Internal Security Lapse Seen in Fannie Mae Case

Insider threats to data security via theft or sabotage are sure to rise, especially as companies increase employee layoffs during a bad economy. One sign of the times is the appearance of the infamous "logic bomb," a software bug timed to hose a company's network, typically planted by someone with network access.

Troubles at the Fannie Mae mortgage institution led to layoffs, and alleged employee sabotage. The case concerns Rajendrasinh Makwana, an IT contractor who once worked at Fannie Mae's office in Urbana, Md.

Makwana was indicted this week for allegedly planning a logic bomb that was set to go off on Saturday Jan. 31. Had it activated, it could have caused untold millions in damage and system downtime, Fannie Mae officials said.

If the allegation against Makwana proves true, it represents yet another example of a lapse in access control at a major company. Fannie Mae may not have acted quickly enough in revoking the former employee's network access.

Makwana's contract terminated at Fannie Mae as far back as October 24. His termination was associated with a cross-site scripting error that happened in late September. Yet, according to an FBI affidavit, he retained his access to systems after he left the building and the company.

Policy-wise, the incident clearly demonstrates that access to information systems needs to be terminated simultaneously with physical access to the server room, explained Ellen Libenson, vice president of product management at security firm Symark.

"Makwana was a contractor and consequently his exit 'processing' was not handled the same as a full-time employee. All the more reason to have a special, heightened procedure for contractors so it doesn't slip through the cracks," she said. Contractors may not be on HR's radar screen because they are handled differently in the payroll system, she explained.

If turning off someone's access is too time consuming because the IT staff has been reduced as a result of layoffs, enterprises should "knock these guys out ASAP and get to the lower level risk people when you can," Libenson suggested. "If you are forced to do triage, use your head about it."

Bad economic times may be resulting in an increased number of bank robberies, and perhaps cybercrime as well.

"Cybercrime is easy pickings right now," said Mandeep Khera, chief marketing officer at security firm Cenzic. "Corporations should proactively run security assessments on a regular and continuous basis and fix the vulnerabilities, so that even if someone internal has inserted malicious code, you can remediate it in a timely manner. If you have disgruntled employees and you haven't been securing your Web applications and infrastructure for vulnerabilities on a regular basis, chances are very high that you are at risk."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

  • Forklift Container

    A Better Way To Upgrade Hyper-V Storage

    It's time again for Brien to perform a major storage upgrade on his Hyper-V hosts. But this time, he's taking a new approach.

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.