Former IT administrator charged with planting malicious code on mortgage lender's website

News by Dan Raywood

A former IT administrator has been indicted on charges of planting a malicious script to destroy data on all of the servers of a major US bank.

A former IT admin has been indicted on charges of planting a malicious script to destroy data on all of the servers of a major US bank.


Rajendrasinh Babubhai Makwana, who used to work for Fannie Mae at its Urbana Technology Centre in Maryland, set a computer time bomb that was designed to go off on the 31st of January 2009 at 9am.


He worked for the bank for three years as a computer engineer until his contract was terminated. During this time he had root access to all of the main systems, which the company failed to revoke until the evening of the day he left.


The federal court claimed that he devised the plan to bring the company operations down by replacing the entire financial data from all of the company's production servers with zeroes.

He apparently appended malicious code to a legitimate script and left a page-worth of blank lines between the two in order to avoid detection. This code was to be executed three months later, making it more difficult for the investigators to trace the incident back to him.

FBI Agent Jessica Nye, said in a sworn statement: “When the program ascertained it was January 31, 2009, it would copy the rest of the files from the ‘.soti' file from the dsysadm01
 server and run the script. The script would place a blocker on the monitoring system disabling any engineers from receiving a monitoring alert for any problems on any machines in the entire environment for 61 minutes.”


Investigators were able to determine that Makwana was responsible because the script upload was made from the IP assigned to his company-issued laptop.


He also sent a message from his Fannie Mae email address to his family, who were in India at the time, instructing them not to return to the U.S.


Nye said: “Had this malicious script executed, engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at Fannie Mae for at least one week. The total damage would include cleaning out and restoring all 4,000 servers, restoring and securing the automation of mortgages, and restoring all data that was erased.”




Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews