Friday, January 30, 2009

Got love the logic bomb...

I caught this as I was catching up on some Tweets. Here is the link to the affadavitfrom the investigation.

A snippet from the article:

Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company’s monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes. “This would also destroy the backup software of the servers making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin,” wrote (FBI agent Jessica) Nye. As a final measure, the logic bomb would have powered off the servers.

Suprising to me was that there was anyone left at Fannie Mae except disgruntled employees. Well at least employees not shacking up with Barney Frank.

What I am least surprised about is that it was an insider. Proactive monitoring, and more importantly well thought out access control policy and enforcement makes or breaks you. David Rowe and Matt Flynn at Netvision should be banging the drum loudly on this one.

Has anyone out there in the Identisphere deployed a solution whereby the access control is system centric the more critical the system is? I still see a lot of user centric stuff, but since humans are humans and you never know when someone will get disgruntled - should there be more attention paid to systems centric solutions the more valuable the asset?