Along with the ugly and constant news of layoffs comes reports like this latest one about a fired contractor at Fannie Mae who allegedly tried to create a “Server Graveyard.”
Rajendrasinh Makwana worked for three years for a subcontractor of OmniTech as a Unix engineer at Fannie Mae. According to this report at Betanews, his malicious script, if it had worked, would have first disabled the server monitoring system, then gone on to disable logins to production, contingency and backup servers, cleaning out the servers logs to erase its path. More – all data was to be replaced with zeros, the backup software would be wiped and all 4000 of Fannie Mae’s servers would be powered down and remote restart disabled.
Quite a plan – and all supposedly executed in the three hours and 15 minutes between being notified by HR that he was being fired and actually turning in his badge and laptop. For someone who was fired for “coding incompetence,” conceiving and executing this thing in that timeframe is scarily competent. BUT it didn’t work, and beyond criminal charges and 10 possible years in prison, perhaps that’s as appropriate a wrap-up commentary as any.
Apparently, it was another Unix engineer at Fannie Mae that actually noticed the blank page and then the malicious script kick-off at the end of a legitimate script that was set to run on Jan 31 (a Saturday of all things). Between the engineers and the FBI who investigated the case, it’s believed that the script, had it done what it was supposed to do, would have caused “millions of dollars in damage, and possibly shut down operations for a week.” It would be nice to think this guy would get more than a pat on the back for foiling the plot – a nice bonus, a long paid vacation, Saturdays off or perhaps just a “guarantee” that his job is safe. (I think the bar is probably a lot lower these days.)
So let’s compare Makwana just for a second with Terry Childs. And just for giggles, let’s throw in Viktor Savtyrev, a sysadmin in NJ who got laid off with severance in November of last year and then in a series of emails and recorded phone calls, threatened to cause extensive damage to the company’s servers if he didn’t get more severance, extended medical coverage and “excellent” job references. Allegedly he also said he’d get his “comrades from Belarus” to help him hack into the company’s servers.
Makwana is out of jail on $100,000 bail. Savtyrev is confined to his home after putting up $200K for bail. Terry Childs has been in jail since July of last year with bail set at a whopping and for him unreachable $5 million.
If you look at what Makwana and Savtyrev supposedly tried to do, it’s pretty clear that in both cases they would have been malicious attacks designed to do as much damage as possible to their respective companies. Terry Childs, on the other hand, has always maintained that he was in fact trying to protect San Francisco’s network from legitimate security vulnerabilities. In all three cases, the only one whose “plan” actually worked, if you could call it that, is Childs’ – who for a week last July locked the other administrators out of the city’s FiberWAN network and would only give up the passwords to the mayor. So is that the $5 million difference – intent vs actual competence? But in that case, the city still has a ways to go to convince many IT professionals out there that Childs, control freak or not, actually intended to do harm.
David Link is president and CEO of ScienceLogic. He and his partners built a thriving company from the ground up by focusing on delivering “products that just work” to the underserved IT infrastructure management marketplace. He has held senior management and corporate officer positions at large public companies.