What Software do web modernize ?
Why modernize ?
What are the modernization choices ?
What languages can we modernize ?
Time and cost
Modernization via platformmigration
SOA enablement
Partial Software modernization Web enablement
Data storge mingration
Automatice documentatic
Change impact analysis
End-user computing  
 
MALICIOUS SCRIPT

Fact, not Fiction


It was only by a very lucky chance that a senior Unix engineer with Fannie Mae discovered a logic bomb in their Servers. Had this not been caught on time, this logic bomb would have wipe out data from the company’s 4,000 servers on Jan 31st 2009 and wreaked temporary havoc in the nationwide real estate mortgage market by completely bringing down government-sponsored mortgage lender’s operations for up to a week.

 

The logic bomb was a malicious script that was allegedly implanted by Rajendrasinh Makwana, an IT contractor who worked in Fannie Mae until Oct 24, 2008, when he was fired for allegedly creating a computer script earlier that month that changed server settings without the permission of his supervisor

 

The discovery occurred on October 29, 2008. Makwana had been terminated as a Fannie Mae contractor on October 24th, around 1 or 1:30 p.m., but his network access was not terminated until late that evening, giving him the window of opportunity to plant his malicious code.

 

According to the affidavit of FBI special agent Jessica Nye, the Unix engineer who found the malicious script, identified only as SK, did so by accident. "The malicious script was at the bottom of the legitimate script, separated by approximately one page of blank lines, apparently in an effort to hide the malicious script within the legitimate script," the affidavit states.

Businesses at Risk

Makwana’s case is not an isolated one. For companies that feel the heat of the economic slowdown and decide to lay off staff, the ‘trusted’ employee could suddenly become a more potent threat than an external hacker.

 

According to an article in Information Week: Graham Cluley, senior technology consultant at Sophos, sees the risk of similar incidents as companies downsize in response to the troubled economy. "As belts tighten and the credit crunch continues to hit around the world, more and more companies will be making the decision to make staff and contractors redundant," he said in an online post. "...[A] disaffected employee could create havoc inside your organization so make sure that appropriate security is in place.

 

Network Computing says in their article titled “Bracing for a New World”: “This fact is supported by a 2008 FICCI-PwC report, in which a majority of the organizations surveyed believed that employees or former employees are a major source of security threats. Almost 47 percent of the organizations believed that employees were responsible for security incidents and 25 percent attributed them to former employees. Only 39 percent of the companies attributed negative security events to external hackers.”

How can we help?


Our adoption of OMG standards and our expertise in modeling gives us enormous reach into the task of modeling behavior and understanding the semantics of models.

 

We can, therefore, parse all kinds of scripts, understand what they are trying to accomplish and detect malicious intent, as illustrated in the schematic below:

 

 
USA, Germany, india, UK, Holland, Sweden, France,Belgium, Switzerland, Singapore, China
GROUP COMPANIES & DELIVERY PARTNERS
ADA Companies Worldwide - TSRI
AltiSAP - Quantum Capital
Contact: 888-453-0014
Email: info@adasoftusa.com