Man Sentenced for Planting Malicious Code That Would Have Destroyed Mortgage Information

Allison Tussey —  December 21, 2010 — 1 Comment

Rajendrasinh Babubhai Makwana, 36, Montgomery County, Maryland, was sentenced to 41 months in prison, followed by three years of supervised release, for computer intrusion arising from the transmission of malicious script to Fannie Mae’s computer servers. A federal jury convicted Makwana on October 4, 2010.

As previously report on Mortgage Fraud Blog, Makwana was a contractor working at Fannie Mae’s Urbana, Maryland facility from 2006 to October 24, 2008. Makwana was a UNIX engineer who worked on Fannie Mae’s network of almost 5,000 computer servers.

According to testimony and evidence presented at trial, Makwana was fired on October 24, 2008 and told to turn in all of his Fannie Mae equipment, including his laptop. On October 29, 2008, a Fannie Mae senior engineer discovered a malicious script embedded in a routine program. A subsequent analysis of the script, computer logs, Makwana’s laptop and other evidence, revealed that Makwana had transmitted the malicious code on October 24, 2008 which was intended to execute on January 31, 2009. The malicious code was designed to propagate throughout the Fannie Mae network of computers and destroy all data, including financial, securities and mortgage information.

The sentence was announced by United States Attorney for the District of Maryland Rod J. Rosenstein and Special Agent in Charge Richard A. McFeely of the Federal Bureau of Investigation.

Computer intrusion cases are a high priority for federal law enforcement because of the potential to cause serious damage,” said U.S. Attorney Rod J. Rosenstein. “Mr. Makwana was trusted with access to the computer system, and he violated that trust.”

United States Attorney Rod J. Rosenstein thanked the Federal Bureau of Investigation for its investigative work and commended Assistant United States Attorney P. Michael Cunningham and Special Assistant U.S. Attorney Anthony V. Teelucksingh assigned from the Department of Justice Criminal Division’s Computer Crime and Intellectual Property Section, who prosecuted the case.

Be Sociable, Share!

Allison Tussey

Posts Google+

One response to Man Sentenced for Planting Malicious Code That Would Have Destroyed Mortgage Information

  1. Much of core of this story omitted from this article makes no sense and it only shows how inept our US government is in applying security concepts that practitioner like myself have been implementing for years in the private sector. Rajendrasinh implemented his time-bomb on a development server that sat under his desk and then planted a hook that called that script from the production UNIX systems. Segregation of Development and Production environments is nothing new, nor is code review or having a single IP to implement new code into production (Software Release life cycle). So why is it that production servers at Fannie May can be accessed by an IP of any worker on the wire? Sounds like Fannie May has allot of work to do.

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>