SITUATION SUMMARY

A fired Unix engineer working as a contractor at a Fannie Mae facility in Maryland stands accused of planting a malware time bomb, set to go active on January 31, 2009, that had the potential to destroy countless computer files.

SITUATION ANALYSIS

Insiders constitute the greatest threat to your organization's security; they have the potential to cause the biggest amount of damage, as seen in the Fannie Mae incident this year.

Most organizations' security efforts are focused on shoring up network perimeters. But, the focus must be expanded to protecting sensitive corporate data from insiders - trusted employees and business partners - who might either maliciously steal or inadvertently leak information.

According to reports, Rajendrasinh Makwana, was indicted on January 27 for the attempted malware attack. Federal officials said Makwana was terminated because on or about October 10th or 11th he created a computer script that changed the setting on the Unix servers without getting approval from his supervisor. That script was not malicious. Several days after Makwana was terminated, another Unix engineer discovered the malicious script embedded within that legitimate script.

Access to Fannie Mae's computers for contract employees was controlled by the company's procurement department, which did not terminate Makwana’s computer access until late in the evening October 24. 

Fannie Mae’s nationwide internal computer network includes about 4,000 servers. Had the malicious script executed, the script would have propagated itself out to all 4,000 servers, thereby damaging all of Fannie Mae’s data. It is estimated that the damage would have cost millions and possibly shutdown operations at Fannie Mae for at least a week.

SECURITY SOLUTION

This case underscores the damage disgruntled employees can potentially do to a network. CimTrak detects in real-time any unauthorized change to vital applications, servers and network infrastructure including: operating system settings, system files, directories, data files and file attributes. 

CimTrak knows exactly what the directories, files and data on your critical servers look like and if there is ANY unauthorized change CimTrak detects it instantly and immediately takes corrective action.

CimTrak ensures the integrity of business critical networks and servers by instantly restoring them to desired state - no matter what caused the unwanted change. This multi-layered solution protects against external attacks that slip by your perimeter defenses as well as internal attacks occasional accident

The risks of unauthorized disclosure, modification, and destruction of sensitive information are real, but can be minimized through a mix of multi-layered security solutions and good information security practices. Let us help you design the right solution for your organization today. Call 219-736-4400 today for more information.