Ex-Fannie Mae worker charged with planting computer virus
According to the D.C. Examiner, a virus, allegedly planted by an
ex-employee, was recently discovered among Fannie Mae’s 4,000 computer
servers. The virus would have first disabled the companies’ computer
monitoring systems, then restricted all employee access, begin erasing all of
the companies’ data, and finish by shutting down every machine. According to
prosecutors, this would have caused millions of dollars worth of damage,
understandably, and halted all of Fannie Mae’s computer operations for at
least a week.
The article is somewhat vague on how or when the virus was found, but
some of the dates connected with the article provide cause for alarm. The
employee allegedly responsible was fired on October 24th for attempting to
tamper with certain server’s settings. The virus mentioned in this article,
however, was installed before this date, and set to attack on January 31st.
The article was written two days before this would happen on the 29th, leading
one to believe that the virus was hidden amongst Fannie Mae’s code for at
least several months before being discovered. The company should be commended
for recognizing a possible insider attack in October when they fired the
employee, however perhaps they could have done more to investigate the actions
of that employee such that this potentially devastating virus could have been
found earlier.
This story, and ones similar, emphasize how crucial it is for
companies to protect themselves from insider attacks. These precious servers
cannot exist in isolation, however their access and updates need to be
strictly monitored in order to minimize the risk of malicious software being
installed by trusted parties. Arbiters of these systems could consider
personally approving every update pushed onto a server, and installing a
security system that would only allow these changes to be made, however this
in and of itself presents its own problems. This solution might not be
feasible for large scale systems, and also one might imagine another slough of
security holes in the new update monitoring system. At a more fundamental
level, this solution really only moves the burden of trust up the chain of
command, and thus the same insider vulnerabilities arise, albeit for a
smaller and more trusted set of individuals. The best security from these
forms of attacks may be deterrence, by enacting strict punishments and hard
jail-time for perpetrators of these attacks. The threat of arson charges
deters disgruntled employees from burning down office buildings, perhaps
similarly draconian laws regarding computer intrusion would better deter
attacks such as these.
Article: http://www.dcexaminer.com/local/012909-Ex-Fannie_Mae_worker_charged_with_planting_computer_virus.html
Comment by Brent Couvrette
January 30, 2009 @ 10:49 pm
There are definitely numerous things that could have been done to prevent this sort of thing from happening. One such thing is having a looming threat of punishment as you mentioned. Another technique that would likely be equally effective would be improving overall working conditions. An employee who is very happy with their job will have much less motivation to attack their employer. Lastly, when firing employees, it is critical to cut off their access to vital systems, limiting their ability to retaliate with malware like this.