A Singapore courtroom has sentenced a 39-year-old Indian nationwide, Kandula Nagaraju, to 2 years and 6 months imprisonment for hacking into his former employer’s pc system and deleting vital knowledge.
Nagaraju was a part of a 20-member group at Nationwide Laptop Programs (NCS) between November 2021 and October 2022, accountable for managing a high quality assurance pc system containing 180 digital servers and testing new software program and packages earlier than launch. Courtroom paperwork reveal that Nagaraju felt “confused” and “upset” after getting fired in October 2022 over poor efficiency, believing that he had carried out effectively.
Upset with the termination, Nagaraju returned to India and launched a collection of cyberattacks in opposition to NCS between January and March 2023. Working remotely, he gained unauthorized entry to the corporate’s methods a number of instances.
The assaults unfolded in phases. First, Nagaraju accessed the system six instances between January sixth and seventeenth, seemingly familiarizing himself with the structure and exploring vulnerabilities. He then wrote pc scripts, primarily malicious packages, to check their effectiveness in deleting servers.
In February 2023, after discovering a brand new job in Singapore, Nagaraju returned, rented a room with a former NCS colleague and used his Wi-Fi community to entry NCS’ system as soon as extra. This act demonstrates a calculated and protracted effort to focus on his former employer.
As per the Singaporean information web site CNA, essentially the most damaging part occurred in March 2023. Nagaraju accessed the NCS High quality Assurance (QA) system 13 instances. Lastly, on March 18th and nineteenth, he executed his pre-written script, ensuing within the deletion of a staggering 180 digital servers, one after the other. This act brought on vital monetary losses to NCS, estimated to be round SGD 918,000 (roughly USD 678,000).
The NCS group found the system was inaccessible the next day and the servers had been deleted. A police report was made on April 11, 2023, and a number of other IP addresses have been handed over. Nagaraju’s laptop computer was seized, and the script used to delete the servers was discovered. Investigations revealed that Nagaraju had looked for scripts to delete digital servers on Google, which he used to code the script.
Disgruntled Staff – Menace Inside!
The case highlights the risks of disgruntled staff on an organization’s cybersecurity, emphasizing the necessity for strong entry management measures. Corporations should additionally take into account exit methods for terminated staff, together with well timed removing of entry privileges.
However, this isn’t the primary time {that a} disgruntled worker broken the fingers that fed them. In April 2017, an ex-Marriott worker hacked into the lodge reservation system from his residence in New York Metropolis and diminished charges on greater than 3,000 rooms from $159 – $499 per night time … to $12 – $59.
In May 2018, Coca-Cola introduced an information breach after considered one of its ex-employees managed to steal a tough drive containing the non-public data of over 8,000 staff. In June 2018, Tesla sued an ex-employee for hacking and sharing gigabytes of knowledge with third events. The stolen knowledge included dozens of pictures and a video of Tesla’s manufacturing methods.
In July 2018, Israeli authorities arrested a 38-year-old man for stealing secrets and techniques from the NSO Group, a Herzliya-based agency specializing in growing spyware and adware, together with the infamous Pegasus spyware, which helps governments spy on unsuspecting people and journalists worldwide. In response to authorities, the stolen knowledge was being offered on the darkish internet for a whopping $50 million.
In August 2020, an ex-employee and Indian citizen on an H1-B visa hacked Cisco’s Amazon Net Providers (AWS) infrastructure and erased digital machines. Sudhish Kasaba Ramesh pleaded responsible to “damaging Cisco’s community.“