A Singapore court docket has sentenced a 39-year-old Indian nationwide, Kandula Nagaraju, to 2 years and 6 months imprisonment for hacking into his former employer’s laptop system and deleting essential knowledge.
Nagaraju was a part of a 20-member workforce at Nationwide Pc Techniques (NCS) between November 2021 and October 2022, liable for managing a high quality assurance laptop system containing 180 digital servers and testing new software program and applications earlier than launch. Courtroom paperwork reveal that Nagaraju felt “confused” and “upset” after getting fired in October 2022 over poor efficiency, believing that he had carried out properly.
Upset with the termination, Nagaraju returned to India and launched a collection of cyberattacks in opposition to NCS between January and March 2023. Working remotely, he gained unauthorized entry to the corporate’s methods a number of occasions.
The assaults unfolded in phases. First, Nagaraju accessed the system six occasions between January sixth and seventeenth, probably familiarizing himself with the structure and exploring vulnerabilities. He then wrote laptop scripts, primarily malicious applications, to check their effectiveness in deleting servers.
In February 2023, after discovering a brand new job in Singapore, Nagaraju returned, rented a room with a former NCS colleague and used his Wi-Fi community to entry NCS’ system as soon as extra. This act demonstrates a calculated and chronic effort to focus on his former employer.
As per the Singaporean information web site CNA, probably the most damaging section occurred in March 2023. Nagaraju accessed the NCS High quality Assurance (QA) system 13 occasions. Lastly, on March 18th and nineteenth, he executed his pre-written script, ensuing within the deletion of a staggering 180 digital servers, one by one. This act triggered vital monetary losses to NCS, estimated to be round SGD 918,000 (roughly USD 678,000).
The NCS workforce found the system was inaccessible the next day and the servers had been deleted. A police report was made on April 11, 2023, and a number of other IP addresses have been handed over. Nagaraju’s laptop computer was seized, and the script used to delete the servers was discovered. Investigations revealed that Nagaraju had looked for scripts to delete digital servers on Google, which he used to code the script.
Disgruntled Staff – Menace Inside!
The case highlights the hazards of disgruntled staff on an organization’s cybersecurity, emphasizing the necessity for strong entry management measures. Firms should additionally take into account exit methods for terminated staff, together with well timed removing of entry privileges.
However, this isn’t the primary time {that a} disgruntled worker broken the arms that fed them. In April 2017, an ex-Marriott worker hacked into the resort reservation system from his house in New York Metropolis and diminished charges on greater than 3,000 rooms from $159 – $499 per evening … to $12 – $59.
In Might 2018, Coca-Cola introduced an information breach after one in every of its ex-employees managed to steal a tough drive containing the private data of over 8,000 staff. In June 2018, Tesla sued an ex-employee for hacking and sharing gigabytes of knowledge with third events. The stolen knowledge included dozens of photographs and a video of Tesla’s manufacturing methods.
In July 2018, Israeli authorities arrested a 38-year-old man for stealing secrets and techniques from the NSO Group, a Herzliya-based agency specializing in creating spyware and adware, together with the infamous Pegasus spyware and adware, which helps governments spy on unsuspecting people and journalists worldwide. In response to authorities, the stolen knowledge was being offered on the darkish internet for a whopping $50 million.
In August 2020, an ex-employee and Indian citizen on an H1-B visa hacked Cisco’s Amazon Net Providers (AWS) infrastructure and erased digital machines. Sudhish Kasaba Ramesh pleaded responsible to “damaging Cisco’s community.“