Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fannie Mae Worker Indicted For Malicious Script

Posted by Soulskill on from the good-thing-their-engineers-bailed-them-out dept.

dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"

27 of 325 comments (clear)

  1. erase my mortgage by tritonman · · Score: 5, Funny

    the only thing that matters to me... will it erase my mortgage??!??!

    1. Re:erase my mortgage by jeff4747 · · Score: 5, Informative

      There would be records proving you own the home.

      When you take out a mortgage, the deed is still in your name. That's one of the main reasons foreclosure is actually kind of a pain in the ass for banks. They have to get the house transferred to their ownership before they can sell it.

      The deed is on paper in a filing cabinet in some county office (It's also stored electronically by the county). You should also have received a copy of it when you signed the flurry of paperwork when you bought the house.

    2. Re:erase my mortgage by tritonman · · Score: 5, Funny

      even if that were true... erase my mortgage, take my house, I go buy one the same size for half the price now!

    3. Re:erase my mortgage by elrous0 · · Score: 4, Funny

      You know, we slashdotters, as natural problem-solvers, should get together and work on a program to do that. It's a pretty pie-in-the-sky idea, though. Hey, that gives me an idea. We should call it "Pie-in-the-Sky."

      No, sounds too hokey. Need something more computer-sounding. How about "Skynet"?

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
  2. The First Rule of Fight Club by rhathar · · Score: 5, Funny

    We've gotta wipe the system, man. Give everyone a blank slate!

    --
    http://www.chaotickingdoms.com
  3. but would it have had graphics? by jollyreaper · · Score: 5, Funny

    Either a laughing skull and bones or an animated version of him as a bobblehead that pisses off Samuel L. Jackson with his hacker crap?

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  4. But did it.... by Phoenixhawk · · Score: 5, Funny

    Look like he was flying through a cyberspace version of his city while he was doing it???

  5. My goodness! It might have... by Petersko · · Score: 5, Funny

    ...turned Fannie Mae into a financial failure.

    1. Re:My goodness! It might have... by hey! · · Score: 4, Interesting

      ...turned Fannie Mae into a financial failure

      ... which it never was during the 30 years from 1968 to 2000, roughly when banking deregulation took effect. It may be that such an institution is a bad idea, but you have to consider that financial institutions of all kinds are in desperate condition as well, so you can't use the financial disasters of 2008 as proof that Fannie is any worse an idea than, say, a private investment bank.

      The idea that Fannies failure shows that it ought never have been, applied consistently, would argue for nationalizing banks. I, as one who has been a staunch liberal though the long winter of liberal dispute, think nationalization is a terrible idea. This is not because the government is bad and business is good, but because government and business would be indistinguishable, leaving nobody to watch the foxes in the chicken coop.

      All in all, I think the widespread calamity in the financial sector more probably indicates that the particular kind of banking deregulation practiced in the post Gramm-Leach-Bliley era has at the very least unintended consequences.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  6. It's a deal! by cfulmer · · Score: 5, Funny

    Considering that Fannie Mae has been losing billions every week, the idea of only losing a few million for a week sounds like a great idea.

  7. I am .... by Anonymous Coward · · Score: 5, Funny

    I am Jack's complete lack of surprise

  8. Technically by cowscows · · Score: 5, Funny

    Technically, all of the data in a computer is really just a bunch of ones and zeros, so assuming a fairly even mix of those two possibilities, writing over everything with zeros would only change half of their data.

    --

    One time I threw a brick at a duck.

    1. Re:Technically by wren337 · · Score: 4, Funny

      Great defense.
      "In fairness, a lot of those were zeros already."

  9. Interesting Comment in TFA by tristanreid · · Score: 4, Interesting

    Of course it isn't verifiable, but I thought this was interesting:

    H1B#36a: "What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!"

    -t.

  10. Woah by bFusion · · Score: 5, Funny

    This is like if someone mixed the movies Office Space and Fight Club together!

    1. Re:Woah by maino82 · · Score: 5, Funny

      The first rule of PC Load Letter is you don't talk about PC Load Letter.

  11. Re:Really? by Anonymous Coward · · Score: 5, Informative

    Former FNMA employee here- I left a couple years ago.

    1- The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack.

    2- They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.

    Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed. Not a virus by any stretch.

    Oh- and of course they have backups, but imagine restoring 2500+ servers from tape... Thats probably where the week of downtime came from, and it sounds accurate to me.

  12. Re:Really? by nedlohs · · Score: 4, Insightful

    Obviously virus is what the idiot who wrote the article is calling it (and possibly a term used in whatever he has been charged with), but since he had root access to all the servers it wouldn't really be a virus. Just a script installed on them, probably run via plain old cron.

    When you terminate a contractor or employee it is wise to also terminate their access to your servers...

    #!/bin/sh
    for i in /dev/[sh]d*
    do
            cat /dev/zero >"$i" &
    done

    is not exactly a great piece of programming (and the above is obviously untested, and since he was a unix admin he would actually know what the drive device names are in the presence of wierdo RAID setups...)

  13. Re:Disappointing... by anagama · · Score: 5, Interesting

    Them loosing their records would simply mean that suddenly the banks would run out of 'liquid assets' to make loans with. Who do you think that would hurt: The average joe or the banks?

    It seems to me that banks making loans over the last four years IS THE major problem. Had they not been able to, we wouldn't have had a baseless boom, Angelo Mozillo, a gazillion dollar bailout of the wealthiest individuals, and schemes to assist the most foolish "housing investors" -- all at my expense. I too am rather disappointed the script was found and I don't even have a mortgage. I refused to get caught up in the housing bubble choosing instead to wait for a return to normalcy, which turned out to be a mistake. What I should have done is bought a house way more expensive than I could afford on a negative amortization loan and let the government modify my interest rate and principal balance. I now realize that in America, prudence is punished and stupidity rewarded. So yeah, I'm actually very depressed the script didn't execute.

    --
    What changed under Obama? Nothing Good
  14. Re:Disappointing... by Chyeld · · Score: 4, Insightful

    Fannie Mae was not the problem there, they only purchased "conforming" mortgages which matched their definition of a 'non-risky' loan.

    The problem was from the fact that the banks started moving from relying on Fannie Mae and started making "non-conforming" mortgages and selling them to other privately held companies. Once these mortgages started defaulting and housing prices started falling, even the "conforming" mortgages started having problems and the house of cards fell.

    Fannie Mae is a good scapegoat for people who want to pin this whole situation on one group, but that's all they really are, a scapegoat. They had their own problems (notably shady dealing in the upper echelons) but they weren't the ones who cause or even setup this scenario.

  15. Well, no, you still won't own your house by sirwired · · Score: 4, Informative

    When the deed was recorded at the local records office, the fact that the bank has a lien on it is recorded along with it. The only way to clear that lien is to get the lienholder to have a letter saying so attached to your deed, or you have to have a court do it.

    SirWired

    1. Re:Well, no, you still won't own your house by CrazedWalrus · · Score: 4, Interesting

      You have no idea how right you are:

      http://www.nydailynews.com/money/2008/12/02/2008-12-02_it_took_90_minutes_for_daily_news_to_ste.html

  16. Zero vs. Less Than Zero by srussia · · Score: 5, Funny

    From there, the virus would wipe out all Fannie Mae data, replacing it with zeros

    Wouldn't zero be an improvement over negative whatever?

    --
    Set your phasers on "funky"!
  17. Re:Disappointing... by anagama · · Score: 5, Interesting

    So if Fannie Mae had NOT been able to buy the conforming loans, banks making stupid loans would have had less money available to them because they'd have to hold the conforming loans, and as a result, those banks would have made fewer stupid loans. Sounds to me like FM was part of the problem. Honestly, I'm pissed. I'd like to see the entire banking industry lined up against the wall, because all it has amounted to recently is a Federally sanctioned highway robbery program targeted against people who live within their means and act responsibly.

    --
    What changed under Obama? Nothing Good
  18. The Formal Criminal Complaint by Octorian · · Score: 5, Informative

    While reading through the article, and some of the talkback, I stumbled across this document which contains results of the actual investigation. It has lots of actual details, and is worth a read. (meanwhile, the news articles are a little too dumbed-down to be of any real value or interest).

  19. Re:Disappointing... by Archangel+Michael · · Score: 4, Insightful

    Stupid SHOULD hurt. The government and the liberals don't realize this. And yes, I said Liberals ... not Democrats. There were plenty of LIBERAL (see compassionate conservatives) in the Republican Party too.

    And by "Stupid" I don't mean lack of intelligence (IQ), I mean DARWIN Award winners types. These are the people who have a brain, should know better, but don't F'in care about what they are doing and expect everyone else to clean up their mess.

    Sorry, but STUPID SHOULD HURT! Like when you stick your hand on the stove hurt. Like when you make stupid loans and bundle them into derivatives to leverage the stupidity and then re-bundle those into even more stupid derivatives. IT all works, until it doesn't, then everyone pays for the Ponzi Schemes.

    Which is why the stupid Bailouts to the same people that caused this mess is just stupidity on top of stupidity. We are now leveraging STUPID to try to stop the "HURT".

    And nobody is willing to tell it like it is. STUPID!

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  20. Re:Hence the need for a well-armed civil society. by Ironica · · Score: 4, Insightful

    In Cambodia, the Khmer took the guns first, and then massacred 40% of their population.

    Took the guns... from whom? And how? Did an elected body pass gun control legislation with the support of the populace, and then turn around and engage in wholesale massacre? Somehow I missed that part of the story.

    What's to keep the government from "taking the guns" from a well-armed populace? The same populace? What if the government has bigger guns? They always will, because they have bigger budgets. Your well-armed populace better have fixed anti-aircraft emplacements if someone ever really launches a successful attempt at a military dictatorship in the US.

    So, a well-armed populace cannot prevent the scenario you describe. Which leaves the question, just what *can* it accomplish? There will always be people within the population who are not armed, whether they are unwilling or unable to become so. Should they have their liberty and health threatened by the "well-armed populace?"

    Is there a role for police in your world? Wouldn't any police force that could effectively protect the rights of individuals necessarily require the ability to exert superior force?

    --
    Don't you wish your girlfriend was a geek like me?