Thursday, January 29, 2009

The Fannie Mae "Server Graveyard" Attempt

Apparently a rogue IT administrator decided to leave an Easter egg (or "time bomb" or "logic bomb" or whatever you prefer) within the Fannie Mae server network designed to wipe 4,000 servers on 31st January 2009.

He appears to have created the "Server Graveyard" Easter egg after being dismissed on October 24th last year - but before his system access permissions were revoked later that evening.

The Easter egg was at least discovered a few days later - but it goes to show how much damage a disgruntled IT administrator can do if they set their minds to it, along with the fact that if you're going to let go of an IT administrator (or user with a high level of system access) you'd better be prepared to lock out all his accounts while he's in the room being told by his manager he's fired and to escort them out of the building immediately afterwards.

Larry Dignan over at ZDNet has a good blog about the case (Fannie Mae IT contractor indicted for planting malware; Mortgage giant didn’t revoke server privileges).

No comments:

Post a Comment