Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fannie Mae Worker Indicted For Malicious Script

Soulskill posted more than 5 years ago | from the good-thing-their-engineers-bailed-them-out dept.

Security 325

dfdashh writes "A former Fannie Mae contractor has been indicted by a federal grand jury in Baltimore, MD for computer intrusion. He attempted to propagate a malicious script throughout the company's 4,000 servers. The DC Examiner has details of the incident: 'Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week. ... The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the company's 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard." From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.'"

cancel ×

325 comments

Sorry! There are no comments related to the filter you selected.

erase my mortgage (5, Funny)

tritonman (998572) | more than 5 years ago | (#26655361)

the only thing that matters to me... will it erase my mortgage??!??!

Re:erase my mortgage (0)

Anonymous Coward | more than 5 years ago | (#26655389)

The writer of that script should be erased.

Re:erase my mortgage (2, Funny)

Anonymous Coward | more than 5 years ago | (#26656335)

Foreclosed upon with extreme prejudice.

Re:erase my mortgage (3, Interesting)

internerdj (1319281) | more than 5 years ago | (#26655467)

The more important question for me is if my mortgage gets erased do the records that I'm at least part owner of the property get erased or does the company just get the deed to my home? Well it was mortgaged, but we don't have the records anymore we'll just assume you owe the full purchase value of the property until you can prove otherwise.

Re:erase my mortgage (5, Informative)

jeff4747 (256583) | more than 5 years ago | (#26655639)

There would be records proving you own the home.

When you take out a mortgage, the deed is still in your name. That's one of the main reasons foreclosure is actually kind of a pain in the ass for banks. They have to get the house transferred to their ownership before they can sell it.

The deed is on paper in a filing cabinet in some county office (It's also stored electronically by the county). You should also have received a copy of it when you signed the flurry of paperwork when you bought the house.

Re:erase my mortgage (2, Interesting)

Hal_Porter (817932) | more than 5 years ago | (#26655917)

So if someone say nuked the Fannie Mae servers then millions of people would get free homes?

Re:erase my mortgage (1)

TheCarp (96830) | more than 5 years ago | (#26656063)

I think they would go back to the paper copies...but first the backups. Really data corruption/erasure is best if you can do the corruption before the backup cycle and not have it noticed until afterwards... but even then its just a matter of using older backups.

Barring that, I imagine they would go back to the paper docs. Of course, that wouldn't have payment history, so they would probably have to just assume that all the loans were current unless they could find evidence they were otherwise, and of course, ask the customers for information they have about extra payments that they made.

I think the reality is more like, a bunch of people would get credited for whatever payment information was just lost and unrecoverable.

-Steve

Well, no, you still won't own your house (4, Informative)

sirwired (27582) | more than 5 years ago | (#26656071)

When the deed was recorded at the local records office, the fact that the bank has a lien on it is recorded along with it. The only way to clear that lien is to get the lienholder to have a letter saying so attached to your deed, or you have to have a court do it.

SirWired

Re:erase my mortgage (1)

Sun.Jedi (1280674) | more than 5 years ago | (#26656079)

Ever hear of 'backups'? Even if Iron Mountain lost half the tapes on the way back to Fannie Mae (again)... there are digital records of your mortgage somewhere.

Surely you have copies of your payments, insurance, property taxes, etc to prove you don't owe the full amount listed on the closing contract, yes?

Re:erase my mortgage (1)

internerdj (1319281) | more than 5 years ago | (#26656153)

Of course I do but that doesn't mean that everyone is as careful as me and that the mortgage company would treat me as if I owed them less than the full amount until I proved otherwise if they lost ALL their records.

Re:erase my mortgage (0)

Anonymous Coward | more than 5 years ago | (#26656497)

That was an unnecessarily snarky post. Try to be happier, please! Life ain't so bad =)

Re:erase my mortgage (5, Funny)

tritonman (998572) | more than 5 years ago | (#26655801)

even if that were true... erase my mortgage, take my house, I go buy one the same size for half the price now!

Re:erase my mortgage (1)

auric_dude (610172) | more than 5 years ago | (#26655837)

Return you to Year Zero? Be careful what you wish for.

Re:erase my mortgage (1)

Hal_Porter (817932) | more than 5 years ago | (#26656251)

Very true. It amazes me that middle class anarchists believe that if the current society is obliterated it will be a net gain for them because a more equitable society will replace it. Historically you're much more likely to end up with a some sort of Pol Pot style nightmare.

As Jello Biafra put it in Holiday in Cambodia [www.last.fm]

So you been to school
For a year or two
And you know youve seen it all
In daddys car
Thinkin youll go far
Back east your type dont crawl

Play ethnicky jazz
To parade your snazz
On your five grand stereo
Braggin that you know
How the niggers feel cold
And the slums got so much soul

Its time to taste what you most fear
Right guard will not help you here
Brace yourself, my dear

Its a holiday in cambodia
Its tough, kid, but its life
Its a holiday in cambodia
Dont forget to pack a wife

Youre a star-belly sneech
You suck like a leach
You want everyone to act like you
Kiss ass while you bitch
So you can get rich
But your boss gets richer off you

Well youll work harder
With a gun in your back
For a bowl of rice a day
Slave for soldiers
Till you starve
Then your head is skewered on a stake

Now you can go where people are one
Now you can go where they get things done
What you need, my son.

Is a holiday in cambodia
Where people dress in black
A holiday in cambodia
Where youll kiss ass or crack

Pol pot, pol pot, pol pot, pol pot, etc.

And its a holiday in cambodia
Where youll do what youre told
A holiday in cambodia
Where the slums got so much soul

Re:erase my mortgage (1)

Mister Whirly (964219) | more than 5 years ago | (#26656445)

Let's lynch the landlord!

It won't erase your mortgage... but that's okay. (1)

Petersko (564140) | more than 5 years ago | (#26656373)

Hyperinflation will do that for you.

The First Rule of Fight Club (5, Funny)

rhathar (1247530) | more than 5 years ago | (#26655367)

We've gotta wipe the system, man. Give everyone a blank slate!

Re:The First Rule of Fight Club (1, Informative)

Ed Avis (5917) | more than 5 years ago | (#26655393)

Clearly he was just trying to announce NESARA [nesara.us] .

Fannie Mae (1)

mfh (56) | more than 5 years ago | (#26656049)

Land it in the Hudson.

but would it have had graphics? (5, Funny)

jollyreaper (513215) | more than 5 years ago | (#26655371)

Either a laughing skull and bones or an animated version of him as a bobblehead that pisses off Samuel L. Jackson with his hacker crap?

Shutdown operations for at least one week (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26655375)

Leading to a downturn in mortgages issued to people who have no chance of paying them back.

Sounds like a white hat to me.

Re:Shutdown operations for at least one week (0)

Anonymous Coward | more than 5 years ago | (#26655941)

Mod parent up!

Disappointing... (2, Interesting)

erroneus (253617) | more than 5 years ago | (#26655381)

The "Fight Club" guy in me would like to have seen that particular bomb go off. I know the damage would not have been , permanent, perfect or complete (That's what backups are for... right?) but still. Taking those financial giants down a peg might have tickled me. (It damn sure wouldn't have taught anyone any moral lessons or anything.

Re:Disappointing... (2, Informative)

Slumdog (1460213) | more than 5 years ago | (#26655645)

I know the damage would not have been , permanent, perfect or complete (That's what backups are for... right?)

Big companies only report successes. They report failures if its too big to hide.

Re:Disappointing... (1)

barneco (1353761) | more than 5 years ago | (#26655687)

What moral lessons are there to be learned? Don't hire hackers?

Re:Disappointing... (3, Insightful)

Chyeld (713439) | more than 5 years ago | (#26655705)

I'm guessing you don't really understand what Fannie Mae does if you think the folk taken down a peg would be the banks.

Fannie Mae purchased mortgages from banks to ensure the banks always had money on hand to make loans. They sold these mortgages as securities, guarantying the purchaser the money (paying it themselves if the mortgagee defaults).

Them loosing their records would simply mean that suddenly the banks would run out of 'liquid assets' to make loans with. Who do you think that would hurt: The average joe or the banks?

Let me give you a clue, it wouldn't be the banks. They'd just hold onto the mortgages they have and start foreclosing aggressively to come up with the assets they need.

Re:Disappointing... (5, Interesting)

anagama (611277) | more than 5 years ago | (#26655901)

Them loosing their records would simply mean that suddenly the banks would run out of 'liquid assets' to make loans with. Who do you think that would hurt: The average joe or the banks?

It seems to me that banks making loans over the last four years IS THE major problem. Had they not been able to, we wouldn't have had a baseless boom, Angelo Mozillo, a gazillion dollar bailout of the wealthiest individuals, and schemes to assist the most foolish "housing investors" -- all at my expense. I too am rather disappointed the script was found and I don't even have a mortgage. I refused to get caught up in the housing bubble choosing instead to wait for a return to normalcy, which turned out to be a mistake. What I should have done is bought a house way more expensive than I could afford on a negative amortization loan and let the government modify my interest rate and principal balance. I now realize that in America, prudence is punished and stupidity rewarded. So yeah, I'm actually very depressed the script didn't execute.

Re:Disappointing... (4, Insightful)

Chyeld (713439) | more than 5 years ago | (#26656007)

Fannie Mae was not the problem there, they only purchased "conforming" mortgages which matched their definition of a 'non-risky' loan.

The problem was from the fact that the banks started moving from relying on Fannie Mae and started making "non-conforming" mortgages and selling them to other privately held companies. Once these mortgages started defaulting and housing prices started falling, even the "conforming" mortgages started having problems and the house of cards fell.

Fannie Mae is a good scapegoat for people who want to pin this whole situation on one group, but that's all they really are, a scapegoat. They had their own problems (notably shady dealing in the upper echelons) but they weren't the ones who cause or even setup this scenario.

Re:Disappointing... (1)

liquidpele (663430) | more than 5 years ago | (#26655931)

Banks need the money to make loans... which are usually for a mortgage.... so they would foreclose aggressively to then turn around and take more mortgages?

Re:Disappointing... (1)

Chyeld (713439) | more than 5 years ago | (#26656271)

Banks don't make money (really, not much) on money sitting in their vaults. For them to make money, they have to invest it. Banks invest money by making loans. Some of those loans are home mortgages, some aren't.

Loans come with the expectation that they will be repaid.

In a 'nicer' time, banks might look at a person's situation before foreclosing after the first missed payment. But in lean times, missing a payment means distrupting the bank's own flow of money. It's better, in their head, to foreclose, sell to recoup what can be recouped, and reinvest in something else that is less likely to miss a payment.

Plus, banks were used to dumping risky mortages off onto other companies, and thus many have a fairly large stable of unstable mortages which may or may not make their payments. It's safer to foreclose those as quickly as possible and move the money to a more stable mortagee.

Obviously wasn't good/smart enough (0)

Anonymous Coward | more than 5 years ago | (#26655409)

Well now, if you are going to go big, go big or go home... this guy probably shouldn't have even left the house as he obviously wasn't smart enough to make the precautions that would have been necessary to hide his tracks..

But did it.... (5, Funny)

Phoenixhawk (1188721) | more than 5 years ago | (#26655411)

Look like he was flying through a cyberspace version of his city while he was doing it???

Really? (1)

ideonode (163753) | more than 5 years ago | (#26655415)

A virus that can propagate through an entire enterprise's array of servers, and then wipe out all data?

Most enterprises comprise a heterogeneous mix of servers of differing breeds. Getting a program to run on all of them, and then to gain access to data and transform it all in a single virus would be a great piece of programming, and any enterprise looking to hire an efficient data migration specialist or integration architect should consider hiring...

Re:Really? (1)

Phoenixhawk (1188721) | more than 5 years ago | (#26655503)

A virus that can propagate through an entire enterprise's array of servers, and then wipe out all data?

Most enterprises comprise a heterogeneous mix of servers of differing breeds. Getting a program to run on all of them, and then to gain access to data and transform it all in a single virus would be a great piece of programming, and any enterprise looking to hire an efficient data migration specialist or integration architect should consider hiring...

What Mix? They got the government discount at dell

Re:Really? (1)

Hal_Porter (817932) | more than 5 years ago | (#26656309)

You could still have a mix of OSs. E.g some Linux, some Windows, different OS versions and so on.

Maybe he used Perl. (0)

Anonymous Coward | more than 5 years ago | (#26655507)

Perl can do just about anything.

Re:Really? (2, Informative)

Opportunist (166417) | more than 5 years ago | (#26655551)

Not in the financial business.

Everything needs to be approved, certified and someone has to get a kickback. Only the former two are official, the third is most likely the reason for the first two because I, at least, couldn't find any other sensible explanation, but that's just how it is. To be allowed in some important network, this can be some auditing standard or information exchange, you almost certainly have to use one of the "approved" systems.

So it's quite likely, actually, that you find a monoculture of servers in financial companies. And guess what kind of monoculture it will be?

Re:Really? (2, Insightful)

Lumpy (12016) | more than 5 years ago | (#26655573)

Why?

Fanne May more than likely uses Server 2003 with MSSQL. and I'm betting all on the same domain with a global user list.

This would not a hard thing to do. 1 afternoon with VB and I can write the same thing. Hacker 101 stuff.

Most financial places have REALLY SHITTY IT security.

Re:Really? (1)

Amazing Quantum Man (458715) | more than 5 years ago | (#26655789)

Fannie Mae uses Tandem Nonstops.

Re:Really? (1)

fm6 (162816) | more than 5 years ago | (#26655939)

Don't you mean HP Nonstops? Or have they not upgraded their hardware since Tandem went away?

Re:Really? (1)

Amazing Quantum Man (458715) | more than 5 years ago | (#26656327)

Yes, I mean HP. I work with a bunch of ex-Tandem types, so they call them 'Tandems'. I picked up that nomenclature.

Re:Really? (5, Informative)

Anonymous Coward | more than 5 years ago | (#26655675)

Former FNMA employee here- I left a couple years ago.

1- The vast majority of their servers run Solaris- this wasn't some sort of cross-platform attack.

2- They have an infrastructure that allows a single admin server to execute commands on the entire farm simultaneously.

Suddenly being able to wipe out everything doesn't sound too difficult does it? From what I heard from friends- it was just a couple lines of shell, and it was discovered because there was a typo, and script to failed. Not a virus by any stretch.

Oh- and of course they have backups, but imagine restoring 2500+ servers from tape... Thats probably where the week of downtime came from, and it sounds accurate to me.

Re:Really? (4, Insightful)

nedlohs (1335013) | more than 5 years ago | (#26655685)

Obviously virus is what the idiot who wrote the article is calling it (and possibly a term used in whatever he has been charged with), but since he had root access to all the servers it wouldn't really be a virus. Just a script installed on them, probably run via plain old cron.

When you terminate a contractor or employee it is wise to also terminate their access to your servers...

#!/bin/sh
for i in /dev/[sh]d*
do
        cat /dev/zero >"$i" &
done

is not exactly a great piece of programming (and the above is obviously untested, and since he was a unix admin he would actually know what the drive device names are in the presence of wierdo RAID setups...)

Re:Really? (1)

fahrbot-bot (874524) | more than 5 years ago | (#26655843)

Getting a program to run on all of them, and then to gain access to data and transform it all in a single virus would be a great piece of programming...

You obviously underestimate the power of VB script my friend. :-)

Why care? (0)

Anonymous Coward | more than 5 years ago | (#26655423)

What's the fuss all about? I'm sure they've got everything reliably backed up on tape...right? right???!?!?

Re:Why care? (1)

robthebloke (1308483) | more than 5 years ago | (#26655619)

I'm pretty sure they were going to do an rm -rf* on all data anyway, as part of the ongoing write-downs....

Back to a more serious note. The summary does hint it would have taken them down for a week, so I assume they have some form of backup and recovery in place...

Moron Fannie Mae Worker +1, Insightful (0)

Anonymous Coward | more than 5 years ago | (#26655435)

He should have had it wipe out WINDOWS !

I hope this helps your next malicious script.

Yours In Socialism,
Kilgore Trout

"Rajendrasinh Babubhai Makwan"? (1)

Rogerborg (306625) | more than 5 years ago | (#26655437)

Any comment at this point would bring the Political Correctness Police down on me like a horde of avenging non-denominational metaphysical winged beings.

Re:"Rajendrasinh Babubhai Makwan"? (1)

MightyYar (622222) | more than 5 years ago | (#26655501)

Yeah, but his friends call him "Raj".

Re:"Rajendrasinh Babubhai Makwan"? (2, Funny)

Phoenixhawk (1188721) | more than 5 years ago | (#26655813)

Yeah, but his friends call him "Raj".

My gods man, have you never placed a call to tech support, his name is (Tom, Mike, George, or Larry)

Re:"Rajendrasinh Babubhai Makwan"? (0)

Anonymous Coward | more than 5 years ago | (#26655647)

My guess (by his name) is that this is not an American citizen. Frankly, that's what they get for dropping American workers for those cheap H1B's.

Security is a process (1)

Covert Penguin (1094443) | more than 5 years ago | (#26655447)

Bruce Schneier is right; security is a process, not a product. The internal threats are just as great, if not greater, than the external ones.

Re:Security is a process (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26655561)

Bruce Schneier is right; security is a process, not a product. The internal threats are just as great, if not greater, than the external ones.

And it appears their security process was rather good - they caught and stopped the threat in time.

Re:Security is a process (2, Insightful)

Bert64 (520050) | more than 5 years ago | (#26656249)

Because of a bug in the script which made it error...

My goodness! It might have... (5, Funny)

Petersko (564140) | more than 5 years ago | (#26655451)

...turned Fannie Mae into a financial failure.

Re:My goodness! It might have... (1, Funny)

Anonymous Coward | more than 5 years ago | (#26655547)

"Fixed that for you" and "...you insensitive clod!" are hilarious. They will never die.

Fixed that for you, you insensitive clod.

Re:My goodness! It might have... (4, Interesting)

hey! (33014) | more than 5 years ago | (#26656133)

...turned Fannie Mae into a financial failure

... which it never was during the 30 years from 1968 to 2000, roughly when banking deregulation took effect. It may be that such an institution is a bad idea, but you have to consider that financial institutions of all kinds are in desperate condition as well, so you can't use the financial disasters of 2008 as proof that Fannie is any worse an idea than, say, a private investment bank.

The idea that Fannies failure shows that it ought never have been, applied consistently, would argue for nationalizing banks. I, as one who has been a staunch liberal though the long winter of liberal dispute, think nationalization is a terrible idea. This is not because the government is bad and business is good, but because government and business would be indistinguishable, leaving nobody to watch the foxes in the chicken coop.

All in all, I think the widespread calamity in the financial sector more probably indicates that the particular kind of banking deregulation practiced in the post Gramm-Leach-Bliley era has at the very least unintended consequences.

It's a deal! (5, Funny)

cfulmer (3166) | more than 5 years ago | (#26655453)

Considering that Fannie Mae has been losing billions every week, the idea of only losing a few million for a week sounds like a great idea.

Re:It's a deal! (0)

Anonymous Coward | more than 5 years ago | (#26655559)

How much do you suppose all of the banks and credit unions that depend on Fannie Mae would have lost?

Re:It's a deal! (2, Funny)

Opportunist (166417) | more than 5 years ago | (#26655603)

"Your honor, I didn't want to cause damage, actually, I wanted to help save a little money by only damaging them for a few millions so they cannot blow billions of taxpayer money this week"

I am .... (5, Funny)

Anonymous Coward | more than 5 years ago | (#26655487)

I am Jack's complete lack of surprise

IP (1)

jaguth (1067484) | more than 5 years ago | (#26655489)

An Internet Protocol address was eventually linked to Makwanaâ(TM)s company-issued laptop, Nye wrote. He was arrested Jan. 7.

The report is obviously not a techy. Its "IP Address"!

Re:IP (1)

Qzukk (229616) | more than 5 years ago | (#26655523)

The report is obviously not a techy. Its "IP Address"!

But is the reporter a science guy?

Re:IP (1)

Java Pimp (98454) | more than 5 years ago | (#26655605)

The real question is how did they prove he was the person at the keyboard at the time the IP address was used?

ZING!!

Re:IP (2, Interesting)

bsane (148894) | more than 5 years ago | (#26655857)

They don't need to, I'm sure that:

1- he was fired that day
2- the edits came from his account
3- the login came from his workstation

Thats more than enough evidence to convict, unless he can prove otherwise. Don't think you need to be caught red-handed with photographic proof to be sent to prison. Circumstantial evidence is more than enough unless you have a good defense.

Re:IP (2, Insightful)

Chaos Incarnate (772793) | more than 5 years ago | (#26656477)

Depends on the jury you get.

Technically (5, Funny)

cowscows (103644) | more than 5 years ago | (#26655493)

Technically, all of the data in a computer is really just a bunch of ones and zeros, so assuming a fairly even mix of those two possibilities, writing over everything with zeros would only change half of their data.

Technically yerself (0, Offtopic)

starglider29a (719559) | more than 5 years ago | (#26656197)

A) "...all of the data in a computer ***ARE*** really just a bunch..."
B) "...just a bunch of ones ***OR*** zeros..."

Technically yerself, yerself (1)

starglider29a (719559) | more than 5 years ago | (#26656257)

C) ***zeroes***

Damn, copy/paste

Re:Technically yerself (1)

cowscows (103644) | more than 5 years ago | (#26656347)

Thanks.

Re:Technically (4, Funny)

wren337 (182018) | more than 5 years ago | (#26656261)

Great defense.
"In fairness, a lot of those were zeros already."

That is why (1)

hansraj (458504) | more than 5 years ago | (#26656429)

any hacker worth his/her salt should have changed all the ones to zeros and all the zeros to ones! N00BS!!

This just had to be he one thing they get right (1)

Zolodoco (1170019) | more than 5 years ago | (#26655517)

What could have been. On the other hand. It could also have been Fannie Mae execs attempting to cover up illegal activities and fraud. In that case, nice catch!

Interesting Comment in TFA (4, Interesting)

tristanreid (182859) | more than 5 years ago | (#26655541)

Of course it isn't verifiable, but I thought this was interesting:

H1B#36a: "What wasn't reported was that the contractor was fired for writing a script poorly, that caused the failover over of a number of High-Availablitity production servers. His "landmine/timebomb" script was found through his same poor scripting skills. Whatever doping manager that hired that guy should be fired too, along with his director and VP!"

-t.

Re:Interesting Comment in TFA (1)

bsane (148894) | more than 5 years ago | (#26655881)

Thats sounds like the FNMA I know :-)

Ha, Yeah, that old gag. (0)

corychristison (951993) | more than 5 years ago | (#26655565)

Are you sure it was actually malicious?

I remember I was accused of malicious behaviour when my teacher say me writing HTML code. I was banned from use of any computer in the building until I hit high school.

(yea, yea.. this is a little more serious. I know.)

Re:Ha, Yeah, that old gag. (1)

Galactic Dominator (944134) | more than 5 years ago | (#26656305)

One would think if the sys admin's who opted in reporting this issue and provided technical details to law enforcement would know whether it was actually malicious.

If you were caught using a blink or marquee tag, then you owe your teacher a debt of gratitude.

I got a hearing front of the superintendent for ctrl-C'n out of a batch login prompt, and playing a $5 star trek diskette from a magazine type distribution. They threatened expulsion, but settled for a string of Saturday detentions. I'm glad that happened in the mid 90's, cause who knows the string of felonies you'd be hit with now on it.

Woah (5, Funny)

bFusion (1433853) | more than 5 years ago | (#26655577)

This is like if someone mixed the movies Office Space and Fight Club together!

Re:Woah (5, Funny)

maino82 (851720) | more than 5 years ago | (#26655963)

The first rule of PC Load Letter is you don't talk about PC Load Letter.

So what they're saying... (1)

Murpster (1274988) | more than 5 years ago | (#26655583)

Fannie Mae doesn't keep backups of their critical data? Awesome. No wonder they're so successful!

Re:So what they're saying... (2, Informative)

dfdashh (1060546) | more than 5 years ago | (#26655793)

Fannie Mae most certainly does have backups. Having a backup and the time to recover said backup, though, are two very different things.

Might have been a good idea... (1)

CannonballHead (842625) | more than 5 years ago | (#26655597)

Maybe it would have gotten rid of them (should have happened when they went bankrupt, like what happens to most companies)...

Slightly sarcastic, but with a point.

Public flogging (1, Offtopic)

m0s3m8n (1335861) | more than 5 years ago | (#26655753)

It's high time for a public flogging.

obviously came to FNME from a wall street bank (1)

swschrad (312009) | more than 5 years ago | (#26655859)

this is their business model over there.

He should be forced (1)

bugeaterr (836984) | more than 5 years ago | (#26655863)

To have an affair with Barney Frank

Wow.. millions?! (0)

Anonymous Coward | more than 5 years ago | (#26655913)

Gosh, what would they do if they lost millions? They're so used to losing billions they'd probably keep accidentally adding extra zeros to the end.

That guy is an asshole (0)

Anonymous Coward | more than 5 years ago | (#26655919)

I'm referring to the guy that pointed out the virus of course. The act of placing a virus to erase the data was an act of great heroism. It would have been great if it worked.

don't tell me (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26655925)

lemme guess! he was a muslim...

So much for (1)

hey! (33014) | more than 5 years ago | (#26655933)

cinema's next The Devil Wears Prada.

Millions of dollars worth of damage? (1)

MSTCrow5429 (642744) | more than 5 years ago | (#26656005)

What about the billions or trillions of dollars of damage done to the taxpayers by Fannie Mae, and its incestuous twin, Freddie Mac? Anyone attempting to take out this job-killing, economically destructive abomination is a patriot.

Why oh why (3, Funny)

geekoid (135745) | more than 5 years ago | (#26656111)

couldn't somebody at the credit company do this...and not get caught?

Zero vs. Less Than Zero (5, Funny)

srussia (884021) | more than 5 years ago | (#26656135)

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros

Wouldn't zero be an improvement over negative whatever?

That's okay (1)

RyoShin (610051) | more than 5 years ago | (#26656139)

They might have gone down for a few days, but surely they have recent system back-ups to restore from, and daily backups to restore the data from. ...Right? Please?

Re:That's okay (1)

Greyfox (87712) | more than 5 years ago | (#26656387)

I'm going to guess based on every company that I've ever worked for that execution of this script would have been followed by the sinking realization that the backups were for some reason or other not viable.

Furthermore based on the level of ineptitude already displayed by Fannie Mae, I wouldn't hold out much hope that they even run backups.

They can probably go back and get all the information off paper records though...

Now check who sold FNM short (1)

kerubi (144146) | more than 5 years ago | (#26656205)

I wonder, wouldn't this be a quite effective way to manipulate stock value?

Is it possible to short sell FNM, there were limitations on finance companies in place at some point?

I see how he did it... (2, Insightful)

rickb928 (945187) | more than 5 years ago | (#26656219)

They fired him. And let him have some access before he left.

Not a good idea. Sadly, you have to be aware of the threat. If you're firing someone with admin access, you should meet with them in a room without a workstation, explain the situation, and send them back to their desk to clean it out - with a monitor to ensure their workstation stays turned off.

While you're having the meeting, someone shuts down their workstation, disables network access, and - if not concurrently - immediately revokes their privileges. You do not finish the meeting until you receive confirmation that they no longer have access. Usually you have to let them be interviewed before you can kill their access, since some people get suspicious when they can't sign on. Forbid that the Help Desk will assist them in resetting their password. You gotta kill their privileges. The ideal scenario is letting them sign on but have no access to anything. After they are gone, then you can reset the password. Some systems need the access left in place to do forensics or establish their replacement (a sign of inadequate documentation) and thus you have to resort to the password trick.

If in doubt, I've cut their network cable right off, or even superglued blank plugs in their office jacks while I go back over their privileges. I can replace the jacks easily.

An unfortunate oversight. Some places have this 'exit interview' with security present. Some, Like Fannie Mae back then, don't think it through.

Can't be too careful.

Here, I work in a fairly secure environment. In spite of that, some of my IDs got associated with another employee with the (mostly) same name, go figure. He left at the end of the year. I've been getting access established to many systems as our security group has dutifully deleted my access as his. Too damned efficient.

Down side (0)

Anonymous Coward | more than 5 years ago | (#26656279)

Yes. But what is the downside to all of this?

PROSECUTE PIGMEN MANAGEMENT! (0)

Anonymous Coward | more than 5 years ago | (#26656467)

Astonishing isn't it? If you steal an apple from a street vendor you get the billyclub. This guy will probably be punished in some way. If you wreck an economy we will probably loan you more money to "fix" the problem, and at very worst we'll send you out the door with a really fat bonus. Oh the pain, the pain....

Kinda wish... (1)

jasontromm (39097) | more than 5 years ago | (#26656495)

There's a perverse side of me that kinda wishes the guy had succeeded. I'd love to see the government brought down a couple of notches.

I have always said this is the wrong approach (1)

csoto (220540) | more than 5 years ago | (#26656501)

The "Fight Club" style of "getting back at the Man" isn't very practical. There would be some period of disarray, but if you really want to screw things royally, you would introduce random, but very small data errors that hopefully get overlooked. Over time, these affect the balance sheets, the "business algorithms" in place, and generally make it a nightmare to figure out how to fix things. All of this "silent data corruption" would be propagated to disaster recovery systems. Your "backup tapes" would basically contain a perfect copy of bad data. Yes, eventually, you could find the point at which the "disaster" occurred and go back to that time, but if days, weeks, months have passed, how do you replay all of those transactions from that point on? The bank (market, economy, etc.) is screwed.

Yes, this is a little like the "Superman 3 Salami Slicing Fraud" but the only reason that gets flagged is because there is a net output from the balance sheet. If everything just got twisted up internal to the bank, it would be much easier to hide.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>