Usually when an Internet or network security-related news story breaks -- dangerous malware, hacker attacks, etc. -- you read a bunch of quotes from "experts" issuing dire warnings of more to come or offering advice on how to prevent similar threats.
Sometimes these opinions are solicited by journalists and bloggers, and sometimes the "experts" actively look to get quoted to raise their visibility. Both parties, in a way, are trying to capitalize on the "scare" story in question. It's how the information ecosystem operates, and to a certain extent many of these follow-up articles should be taken with a grain of salt.
But I don't think that's the case
here:
The contracted Fannie Mae engineer indicted
Tuesday by the Justice Department for allegedly planting a logic bomb
represents the beginning of a trend of insider attacks responding to
layoffs and job insecurity because of the weak economy, experts say.
"To me, this is the tip of the iceberg," said Mandeep Khera, chief
marketing officer of security company Cenzic. "If a small percentage of
these IT workers are going to the dark side, they could potentially
cause a lot of damage."
Federal investigators indicted Rajendrashinh Makwana, 35, a contracted Unix
engineer for mortgage finance company Fannie Mae, for allegedly
embedding malicious code known as a logic bomb in the mortgage lender's
computer network, which was set to detonate on Jan. 31, 2009.
Had the attack been successful, the malware
could have destroyed the entirety of the data on all 4,000 of the
mortgage finance company's servers and shut down the company for a
week, experts say.
The malware in Fannie Mae's servers was thwarted when another
engineer detected the malicious code, embedded with legitimate script.
However, experts say that in many other cases, malicious code planted
from the inside might not be so easily detected, especially in smaller
and midsize companies with limited IT personnel and resources.
According to the ChannelWeb article, Makwana was fired last Oct. 24 for a scripting error he made earlier that month. The error was determined by investigators not to be malicious, but Makwana's reaction to his dismissal was, they allege.
Here's the first big lesson for enterprises: Makwana was told he was fired at 2 p.m. that day, but didn't leave the building until 4:45 p.m. Even more amazing, his server access wasn't terminated until 10 o'clock that night! Who knows whether it was a simple oversight, whether someone decided they had more important priorities at the moment than to follow through on termination procedures, or whether Fannie Mae's termination procedures were lax. To me an eight-hour gap between firing someone and cutting them off from the server is incredibly dumb -- especially when that someone has the skills to do some real damage.
We can speculate endlessly about whether Makwana's dismissal was justified or insensitively handled. Indeed, several commenters to the ChannelWeb article have taken the opportunity to complain about how poorly tech workers can be treated, how their anger is justified when CEOs and other fat-cats continue to siphon off money in bonuses while the global economy melts down and layoffs reach epidemic proportions. You'll
never hear me argue otherwise. My point is that as the economy continues to spiral downward, enterprises have an obligation to protect themselves from retaliation damage. That means putting termination policies in place and following them. If they don't, and the result is a blown-up network, it likely could mean more jobs lost.
But don't take my word for it. Listen to the expert quoted by ChannelWeb:
"I bet there's a lot more malicious code and a lot more hidden
back doors that are being exploited," Khera said. "We'll hear about
some of the big ones. We won't hear about a bunch of them that will
never get caught."
This is one "scare" story I believe.
Comment and Contribute
