An Indian national was sentenced to two years and six months in prison for illegal access to computer files of his former employer, which resulted in the deletion of 180 virtual servers. The hacking of servers cost the company, NCS Group in Singapore, about SGD 918,000 (approximately Rs 5.66 crore).
Kandula Nagaraju, 39, a former employee of NCS Group, a well-known information communication and technology services provider, was found guilty of staging a cyber-attack on the company’s quality assurance (QA) system after his dismissal for poor performance.
As per reports, Nagaraju was a member of a 20-person team in charge of overseeing NCS’s QA system, which tested new software and programmes. Although the system did not hold any sensitive information, its failure had serious operational and financial consequences.
Even though he thought he had made “good contributions” during his tenure at the company, Nagaraju’s job officially ended on November 16, 2022, after he was fired in October 2022 for poor performance.
According to court records, Nagaraju was “confused and upset” after his dismissal. He returned to India after being unable to find work in Singapore, where he accessed NCS’ system without authorisation using administrator credentials. Nagaraju used the system six times between January 6 and January 17, 2023, from India.
He returned to Singapore in February 2023, having secured a new job, and stayed with a former NCS colleague. Nagaraju utilised their Wi-Fi network to access the system once more on February 23, 2023. During his illegal access, Nagaraju experimented with computer scripts to evaluate their ability to remove servers.
The actual harm was done in March 2023 when Nagaraju gained access to NCS’ QA system 13 times. This culminated in a two-day rampage on March 18 and 19, when he used a pre-programmed script to carefully remove 180 virtual servers. The deletions made the system unavailable the next day, which prompted NCS to launch an internal inquiry.
A police report was submitted on April 11, 2023, and following investigations resulted in the discovery of several IP addresses associated with the sabotage. Nagaraju’s laptop was confiscated, revealing the destructive script and evidence of Google searches for how to remove virtual servers.
Nagaraju continued with his acts even though he knew he was not permitted to access the system after his employment was terminated.
According the prosecution attorney, Nagaraju was aware of his lack of authorisation and still chose to access the system, resulting in substantial financial loss and operational disruption.
Comments
0 comment