The Hazards of Recommending

image

Think twice before you agree to recommend someone on LinkedIn. They may be a logic bomber.

You may have already read about the fired Fannie Mae sysadmin who allegedly placed a virus in the mortgage giant’s software. The virus was a bad one: it

was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae’s computer monitoring system and then cutting all access to the company’s 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying “Server Graveyard.”

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.

Luckily the virus was found and removed. But what has yet to be removed is the suspect’s LinkedIn page which shows that since he was fired he has been working at Bank of America, something I’ve not seen mentioned in news covering the alleged incident.

(Apparently this piece mentions this fact but the information has since been removed. This raises other interesting points: What way is there for a company to police claims by people on networks like LinkedIn that they indeed worked at that company? Why was this information removed from the story or comments?)

image

What must also be a bit awkward is that the suspect, Rajendrasinh Makwana, has a recommendation on his LinkedIn profile from a project manager at AT&T, who says that

he was much more knowledgable at the subject matter than I was. He demonstrated leadership at times of crisis. He helped me learn the ropes. I would love to work with Raj again.

The recommendation is a mutual one; the person in question gets a recommendation from Makwana as well. But what adds to the awkwardness is that the recommendation was posted on October 25, 2008, which was, according to an affidavit filed by FBI Special Agent Jessica Nye, the day after Makwana’s last day of work—which was when he allegedly planted the virus:

“On October 24, 2008, at 2:53 pm, a successful SSH (secure shell) login from IP address 172.17.38.29, with user ID s9urbm, assigned to Makwana, gained root access to dsysadmin01, the development server. … IP address 172.17.38.29 was last assigned to the computer named rs12h-Lap22, which was [a Fannie Mae] laptop assigned to Makwana. … The laptop and Unix workstation where Makwana was able to gain root access and create the malicious script were located in his cubicle.”

Ouch. If the FBI is right, the suspect was buffing his CV, seeking recommendations from former colleagues right after planting a script that could have deleted all of Fannie Mae’s data.

Lesson: Think hard before you recommend someone on LinkedIn. How well do you know this person?

30. January 2009 by jeremy
Categories: Networks, Security | Tags: , , , , , , , , , , , , , , , , , , , | Comments Off on The Hazards of Recommending