News has been spreading throughout the press about the case of Rajendrashinh Makwana, a contractor with Fannie Mae who is accused of planting a “Logic Bomb” into the FNM environment which was designed to destroy data throughout the FNM network. I’m sure we’ll be hearing much about this case as time goes on and details continue to be revealed. That this individual as a contractor at such a large operation had the “root” passwords simply amazes me (as well as scares me!). As the story goes it appears that it was shear luck (..or perhaps Divine guidance) that the destructive script was located.
Of course, I’m a contractor for my clients (all small), and I like Mr. Makwana, know their “root” and Admin passwords since I couldn’t do what I do for them without that knowledge — but here is a case where size does make a difference. If in fact Mr. Makwana’s script could have destroyed access to some 4000 network servers I would have to question why any individual, employee or contractor would be given such “power”. I would think that at the very least it would be “spread out”.
Some of what I’ve reviewed so far about this case also has made reference to a sense of “any” large organization having security with their backups — well, I don’t know about you but I wouldn’t want to have to resort to the backups! Even if not a byte of data was lost, the loss from the disaster and downtime would be huge, certainly NOT what we need in our faltering economy! As for backups — my experience generally has been that they are questionable at best — i.e. When were they last tested? In many case I know of the backups never were tested.
For a small business the loss can be managed, sort of. However, given the size and industry of a Fannie Mae any loss can mean significant costs to recover. Here we have another indication of vulnerability – sure am glad the other tech “spotted” the script! Whether we like it or not, we humans inhabiting planet earth are vulnerable and dependent upon each other in more ways than most of us are comfortable with.