A fired IT worker has been sentenced to two years and eight months’ jail by a Singapore court after remotely deleting around 180 of his former employer’s virtual servers, allegedly costing the company $1 million ($S918,000).
Kandula Nagaraju, 39, was sentenced on 10 June for one charge of unauthorised access to computer material, CNA reported.
Nagaraju was reportedly fired by IT company NCS in October 2022 due to poor performance, and finished his work with the organisation in mid-November of that year.
Court documents reportedly show Nagaraju was “confused and upset” by his firing, as he felt he had contributed well to NCS.
Nagaraju had reportedly worked in a 20-member team which managed a system NCS used to test new software and programs before launch.
The system supposedly consisted of 180 virtual servers, but did not hold any sensitive information.
After travelling from Singapore to India following his contract termination, Nagaraju was found to have gained unauthorised access to the NCS testing system by using administrator login details, allegedly doing so six times in January 2023.
He is said to have accessed the NCS system once more in February 2023, after returning to Singapore to start a new job with a different company.
In March 2023, Nagaraju was said to have accessed the NCS system 13 more times, eventually running a programmed script to delete the 180 virtual servers.
NCS is said to have discovered the security breach the following day, before a police report was made on 11 April, 2023, with several IP addresses uncovered by NCS turned over to police.
Police later seized Nagaraju’s laptop, on which Google searches for programming scripts and the actual script used to carry out the deletions were allegedly found.
Experts call for greater ‘security hygiene’
Boris Cipot, a senior security engineer at Synopsys Software Integrity Group, said the case of Nagaraju and NCS raised “many questions” about the company’s security.
“How was the account access still active? Why was there no monitoring on the account?
“And sure, the attacker was an employee with admin account.
"But still, even admin accounts cannot have all the rights on the systems and must be monitored and expire when the persona is not actively working for his employer,” he said in a statement.
“Proper implementation of users and their rights on systems is a basic part of cyber security hygiene that every company needs to get right.
“And it is not just to protect themselves from cases like this, but to also prevent other forms of exploitation from happening.
“What if such an access was stolen from an employee through a phishing attack? The same thing could happen.”
Darren Guccione, CEO and co-founder of Keeper Security, said organisations should always take care when off-boarding an employee.
“By tracking and recording all digital and physical assets associated with each employee, recovering physical equipment issued throughout their employment with the company becomes easier,” he said.
“A single forgotten thumb drive containing sensitive data can fall into the wrong hands and result in a data breach.
“After recovering the physical assets, organisations must promptly deactivate accounts and revoke access rights, with close monitoring for any continued activity post-employment.”
NCS has been contacted for comment.