Don’t F with consultants man

IT Culture, Security
Comments Off on Don’t F with consultants man

There are many people you can screw over in your company and never really notice it. There are even roles with the responsibility of minimizing the impact angry workers can make. Security personnel, data center guards, lawyers, inhumane resources..

But whatcha gonna do brother when an indian pwns your cron? From the article (excerpt from Wired):

“….another Unix engineer at the data center discovered the malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m. Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company’s monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes.

“This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin,” wrote Nye.

As a final measure, the logic bomb would have powered off the servers.

The trigger code was hidden at the end of the legitimate program, separated by a page of blank lines.

To sum it up: Fannie Mae had an Indian consultant THAT THEY FIRED DUE TO INCOMPETENCE running around their network, unrestricted, modifying software without peer review or tripwire, AFTER THEY HAD BEEN TERMINATED?

I am not sure who get’s a bigger FAIL here?