Rajendrashinh Makawa, a 35 year-old Indian Unix system administrator contractor for OmniTech, was arraigned this week in Maryland for attempting to hack Fannie Mae - the company he was subcontracted to. After being fired in the early afternoon of October 24th, Makawa was allowed to continue working. By the time he turned in his badge and laptop in at the end of the day he had written and implanted four separate scripts in the Fannie Mae system. These were designed to wipe all of the data from the over 4,000 servers and storage devices in a revenge attempt. Luckily, another sys admin uncovered one of the malicious scripts and the plan was thwarted.
The biggest lesson to be learned from this incident is in the behavior of Fannie Mae and OmniTech during the dismissal of Makawa. Makawa's access should have been revoked just prior to his dismissal and he should have been immediately escorted from the building. Instead, he was allowed to finish his day and - in barely 4 hours' time - put thousands and thousands of Fannie Mae clients' records and millions of the company's dollars at risk.
Remember: the termination process should take place swiftly and should begin with the removal of all access of the person to be terminated.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment