mortgage??!??!

    1. Re:erase my mortgage by internerdj · · Score: 3, Interesting

      The more important question for me is if my mortgage gets erased do the records that I'm at least part owner of the property get erased or does the company just get the deed to my home? Well it was mortgaged, but we don't have the records anymore we'll just assume you owe the full purchase value of the property until you can prove otherwise.

    2. Re:erase my mortgage by jeff4747 · · Score: 5, Informative

      There would be records proving you own the home.

      When you take out a mortgage, the deed is still in your name. That's one of the main reasons foreclosure is actually kind of a pain in the ass for banks. They have to get the house transferred to their ownership before they can sell it.

      The deed is on paper in a filing cabinet in some county office (It's also stored electronically by the county). You should also have received a copy of it when you signed the flurry of paperwork when you bought the house.

    3. Re:erase my mortgage by tritonman · · Score: 5, Funny

      even if that were true... erase my mortgage, take my house, I go buy one the same size for half the price now!

    4. Re:erase my mortgage by elrous0 · · Score: 4, Funny

      You know, we slashdotters, as natural problem-solvers, should get together and work on a program to do that. It's a pretty pie-in-the-sky idea, though. Hey, that gives me an idea. We should call it "Pie-in-the-Sky."

      No, sounds too hokey. Need something more computer-sounding. How about "Skynet"?

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
  2. The First Rule of Fight Club by rhathar · · Score: 5, Funny

    We've gotta wipe the system, man. Give everyone a blank slate!

    --
    http://www.chaotickingdoms.com
  3. but would it have had graphics? by jollyreaper · · Score: 5, Funny

    Either a laughing skull and bones or an animated version of him as a bobblehead that pisses off Samuel L. Jackson with his hacker crap?

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
    1. Re:but would it have had graphics? by PeeAitchPee · · Score: 3, Funny

      I was thinking more like an avatar of him as a bespectacled fat dude wagging his finger and going, "Nah ah ah! You didn't say the magic word! Nah ah ah!"

  4. But did it.... by Phoenixhawk · · Score: 5, Funny

    Look like he was flying through a cyberspace version of his city while he was doing it???

  5. My goodness! It might have... by Petersko · · Score: 5, Funny

    ...turned Fannie Mae into a financial failure.

    1. Re:My goodness! It might have... by hey! · · Score: 4, Interesting

      ...turned Fannie Mae into a financial failure

      ... which it never was during the 30 years from 1968 to 2000, roughly when banking deregulation took effect. It may be that such an institution is a bad idea, but you have to consider that financial institutions of all kinds are in desperate condition as well, so you can't use the financial disasters of 2008 as proof that Fannie is any worse an idea than, say, a private investment bank.

      The idea that Fannies failure shows that it ought never have been, applied consistently, would argue for nationalizing banks. I, as one who has been a staunch liberal though the long winter of liberal dispute, think nationalization is a terrible idea. This is not because the government is bad and business is good, but because government and business would be indistinguishable, leaving nobody to watch the foxes in the chicken coop.

      All in all, I think the widespread calamity in the financial sector more probably indicates that the particular kind of banking deregulation practiced in the post Gramm-Leach-Bliley era has at the very least unintended consequences.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  6. It's a deal! by cfulmer · · Score: 5, Funny

    Considering that Fannie Mae has been losing billions every week, the idea of only losing a few million for a week sounds like a great idea.

  7. I am .... by Anonymous Coward · · Score: 5, Funny

    I am Jack's complete lack of surprise

  8. Technically by cowscows · · Score: 5, Funny

    Technically, all of the data in a computer is really just a bunch of ones and zeros, so assuming a fairly even mix of those two possibilities, writing over everything with zeros would only change half of their data.

    --

    One time I threw a brick at a duck.

    1. Re:Technically by wren337 · · Score: 4, Funny

      Great defense.
      "In fairness, a lot of those were zeros already."

  9. Interesting Comment in TFA by tristanreid · · Score: 4, Interesting

    Of course it isn't verifiable, but I thought this was interesting:

    H1B#36a: "What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!"

    -t.

  10. Woah by bFusion · · Score: 5, Funny

    This is like if someone mixed the movies Office Space and Fight Club together!

    1. Re:Woah by maino82 · · Score: 5, Funny

      The first rule of PC Load Letter is you don't talk about PC Load Letter.

  11. Re:Really? by Anonymous Coward · · Score: 5, Informative

    Former FNMA employee here- I left a couple years ago.

    1- The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack.

    2- They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.

    Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed. Not a virus by any stretch.

    Oh- and of course they have backups, but imagine restoring 2500+ servers from tape... Thats probably where the week of downtime came from, and it sounds accurate to me.

  12. Re:Really? by nedlohs · · Score: 4, Insightful

    Obviously virus is what the idiot who wrote the article is calling it (and possibly a term used in whatever he has been charged with), but since he had root access to all the servers it wouldn't really be a virus. Just a script installed on them, probably run via plain old cron.

    When you terminate a contractor or employee it is wise to also terminate their access to your servers...

    #!/bin/sh
    for i in /dev/[sh]d*
    do
            cat /dev/zero >"$i" &
    done

    is not exactly a great piece of programming (and the above is obviously untested, and since he was a unix admin he would actually know what the drive device names are in the presence of wierdo RAID setups...)

  13. Re:Disappointing... by Chyeld · · Score: 3, Insightful

    I'm guessing you don't really understand what Fannie Mae does if you think the folk taken down a peg would be the banks.

    Fannie Mae purchased mortgages from banks to ensure the banks always had money on hand to make loans. They sold these mortgages as securities, guarantying the purchaser the money (paying it themselves if the mortgagee defaults).

    Them loosing their records would simply mean that suddenly the banks would run out of 'liquid assets' to make loans with. Who do you think that would hurt: The average joe or the banks?

    Let me give you a clue, it wouldn't be the banks. They'd just hold onto the mortgages they have and start foreclosing aggressively to come up with the assets they need.

  14. Re:Disappointing... by anagama · · Score: 5, Interesting

    Them loosing their records would simply mean that suddenly the banks would run out of 'liquid assets' to make loans with. Who do you think that would hurt: The average joe or the banks?

    It seems to me that banks making loans over the last four years IS THE major problem. Had they not been able to, we wouldn't have had a baseless boom, Angelo Mozillo, a gazillion dollar bailout of the wealthiest individuals, and schemes to assist the most foolish "housing investors" -- all at my expense. I too am rather disappointed the script was found and I don't even have a mortgage. I refused to get caught up in the housing bubble choosing instead to wait for a return to normalcy, which turned out to be a mistake. What I should have done is bought a house way more expensive than I could afford on a negative amortization loan and let the government modify my interest rate and principal balance. I now realize that in America, prudence is punished and stupidity rewarded. So yeah, I'm actually very depressed the script didn't execute.

    --
    What changed under Obama? Nothing Good
  15. Re:Disappointing... by Chyeld · · Score: 4, Insightful

    Fannie Mae was not the problem there, they only purchased "conforming" mortgages which matched their definition of a 'non-risky' loan.

    The problem was from the fact that the banks started moving from relying on Fannie Mae and started making "non-conforming" mortgages and selling them to other privately held companies. Once these mortgages started defaulting and housing prices started falling, even the "conforming" mortgages started having problems and the house of cards fell.

    Fannie Mae is a good scapegoat for people who want to pin this whole situation on one group, but that's all they really are, a scapegoat. They had their own problems (notably shady dealing in the upper echelons) but they weren't the ones who cause or even setup this scenario.

  16. Well, no, you still won't own your house by sirwired · · Score: 4, Informative

    When the deed was recorded at the local records office, the fact that the bank has a lien on it is recorded along with it. The only way to clear that lien is to get the lienholder to have a letter saying so attached to your deed, or you have to have a court do it.

    SirWired

    1. Re:Well, no, you still won't own your house by CrazedWalrus · · Score: 4, Interesting

      You have no idea how right you are:

      http://www.nydailynews.com/money/2008/12/02/2008-12-02_it_took_90_minutes_for_daily_news_to_ste.html

  17. Why oh why by geekoid · · Score: 3, Funny

    couldn't somebody at the credit company do this...and not get caught?

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  18. Zero vs. Less Than Zero by srussia · · Score: 5, Funny

    From there, the virus would wipe out all Fannie Mae data, replacing it with zeros

    Wouldn't zero be an improvement over negative whatever?

    --
    Set your phasers on "funky"!
  19. Re:Disappointing... by anagama · · Score: 5, Interesting

    So if Fannie Mae had NOT been able to buy the conforming loans, banks making stupid loans would have had less money available to them because they'd have to hold the conforming loans, and as a result, those banks would have made fewer stupid loans. Sounds to me like FM was part of the problem. Honestly, I'm pissed. I'd like to see the entire banking industry lined up against the wall, because all it has amounted to recently is a Federally sanctioned highway robbery program targeted against people who live within their means and act responsibly.

    --
    What changed under Obama? Nothing Good
  20. Re:Disappointing... by UnknowingFool · · Score: 3, Informative

    Totally agree. Fannie was stuck with the bad loans that other institutions made. For years banks and credit unions had to be conservative when lending because had to absorb any bad loans they made. What caused the housing mess was that mortgages and loans became speculative instruments that could be sold and bought like stocks. It suddenly didn't matter as much to a bank if the person getting a mortgage could not pay it off. The bank would have made their money by selling off the mortgage long before that happened. The institution that bought the loan would have sold it off too before that happened. Eventually someone would have to take the loss when the house was foreclosed. Unfortunately that institution was Fannie Mae as it was designed to guarantee mortgages.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  21. Re:Security is a process by powerlord · · Score: 3, Funny

    Because of a bug in the script which made it error...

    Which is obviously part of their overall security policy, to only hire incompetent programmers.

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  22. The Formal Criminal Complaint by Octorian · · Score: 5, Informative

    While reading through the article, and some of the talkback, I stumbled across this document which contains results of the actual investigation. It has lots of actual details, and is worth a read. (meanwhile, the news articles are a little too dumbed-down to be of any real value or interest).

  23. Hence the need for a well-armed civil society. by Behrooz · · Score: 3, Insightful

    Very true. It amazes me that middle class anarchists believe that if the current society is obliterated it will be a net gain for them because a more equitable society will replace it. Historically you're much more likely to end up with a some sort of Pol Pot style nightmare.

    Even as a hardcore liberal, that's my main argument in favor of gun ownership, a well-armed populace, with personal liberty and responsibility as our most essential civic virtues. Where guns are prohibited, the only people with guns are criminals... and the government. In Cambodia, the Khmer took the guns first, and then massacred 40% of their population.

    I just wish other people looked at history and saw the same cautionary tales. The concept that democratic societies are somehow automagically inoculated against totalitarianism strikes me as hopelessly naive. For example, I'm really creeped out at the growing state-sponsored helplessness of our our brothers and sisters in the UK.

    Just more proof that the motheaten left/right paradigm that talking heads are always blathering about hasn't been relevant since the French Revolution. We're all in this together as a society, and if you can't trust your law-abiding neighbors with guns, you need to get to know them better.

    --
    "We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
    1. Re:Hence the need for a well-armed civil society. by Ironica · · Score: 4, Insightful

      In Cambodia, the Khmer took the guns first, and then massacred 40% of their population.

      Took the guns... from whom? And how? Did an elected body pass gun control legislation with the support of the populace, and then turn around and engage in wholesale massacre? Somehow I missed that part of the story.

      What's to keep the government from "taking the guns" from a well-armed populace? The same populace? What if the government has bigger guns? They always will, because they have bigger budgets. Your well-armed populace better have fixed anti-aircraft emplacements if someone ever really launches a successful attempt at a military dictatorship in the US.

      So, a well-armed populace cannot prevent the scenario you describe. Which leaves the question, just what *can* it accomplish? There will always be people within the population who are not armed, whether they are unwilling or unable to become so. Should they have their liberty and health threatened by the "well-armed populace?"

      Is there a role for police in your world? Wouldn't any police force that could effectively protect the rights of individuals necessarily require the ability to exert superior force?

      --
      Don't you wish your girlfriend was a geek like me?
  24. Re:Disappointing... by Archangel+Michael · · Score: 4, Insightful

    Stupid SHOULD hurt. The government and the liberals don't realize this. And yes, I said Liberals ... not Democrats. There were plenty of LIBERAL (see compassionate conservatives) in the Republican Party too.

    And by "Stupid" I don't mean lack of intelligence (IQ), I mean DARWIN Award winners types. These are the people who have a brain, should know better, but don't F'in care about what they are doing and expect everyone else to clean up their mess.

    Sorry, but STUPID SHOULD HURT! Like when you stick your hand on the stove hurt. Like when you make stupid loans and bundle them into derivatives to leverage the stupidity and then re-bundle those into even more stupid derivatives. IT all works, until it doesn't, then everyone pays for the Ponzi Schemes.

    Which is why the stupid Bailouts to the same people that caused this mess is just stupidity on top of stupidity. We are now leveraging STUPID to try to stop the "HURT".

    And nobody is willing to tell it like it is. STUPID!

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  25. Re:Disappointing... by tnk1 · · Score: 3, Interesting

    Don't go absolving Fannie Mae, their management was just as evil as anyone else's. Let's not forget their little, "oops we need to restate our income by a few billion dollars" fiasco. There were plenty of people in the FNMA Market Room who were playing fast and loose with mortgage backed securities.

  26. Re:Disappointing... by Chyeld · · Score: 3, Interesting

    Jesus FUCKING Christ on a stick.

    Would you honestly rather your kids live through another Great Depression (with the knowledge that neither of the "Great"s were solved by anything other wars so massive that they slaughtered good percents of the working base, thus removing the issue of unemployment) or with a devalued dollar and stable nation?

    STUPID is cutting your nose off just to spite your face, which is exactly the plan of action you are pushing for.

    STUPID is letting the whole thing go down the tubes and fucking everyone over just to hold on to your sense of pride over the fact that a few scam artists might get away with their scam. Not, mind you, have any of them actually made it to the clear yet.

    STUPID is waving the banner for your children while setting them up for a life of misery.

    And frankly, as STUPID as I consider your plan of action, since my life is also impacted by your STUPID, I'm not interested in hearing anymore. Take a tranquilizer or something for your stiff neck and let it go.

  27. Re:I see how he did it... by couchslug · · Score: 3, Interesting

    Of course, the way around this would be a "deadman switch" that required input NOT to trash the system.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."