Internal Security Lapse Seen in Fannie Mae Case

Insider threats to data security via theft or sabotage are sure to rise, especially as companies increase employee layoffs during a bad economy. One sign of the times is the appearance of the infamous "logic bomb," a software bug timed to hose a company's network, typically planted by someone with network access.

Troubles at the Fannie Mae mortgage institution led to layoffs, and alleged employee sabotage. The case concerns Rajendrasinh Makwana, an IT contractor who once worked at Fannie Mae's office in Urbana, Md.

Makwana was indicted this week for allegedly planning a logic bomb that was set to go off on Saturday Jan. 31. Had it activated, it could have caused untold millions in damage and system downtime, Fannie Mae officials said.

If the allegation against Makwana proves true, it represents yet another example of a lapse in access control at a major company. Fannie Mae may not have acted quickly enough in revoking the former employee's network access.

Makwana's contract terminated at Fannie Mae as far back as October 24. His termination was associated with a cross-site scripting error that happened in late September. Yet, according to an FBI affidavit, he retained his access to systems after he left the building and the company.

Policy-wise, the incident clearly demonstrates that access to information systems needs to be terminated simultaneously with physical access to the server room, explained Ellen Libenson, vice president of product management at security firm Symark.

"Makwana was a contractor and consequently his exit 'processing' was not handled the same as a full-time employee. All the more reason to have a special, heightened procedure for contractors so it doesn't slip through the cracks," she said. Contractors may not be on HR's radar screen because they are handled differently in the payroll system, she explained.

If turning off someone's access is too time consuming because the IT staff has been reduced as a result of layoffs, enterprises should "knock these guys out ASAP and get to the lower level risk people when you can," Libenson suggested. "If you are forced to do triage, use your head about it."

Bad economic times may be resulting in an increased number of bank robberies, and perhaps cybercrime as well.

"Cybercrime is easy pickings right now," said Mandeep Khera, chief marketing officer at security firm Cenzic. "Corporations should proactively run security assessments on a regular and continuous basis and fix the vulnerabilities, so that even if someone internal has inserted malicious code, you can remediate it in a timely manner. If you have disgruntled employees and you haven't been securing your Web applications and infrastructure for vulnerabilities on a regular basis, chances are very high that you are at risk."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

  • Microsoft FastTrack Support Extended to Microsoft 365 Defender Solutions

    The Microsoft FastTrack support program has been extended to Microsoft 365 Defender products for certain qualified subscribers, Microsoft indicated this week.

comments powered by Disqus