“A former Fannie Mae IT contractor has been indicted on charges of planting a virus that would have nuked the mortgage agency’s computers, caused millions of dollars in damages, and even shut down operations. How might this have occurred? The contractor was terminated, but his server privileges were not.”
http://news.cnet.com/8301-1009_3-10152546-83.html
Apparently he was terminated on October 10th 2008, but his admin access was not removed until October 24th, 2008, the day before they identified the malicious script. He had root access to all Fannie Mae servers. DUH!