One Nomad's Blog

This is Argyn's blog. I comment on topics of my interests such as software, math, finance, and music. Also, I write about local events in Northern Virginia, USA and all things related to Kazakhstan

Thursday, January 29, 2009

How could it be possible to "wipe" 4000 servers from a development server?!

According to article in InformationWeek "Fannie Mae Contractor Indicted For Logic Bomb" By Thomas Claburn, January 29, 2009 03:30 PM

Had the malicious script designed to wipe Fannie Mae's 4,000 servers not been discovered, the company could have lost millions of dollars and a week's worth of up-time.


"On October 24, 2008, at 2:53 pm, a successful SSH (secure shell) login from IP address 172.17.38.29, with user ID s9urbm, assigned to Makwana, gained root access to dsysadmin01, the development server," the affidavit states. "...IP address 172.17.38.29 was last assigned to the computer named rs12h-Lap22, which was [a Fannie Mae] laptop assigned to Makwana...The laptop and Unix workstation where Makwana was able to gain root access and create the malicious script were located in his cubicle."


A script on development server dsysadmin01 should not have been able to "wipe" 2000 servers. This is b/s
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)