A Singapore court has sentenced a 39-year-old Indian national, Kandula Nagaraju, to two years and six months imprisonment for hacking into his former employer’s computer system and deleting critical data.
Nagaraju was part of a 20-member team at National Computer Systems (NCS) between November 2021 and October 2022, responsible for managing a quality assurance computer system containing 180 virtual servers and testing new software and programs before launch. Court documents reveal that Nagaraju felt “confused” and “upset” after getting fired in October 2022 over poor performance, believing that he had performed well.
Upset with the termination, Nagaraju returned to India and launched a series of cyberattacks against NCS between January and March 2023. Operating remotely, he gained unauthorized access to the company’s systems multiple times.
The attacks unfolded in stages. First, Nagaraju accessed the system six times between January 6th and 17th, likely familiarizing himself with the architecture and exploring vulnerabilities. He then wrote computer scripts, essentially malicious programs, to test their effectiveness in deleting servers.
In February 2023, after finding a new job in Singapore, Nagaraju returned, rented a room with a former NCS colleague and used his Wi-Fi network to access NCS’ system once more. This act demonstrates a calculated and persistent effort to target his former employer.
As per the Singaporean news site CNA, the most damaging phase occurred in March 2023. Nagaraju accessed the NCS Quality Assurance (QA) system 13 times. Finally, on March 18th and 19th, he executed his pre-written script, resulting in the deletion of a staggering 180 virtual servers, one at a time. This act caused significant financial losses to NCS, estimated to be around SGD 918,000 (approximately USD 678,000).
The NCS team discovered the system was inaccessible the following day and the servers had been deleted. A police report was made on April 11, 2023, and several IP addresses were handed over. Nagaraju’s laptop was seized, and the script used to delete the servers was found. Investigations revealed that Nagaraju had searched for scripts to delete virtual servers on Google, which he used to code the script.
Disgruntled Employees – Threat Within!
The case highlights the dangers of disgruntled employees on a company’s cybersecurity, emphasizing the need for robust access control measures. Companies must also consider exit strategies for terminated employees, including timely removal of access privileges.
Nevertheless, this is not the first time that a disgruntled employee damaged the hands that fed them. In April 2017, an ex-Marriott employee hacked into the hotel reservation system from his apartment in New York City and reduced rates on more than 3,000 rooms from $159 – $499 per night … to $12 – $59.
In May 2018, Coca-Cola announced a data breach after one of its ex-employees managed to steal a hard drive containing the personal information of over 8,000 workers. In June 2018, Tesla sued an ex-employee for hacking and sharing gigabytes of data with 3rd parties. The stolen data included dozens of photos and a video of Tesla’s manufacturing systems.
In July 2018, Israeli authorities arrested a 38-year-old man for stealing secrets from the NSO Group, a Herzliya-based firm specializing in developing spyware, including the notorious Pegasus spyware, which helps governments spy on unsuspecting individuals and journalists worldwide. According to authorities, the stolen data was being sold on the dark web for a whopping $50 million.
In August 2020, an ex-employee and Indian citizen on an H1-B visa hacked Cisco’s Amazon Web Services (AWS) infrastructure and erased virtual machines. Sudhish Kasaba Ramesh pleaded guilty to “damaging Cisco’s network.“
