Fannie Mae Unix Script Attack Thwarted – Insider Arrested

Reacties · 17 Uitzichten

Discover how a malicious Unix script thwarted a revenge act against Fannie Mae, highlighting cybersecurity vigilance and the importance of prompt threat detection.

A supposed act of revenge against Fannie Mae was thwarted when engineers found a covert, destructive script tucked into a routine Unix file, and the suspect — 35-year-old Rajendrasinh Babubha Makwana — was taken into custody.

Makwana, an Indian national working for an Omnitech subcontractor as a Unix engineer at Fannie Mae’s Urbana, Maryland site, was dismissed on October 24 after he accidentally deployed a script that altered permissions on company Unix servers. He was told of his termination about 1:30 p.m., emailed his employer from his Fannie Mae laptop around 2:00 p.m., and surrendered his badge and laptop later that afternoon; however, network access remained available to him until roughly 4:30 p.m., and wasn’t cut entirely until later that evening.

Five days later, on October 29, a Fannie Mae engineer noticed something odd: a legitimate administrative script had an extra blank page near its end — and beyond that page an additional, malicious routine. That discovery prompted an immediate lockdown of server access while staff combed through logs. The audit traced the malicious file’s upload to the account “s9urbm” during the afternoon of October 24, shortly after Makwana’s termination discussion.

The hidden code was engineered to trigger on January 31, 2009 (a Saturday), and its sequence was alarming. First it would disable the company’s monitoring alerts, then cut login access to two production machines, followed by all production, contingency, and backup servers. It would erase logs that could reveal the attacker’s trail, remove root-password appliance protections, enumerate systems holding company data, overwrite stored data with zeros, cripple backup software, and finally power down machines — effectively preventing remote reboots across Fannie Mae’s roughly 4,000 servers. The routine even included a secondary stage to repeat the damage from another production host.

One vigilant engineer — identified only as “sk” in the affidavit — spotted the appended code and likely prevented a much larger disaster. Fannie Mae officials locked systems, performed extensive scans, and spent thousands of dollars on shutdown and forensic efforts to ensure no additional payloads remained. Had the script succeeded, company losses could have been orders of magnitude higher.

The case also highlights a preventable window of vulnerability: the three-hour span after Makwana was notified of his firing but before his network access was fully revoked. According to a Symark International survey cited in the affidavit, more than 30% of companies take at least three days to terminate former employees’ accounts, 12% require longer than a month, and 15% reported that orphaned accounts have been used to access corporate servers.

Makwana is being held on $100,000 bail while awaiting trial. His public defender has indicated he will plead not guilty. The incident underscores the importance of immediate access termination and strict offboarding procedures to prevent disgruntled insiders from inflicting costly damage.

Why People Need VPN Services to Unblock Porn

Why People Need VPN Services to unblock porn, many users rely on VPNs to unblock porn by masking their IP address, encrypting connections, and slipping past workplace, school, or country filters so their browsing remains private and less traceable. Porn unblocked is simply the state of being able to reach adult sites despite geographic or administrative blocks, usually achieved with VPNs or proxies that reroute traffic through permissive locations while minimizing exposure.

Why Choose SafeShell VPN to Access Adult Content

If you're looking to unblock porn sites that are restricted in your region, SafeShell VPN offers a comprehensive solution that ensures both access and privacy. SafeShell VPN provides several key benefits that make it an ideal choice for accessing adult content:

  1. Military-grade encryption that keeps your browsing activities completely anonymous, preventing ISPs or network administrators from monitoring your online behavior
  2. Global server network that allows you to bypass regional restrictions and access adult content from anywhere in the world
  3. The exclusive ShellGuard protocol that makes your VPN connection undetectable, helping you circumvent even the strictest content filters
  4. Lightning-fast connection speeds that eliminate buffering issues when streaming high-definition adult content
  5. Innovative App Mode feature that lets you access content from multiple regions simultaneously without switching servers
  6. Support for up to five devices at once, ensuring you can unblock porn sites on all your devices with a single subscription

How to Use SafeShell VPN to Unlock Porn Sites

To access adult content across different regions using SafeShell VPN, follow this revised procedure:

  • First, download the SafeShell VPN application from your device's official app store or the provider's verified website
  • Next, install the application and launch it to begin the setup process through the intuitive interface
  • Create your SafeShell VPN account using a valid email address and secure password credentials
  • Subscribe to a suitable SafeShell VPN plan that meets your streaming requirements and budget
  • Within the application, navigate to the server selection menu and choose a low-latency server location matching your desired content region
  • Enable the VPN connection toggle to establish a secure tunnel protected by military-grade encryption protocols
  • Verify your new IP address location through SafeShell VPN's built-in IP checker tool before browsing
  • For optimal privacy, activate the kill switch feature within SafeShell VPN settings to prevent data leaks
  • Finally, access your preferred platforms while SafeShell VPN maintains AES-256 encryption throughout your session
Reacties