A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired.
Nagaraju Kandula, 39, pleaded guilty to deleting the virtual servers in an attempt to sabotage the firm's systems out of spite for getting fired from NCS, causing damages estimated to $678,000.
Wiping virtual servers
NCS (National Computer Systems) is an IT giant based in Singapore and a subsidiary of the Singtel Group. It operates in over 20 cities across the Asia-Pacific region and employs 13,000 people.
Kandula worked as a quality assurance (QA) team member at NCS, which tested new software and programs before NCS launched them.
He was let go from his job on November 16, 2022, for poor performance, and the company overlooked that they had not invalidated his credentials, allowing him continued access to their systems.
According to news outlet CNA, who reviewed the court documents, Nagaraju used his non-invalidated account credentials at NCS between January and March 2023 to access NCS systems over thirteen times.
During those events, the man reportedly tested custom scripts for his ability to wipe virtual servers managed by the quality assurance team.
The wiper was executed on March 18-19, deleting 180 virtual servers and causing damages estimated to be $678,000.
After the discovery of the damaging attack and the realization that the deleted servers could not be restored, NCS reported the incident to the police, who, on April 11, 2023, traced the action back to an IP address associated with Kandula.
Eventually, the law enforcement authorities confiscated the man's laptop and found the script used in the attack to wipe the virtual servers.
The investigators mention that Kandula developed the wiper script via Google searches on how to delete virtual servers, so the man was exposed from internet history too.
NCS claims no sensitive information was exposed due to this incident since the impacted environment was a software testing platform.
However, the case highlights the importance of organizations promptly blocking all former-employee access to critical systems once dismissed and resetting passwords for all administrative accounts that those persons might have known/used.
Failing to take these basic protective measures can and has led to catastrophic attacks that cost companies significant amounts of money, cause business disruption, and even induce physical risks.
Earlier this year, a former Cisco engineer pleaded guilty to deploying code that led to the shut down of more than 16,000 WebEx Teams accounts and the deletion of 456 virtual machines.