Disgruntled ex-employee deletes 180 test servers, costing company nearly $680,000

Shawn Knight

Shawn Knight

Posts: 15,389   +193
Staff member
Facepalm: A former National Computer Systems (NCS) employee has been sentenced to nearly three years in prison after being found guilty of unauthorized access to computer material. If you're looking for a blueprint on how to wreck your IT career and earn a few years behind bars, read on.

NCS terminated the contract of 39-year-old Kandula Nagaraju in October of 2022, reportedly due to subpar job performance. Nagaraju had worked as a quality assurance specialist, using test servers to vet applications prior to their release to customers and end users.

Court documents noted Nagaraju felt confused and upset over the termination, as he believed he had made "good contributions" to NCS during his time with the company.

Not long after returning home from Singapore, Nagaraju realized that his login credentials for his former employer were still active. In early 2023, he devised a plan to get revenge on NCS. Nagaraju found delete scripts online and tweaked them to run on NCS test servers.

The disgruntled ex-employee deployed the script, which was designed to delete servers one at a time, over the weekend of March 18-19. By the time NCS employees got to the office the following Monday, all 180 of the company's test servers had fallen.

According to NCS, the incident cost the company around $678,000 to straighten out. Fortunately for the business, no sensitive customer or company information was stored on the test servers.

NCS reported the incident to police in April 2023, and it did not take long for authorities to track down Nagaraju. On his seized laptop, police found the script used in the attack and even search history relating to using delete scripts on virtual servers.

NCS said human oversight was to blame for Nagaraju's credentials remaining active after he was served his walking papers. Once the unauthorized access was discovered, the credentials were immediately blocked but of course, the damage had already been done.

Nagaraju was sentenced to two years and eight months in jail.

Image credit: Pixabay, Ooi Boon Keong

Permalink to story:

Disgruntled ex-employee deletes 180 test servers, costing company nearly $680,000

 
Although I've never experienced a disciplinary or termination situation personally, most companies I've worked with take immediate action if you're involved in such circumstances or if you're resigning to move to another job. They typically terminate access right away and either suspend you or put you on leave if there's a mutual agreement to part ways, mainly for security reasons.

NCS might benefit from adopting some practices from these companies.
 
  • Like
Reactions: trieste1s, VaRmeNsI, fb020997 and 6 others
The last place I worked, 6 months after I left there, I came across a saved link to the ticket system in my browser's saved location at home. I did some work from home for a while so I had remote access to the work's system.

I opened the link and logged in with my credentials, I could look through all the tickets in the system....
I then went into Outlook 365 and logged into my old work email.....saw there were a bunch of emails from customers looking for me, oh well.
I then went into Logmein and connected to my old computer on the backend....and saw I still had access to all remote sites through Logmein.

What a bunch of fools. Clearly they didn't learn from the last time when they fired an employee and he logged into remote sites from home after getting fired and started deleting databases.....FBI got involved because it was computer fraud across multiple state lines. I think the guy did 4 or 5 years in federal prison.

I didn't have anyone's contact info from my old job anymore so I had to call into the help desk at my old job and ask for a few people until I got someone I used to work with. Told them my old credentials are still active and they need to go through and purge all old employees from having access to these systems. Even after telling them this it still took them over a week to do it. I went back every day for a week until I could no longer login just to make sure they resolved this problem on their end.

Some companies just don't think about it and some don't even care, even after they were burned once before.
 
  • Like
Reactions: trieste1s, PurpaFur, Pantomime9270 and 9 others
On the back of our head ... it could be done by anybody of us if we had the opportunity.

Only "terminated" employees can understand the frustration and thirst for "revenge" an ex-employee may have.

Why you think the movie Joker got that familiar.
 
"Court documents noted Nagaraju felt confused and upset over the termination, as he believed he had made "good contributions" to NCS during his time with the company."

If the company gave periodic performance reviews, he might not have been confused or even surprised that he was terminated. It doesn't sound as if that was done. The performance reviews would have alerted him that there were deficiencies (in the eyes of the company) and given him a chance to correct them. If said deficiencies were overcome, then there would be no need to terminate him. Win, win. If not, well, it happens. At least there would be fair warning and it might have mitigated his desire for revenge (maybe).

However, perhaps the terms of his contract did not require periodic performance reviews. Nonetheless, it's still a good idea and potentially could have saved a lot of grief. IMO.
 
  • Like
Reactions: trieste1s and PurpaFur
Puiu said:
680k for 180 servers? that's cheap.

just reconfiguring the servers is very costly.
Click to expand...
You'd think it would just be a simple script to loop through the list of servers, log in, copy across the last dump, then uncompress it. They're all test servers so there's no huge need for getting up to the second transaction logs. I'm a bit rusty on shell scripting but I think it would take me 30 mins, maybe an hour if they want a limited number to run in parallel. I'd happily do it for $100K :)
 
  • Like
Reactions: PurpaFur
For someone that was incompetent from the reports from management, he knew exactly what he was doing while they didn't...
 
Neatfeatguy said:
The last place I worked, 6 months after I left there, I came across a saved link to the ticket system in my browser's saved location at home. I did some work from home for a while so I had remote access to the work's system.

I opened the link and logged in with my credentials, I could look through all the tickets in the system....
I then went into Outlook 365 and logged into my old work email.....saw there were a bunch of emails from customers looking for me, oh well.
I then went into Logmein and connected to my old computer on the backend....and saw I still had access to all remote sites through Logmein.

What a bunch of fools. Clearly they didn't learn from the last time when they fired an employee and he logged into remote sites from home after getting fired and started deleting databases.....FBI got involved because it was computer fraud across multiple state lines. I think the guy did 4 or 5 years in federal prison.

I didn't have anyone's contact info from my old job anymore so I had to call into the help desk at my old job and ask for a few people until I got someone I used to work with. Told them my old credentials are still active and they need to go through and purge all old employees from having access to these systems. Even after telling them this it still took them over a week to do it. I went back every day for a week until I could no longer login just to make sure they resolved this problem on their end.

Some companies just don't think about it and some don't even care, even after they were burned once before.
Click to expand...
Well, if all people who were ever fired tried this ****, then of course companies would be much more cautious.
One way or another, this world keeps on trust. We would not be able to see each other without pulling our glocks if we expected each other to do harm. Most people who get fired, even those fired unfairly, do not think about damaging their old workplace.
 
  • Like
Reactions: trieste1s
Zcolor said:
Yeah, keep hiring foreigners, as opposed to Americans, You got what you asked for...
Click to expand...
This is a company in Singapore with an Indian contractor. Why would they hire an American? Crime rates in America are far higher than in Singapore.
 
Well, the company should breath a sigh of relief. At least he didn't come back with a modified AR-15 and shoot up the place.

That seems to be the way we remediate "unfair dismissals" here in the good old USA nowadays.
 
captaincranky said:
Well, the company should breath a sigh of relief. At least he didn't come back with a modified AR-15 and shoot up the place.

That seems to be the way we remediate "unfair dismissals" here in the good old USA nowadays.
Click to expand...
until the owner pulls his own AR15 and you get massive shootout.
 
mbk34 said:
This is a company in Singapore with an Indian contractor. Why would they hire an American? Crime rates in America are far higher than in Singapore.
Click to expand...
The company is in the US. The former employee came back from a holiday in Singapore.
 
NCS is a well-loved systems integrator in Singapore that wins many government projects because of undercutting at both ends (employee salaries as well as rival competitors). Things have been "streamlined" to run that way in recent times mainly because of liberal foreign hiring policies, geographical proximity to multiple low-cost labour markets, and a Comprehensive Economic Cooperation Agreement with a particular labour market in South Asia. We can't really speak of such things in our local online forums, so pardon my deliberate tweaking of terms.

I've ever been employed as a low-level tech in the same entity as Kandula (do read up on the patronymic naming system of South Asians), so it is not of surprise that he was able to execute his nefarious plan long after termination of his employment.
 
Last edited:
toooooot said:
Well, if all people who were ever fired tried this ****, then of course companies would be much more cautious.
One way or another, this world keeps on trust. We would not be able to see each other without pulling our glocks if we expected each other to do harm. Most people who get fired, even those fired unfairly, do not think about damaging their old workplace.
Click to expand...
This is true. If the guy was smart enough to do this, he should have been smart enough to know that he probably wasn't going to get away with it.
 
Why was so much money and work riding on test servers? Test servers are not in production and should be able to be wiped and rebuilt with ease. Someone that wasn't fired needs to be
 
Puiu said:
until the owner pulls his own AR15 and you get massive shootout.
Click to expand...
Well, that's what it's like here in the good old U. S. of A. "Land of the free", home of the brave-ly well armed and sociopathic. We, "Let freedom ring", via the crackle of gunfire.!
 
captaincranky said:
Well, that's what it's like here in the good old U. S. of A. "Land of the free", home of the brave-ly well armed and sociopathic. We, "Let freedom ring", via the crackle of gunfire.!
Click to expand...
Unfortunately we've recently seen what happens when you couple low IQ sociopathic ppl and rifles...

I may not like Trump (at all), but that's not the answer. I just simply can't understand how somebody can legally buy a high powered sniper rifle so easily.
 
You must log in or register to reply here.

Similar threads

A
Microsoft subsidiary Nuance blamed for data-stealing incident caused by a former employee
Replies
0
Views
64
Alfonso Maruccia
A
D
Intel unveils Lunar Lake CPUs for AI PCs and Sierra Forest processors for servers
Replies
10
Views
319
JuanDegr
J
Shawn Knight
Bugatti's latest hypercar trades turbos for a V16 hybrid powerplant
Replies
11
Views
236
Ryno1
R

Latest posts

Back