According to the D.C. Examiner, a virus, allegedly planted by an
\nex-employee, was recently discovered among Fannie Mae’s 4,000 computer
\nservers.\u00a0 The virus would have first disabled the companies’ computer
\nmonitoring systems, then restricted all employee access, begin erasing all of
\nthe companies’ data, and finish by shutting down every machine.\u00a0 According to
\nprosecutors, this would have caused millions of dollars worth of damage,
\nunderstandably, and halted all of Fannie Mae’s computer operations for at
\nleast a week.
\nThe article is somewhat vague on how or when the virus was found, but
\nsome of the dates connected with the article provide cause for alarm.\u00a0 The
\nemployee allegedly responsible was fired on October 24th for attempting to
\ntamper with certain server’s settings.\u00a0 The virus mentioned in this article,
\nhowever, was installed before this date, and set to attack on January 31st.
\nThe article was written two days before this would happen on the 29th, leading
\none to believe that the virus was hidden amongst Fannie Mae’s code for at
\nleast several months before being discovered.\u00a0 The company should be commended
\nfor recognizing a possible insider attack in October when they fired the
\nemployee, however perhaps they could have done more to investigate the actions
\nof that employee such that this potentially devastating virus could have been
\nfound earlier.
\nThis story, and ones similar, emphasize how crucial it is for
\ncompanies to protect themselves from insider attacks.\u00a0 These precious servers
\ncannot exist in isolation, however their access and updates need to be
\nstrictly monitored in order to minimize the risk of malicious software being
\ninstalled by trusted parties.\u00a0 Arbiters of these systems could consider
\npersonally approving every update pushed onto a server, and installing a
\nsecurity system that would only allow these changes to be made, however this
\nin and of itself presents its own problems.\u00a0 This solution might not be
\nfeasible for large scale systems, and also one might imagine another slough of
\nsecurity holes in the new update monitoring system.\u00a0 At a more fundamental
\nlevel, this solution really only moves the burden of trust up the chain of
\ncommand, and thus the same insider vulnerabilities arise, albeit for a
\nsmaller and more trusted set of individuals.\u00a0 The best security from these
\nforms of attacks may be deterrence, by enacting strict punishments and hard
\njail-time for perpetrators of these attacks.\u00a0 The threat of arson charges
\ndeters disgruntled employees from burning down office buildings, perhaps
\nsimilarly draconian laws regarding computer intrusion would better deter
\nattacks such as these.<\/p>\n
Article:\u00a0 http:\/\/www.dcexaminer.com\/local\/012909-Ex-Fannie_Mae_worker_charged_with_planting_computer_virus.html<\/p>\n","protected":false},"excerpt":{"rendered":"
According to the D.C. Examiner, a virus, allegedly planted by an ex-employee, was recently discovered among Fannie Mae’s 4,000 computer servers.\u00a0 The virus would have first disabled the companies’ computer monitoring systems, then restricted all employee access, begin erasing all … Continue reading