TechZeal
01-30-09, 02:59 PM
Inq had a detailed article that destribed the different scripts and what they were to do. This is rather impressive since it appears he did this in a couple hours and if it was allowed to go through would have been total distruction with appairently no real trace back to him.
Here is part of the article... you can see the whole thing here (http://www.theinquirer.net/inquirer/news/724/1050724/contractor-indicted-logic-bomb).
Five days later, a senior Unix engineer happened to discover one of Makwana's malicious scripts, which was appended to an operations script that runs every morning at 9:00 am to verify that two SAN paths are operational. Upon locking down all production servers and investigating, the operations staff soon discovered four additional malicious scripts.
The first script was coded to remain dormant until January 31, 2009. When triggered, it was crafted to copy and run the other four scripts.
The second script would block the monitoring system to prevent system engineers from receiving any problem alerts from production servers for 61 minutes. It would also build a list of all the servers in the data centre and disable logins to the production control server and its backup server.
The third script would build a list of all Fannie Mae production, contingency and backup servers and run the fourth script on all servers.
The fourth script would first disable all logins and clear all server logs, thus removing all traces of Makwana's activities. It would then set all systems' login messages to "Server Graveyard", remove the root password appliance access so no one could change the root password from it, wipe out all data on all Fannie Mae servers and replace it with zeros, remove the 'High Availability' software from all critical servers that contained it, and finally, power off all of the Fannie Mae servers it could find.
The fourth script was also set up to run on the backup production control server to trash any systems it might have missed while running on the other server, then wipe clean that backup server and power it off, too.
The only more thorough trashing of Fannie Mae's data centre we might possibly imagine would have to entail something on the order of an actual bomb.
Here is part of the article... you can see the whole thing here (http://www.theinquirer.net/inquirer/news/724/1050724/contractor-indicted-logic-bomb).
Five days later, a senior Unix engineer happened to discover one of Makwana's malicious scripts, which was appended to an operations script that runs every morning at 9:00 am to verify that two SAN paths are operational. Upon locking down all production servers and investigating, the operations staff soon discovered four additional malicious scripts.
The first script was coded to remain dormant until January 31, 2009. When triggered, it was crafted to copy and run the other four scripts.
The second script would block the monitoring system to prevent system engineers from receiving any problem alerts from production servers for 61 minutes. It would also build a list of all the servers in the data centre and disable logins to the production control server and its backup server.
The third script would build a list of all Fannie Mae production, contingency and backup servers and run the fourth script on all servers.
The fourth script would first disable all logins and clear all server logs, thus removing all traces of Makwana's activities. It would then set all systems' login messages to "Server Graveyard", remove the root password appliance access so no one could change the root password from it, wipe out all data on all Fannie Mae servers and replace it with zeros, remove the 'High Availability' software from all critical servers that contained it, and finally, power off all of the Fannie Mae servers it could find.
The fourth script was also set up to run on the backup production control server to trash any systems it might have missed while running on the other server, then wipe clean that backup server and power it off, too.
The only more thorough trashing of Fannie Mae's data centre we might possibly imagine would have to entail something on the order of an actual bomb.