Fannie Mae worker found guilty of planting malware timebomb

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Fannie Mae
A computer programmer has been convicted after planting a malicious script, designed to destroy data from the servers of Fannie Mae, a US financial giant.

36-year-old Rajendrasinh Babubhai Makwana worked for three years as a software engineer contractor at Fannie Mae’s offices in Urbana, Maryland, and had access to all of the company’s almost 5000 servers.

Fannie Mae terminated Makwana’s employment at their 247,000 square foot Urbana Technology Center on October 24th, 2008, and within days found malicious code had been embedded on their systems designed to wipe out all data on their network at 9:00am on January 31st, 2009.

According to prosecutors, anyone trying to log in to the network on January 31st would have received a message saying “Server Graveyard”.

Sign up to our free newsletter.
Security news, advice, and tips.

Computer logs and analysis of Makwana’s laptop revealed that he was the instigator of the malware.

You can imagine just how damaging it could have been for the company if all of its data, including financial, securities and mortgage information, had been wiped. Even though it would be likely that the firm would have off-site backups that would not have been hit by the malware attack – it would still have been enormously disruptive for the company, at a time when confidence in the financial industry was quite rocky anyway. Indeed, the court heard evidence that it would take a week for the company to get its systems back up-and-running again.

More and more companies are being forced to make the difficult decision to make staff and contractors redundant in response to uncertain economic conditions. As I’ve described in the past, a disaffected employee could create havoc inside your organisation so make sure that appropriate security measures are in place.

Makwana is scheduled to be sentenced on December 8th, and could face a maximum penalty of up to 10 years in prison.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.