Fannie Mae Gets Lucky
14/03/09 22:47
Blog post
Fannie Mae engineer indicted for planting server bomb OR
Fannie Mae gets lucky.
An IT person working for Fannie Mae wrote a script to delete accounts and overwrite the hard disk on an estimated 4000 servers. This could have been a disaster for Fannie Mae; I cannot imagine how long it would take to restore even 100 servers, not 4000.
He was let go after, “"erroneously created a computer script that changed the settings on the Unix servers without the proper authority of his supervisor,"
After being let go, his account was still enabled for several hours. During that time, he wrote the script to delete all the accounts.
An IT person is your most dangerous “hacker”. An It person is much more dangerous than legions of hackers out of China. (insert your favorite country here…) They have already by-passed your firewall, and they know the passwords to all the systems.
Best Practices:
When an IT person is terminated, their account should be disabled immediately; they should be escorted off the premises, and not allowed to touch any computers. This includes being escorted back to their desk to get personal belongings. If they knew other passwords, to shared accounts, to the network \ routers \ firewalls, etc, these passwords should also be changed immediately.
This sounds like a lot of work, but it is a lot less work than trying to restore servers from tape backup.
Read the article here:
http://www.infoworld.com/article/09/01/29/Fannie_Mae_engineer_indicted_for_planting_server_bomb_1.html
Fannie Mae engineer indicted for planting server bomb OR
Fannie Mae gets lucky.
An IT person working for Fannie Mae wrote a script to delete accounts and overwrite the hard disk on an estimated 4000 servers. This could have been a disaster for Fannie Mae; I cannot imagine how long it would take to restore even 100 servers, not 4000.
He was let go after, “"erroneously created a computer script that changed the settings on the Unix servers without the proper authority of his supervisor,"
After being let go, his account was still enabled for several hours. During that time, he wrote the script to delete all the accounts.
An IT person is your most dangerous “hacker”. An It person is much more dangerous than legions of hackers out of China. (insert your favorite country here…) They have already by-passed your firewall, and they know the passwords to all the systems.
Best Practices:
When an IT person is terminated, their account should be disabled immediately; they should be escorted off the premises, and not allowed to touch any computers. This includes being escorted back to their desk to get personal belongings. If they knew other passwords, to shared accounts, to the network \ routers \ firewalls, etc, these passwords should also be changed immediately.
This sounds like a lot of work, but it is a lot less work than trying to restore servers from tape backup.
Read the article here:
http://www.infoworld.com/article/09/01/29/Fannie_Mae_engineer_indicted_for_planting_server_bomb_1.html