fannie mae logic bomb planted by fired employee

This Wired article on a Fannie Mae logic bomb falls into the category of, “..and this is why we stress consistency in doing the simple things in security.”

On the afternoon of Oct. 24, he was told he was being fired because of a scripting error he’d made earlier in the month, but he was allowed to work through the end of the day…

Five days later, another Unix engineer at the data center discovered the malicious code hidden inside a legitimate script that ran automatically every morning at 9:00 a.m. Had it not been found, the FBI says the code would have executed a series of other scripts designed to block the company’s monitoring system, disable access to the server on which it was running, then systematically wipe out all 4,000 Fannie Mae servers, overwriting all their data with zeroes.

How many times is a termination handled like this? Probably more regularly than I’d like to know. And how many times does it take to cause a business some serious problems? Just once.

By the way, how many reasonable people would finish out their day at work after being terminated? Sure, plenty would, but man that is a horrible decision by HR/manager.