Debunking the Myth of Control

This just in:


Ex-Fannie Mae worker charged with planting computer virus

By Freeman Klopott
Examiner Staff Writer 1/29/09

A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant’s software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say.

Rajendrasinh Makwana, an Indian citizen, was indicted Tuesday on computer intrusion charges. The former Gaithersburg resident is out on $100,000 bail, court documents said.

Makwana was fired from his contract position at Fannie Mae on Oct. 24 for changing computer settings without permission from his supervisor…


Note: he was fired for changing settings without permission. The system, it appears, had no built-in mechanisms for defining permissions and limiting actions accordingly. But if they catch someone doing it, they'll fire him. Feel safe?

Or would everyone sleep better if the data were in the professional custody of a cloud service provider, with rigorous definition of roles and abilities? And with robust, in-depth data protection technologies and practices?

Bottom line: compared to most people's Mission:Impossible imaginings of Black Hat Hacking, the real-world security of most data has less to do with where it's stored and much more dependence on the mechanisms in place for limiting privileges and blocking destructive behaviors.

Disciples of the on-premise myth of "control of your own IT" are urged to pause and reflect.

Published
January 29, 2009