Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security IT

Fired Employee Accessed NCS' Computer 'Test System' and Deleted Servers (channelnewsasia.com) 63

An anonymous reader quotes a report from Singapore's CNA news channel: Kandula Nagaraju, 39, was sentenced to two years and eight months' jail on Monday (Jun 10) for one charge of unauthorized access to computer material. Another charge was taken into consideration for sentencing. His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022. According to court documents, Kandula felt "confused and upset" when he was fired as he felt he had performed well and "made good contributions" to NCS during his employment. After leaving NCS, he did not have another job in Singapore and returned to India.

Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS. NCS is a company that offers information communication and technology services. The system that Kandula's former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system." It consisted of about 180 virtual servers, and no sensitive information was stored on them. After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.

In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS' system once on Feb 23, 2023. During the unauthorized access in those two months, he wrote some computer scripts to test if they could be used on the system to delete the servers. In March 2023, he accessed NCS' QA system 13 times. On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time. The following day, the NCS team realized the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted. [...] As a result of his actions, NCS suffered a loss of $679,493.

This discussion has been archived. No new comments can be posted.

Fired Employee Accessed NCS' Computer 'Test System' and Deleted Servers

Comments Filter:
  • by iAmWaySmarterThanYou ( 10095012 ) on Thursday June 13, 2024 @03:45PM (#64547463)

    Firing people is a very well understood process. Or should be.

    You arrange a meeting with person.
    You let IT know that at time($x) person's access needs to be yanked. $x is the scheduled end of meeting.
    You have meeting.
    At end of meeting confirm with IT access has been terminated.

    Seriously, this isn't rocket science.

    • > After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorized access to the system using the administrator login credentials

      They don't give all the details, but it seems likely that this was a case where you needed an admin password to get something done at their job, so they gave that password to all 20 employees (and then didn't change it after he left).

      That's *atrociously bad* security policy, but less of a "how they fire people" issue than just a basi

      • I've been at places like that.

        1) why did his vpn still work?
        2) if access to admin didn't require vpn, fire people until it does
        3) if 1 & 2 are not options then yes you have to change the admin password(s) after firing someone.

    • by Tony Isaac ( 1301187 ) on Thursday June 13, 2024 @04:04PM (#64547505) Homepage

      I once worked for a software company that's been around for 30 years or so. There was a lot of legacy crap that never kept up with the times, related to security. For example, they had a network admin account that was pretty much superuser everywhere, and that account had been used to set up a LOT of servers and services. Everybody knew the password, and it couldn't be changed without risking all kinds of things suddenly crashing or going down. My guess is that now, 10 years after I left that company, the password has never been changed.

      While this is an extreme case, every company has dark corners where this kind of stuff goes on.

      • Wow, that makes my stomach hurt to read for so many reasons.

        That's not only an atrocious security situation but says no one has maintained documentation on how the systems work or interoperate. I suspect several pieces couldn't be rebuilt when the underlying hardware finally burns out and dies. I've picked up jobs as the clean up fix it guy for places like that after they had the big disaster and several "key" people were no longer employed and their names struck from history, only to be whispered in dark

        • Yep, exactly. Many businesses, especially those that are owned by PE firms, are always go, go, go, don't stop to clean up old messes, just go, go, go, make money money money.

      • I had a very harmless case. I took over responsibility for a service that wasnâ(TM)t actually used when the previous person responsible left. It used my phone for 2FA and you needed 2FA to change the person responsible for the server (including a password reset)

        So a person at the company called me, I made sure I had my mobile phone ready, they did the password reset, I got the six digit code on my phone, gave it to them over the phone. They finished the password reset and changed 2FA away from my pho
        • That's nice. But try using that approach for hard-coded database connection strings. There are a lot of types of connections that still don't support 2FA.

    • Firing people is a very well understood process. Or should be.

      You arrange a meeting with person.
      You let IT know that at time($x) person's access needs to be yanked. $x is the scheduled end of meeting.
      You have meeting.
      At end of meeting confirm with IT access has been terminated.

      Seriously, this isn't rocket science.

      In many countries you're expected not only to provide notice of firing, but expected to continue to work months after. Sure something went wrong here given that he left the entire country and still had access, but your scenario is representative of only the most toxic work places or the most sensitive jobs.

      In reality your access is normally yanked the day you clean out your desk, not the day you have a meeting.

      • Ok, yea, laws vary by country. What I've seen my overseas counterparts do is pay out the rest of their time and put then in what they called "green field" or some phrase like that which meant they are still on payroll and technically employed but access is cut and they have no work assignments.

        In this case it looks like he had full access months later and still seems to have had his company laptop or his personal laptop still was in the system.

        Either way, whatever the laws, there's no excuse to allow him t

        • And I've seen my American colleagues keep working for 2 months on the very project, in the very position before they were given notice.

          There's no standard way of firing people. Not even within a country.

      • If you trust the person, and there are no legal reasons, they can continue working. Alternatives are gardening leave (they are legally employed until the end of the notice period but donâ(TM)t do any work and have no access), or âoepayment in lieu of noticeâ, where someone has x weeks of notice but is paid x weeks of salary to give up their right to notice. Has tax advantages and you can even get a new job during what would have been the notice period and get twice the money.
  • The laws around this are brutal. If he's lucky he'll do 5 years in prison and spend the rest of his life struggling to get by. You do not fuck with corporations in America they have all the power and they use it.
  • Huh? (Score:4, Funny)

    by Aighearach ( 97333 ) on Thursday June 13, 2024 @04:01PM (#64547497)

    I feel bad for the Nutria Containment Society, they do important work!

    That said, why do they need a 20 person QA team? Sounds fishy to me. He was probably framed.

  • by Rosco P. Coltrane ( 209368 ) on Thursday June 13, 2024 @04:19PM (#64547551)

    That is suspiciously precise. Someone invoiced the coffee machine breaks down the hall during recovery :)

    Also, to NCS' credit, this amount looks "normal" for a change: usually when a company suffers computer damage from a former employee - or anyone really - it usually come up with figures in the millions for things that simply require reinstalling the backup on a few machine. Usually the quoted figures are completely outrageous and and obviously disconnected with the actual damage and what it took to fix it. In contrast, $679K sounds like it might actually be a realistic figure.

    • by cusco ( 717999 )

      If it was their test system it might not have been backed up at all, and was probably poorly documented at best. It may well have taken that long to reconstruct.

    • by gavron ( 1300111 )

      It's entirely made up. It doesn't divide by 180, it ends with a 3 (human introduced fake numbers often do) and is not rationalized or justified in any way.

      Also 1 year 8 months seems a randomly stupid amount of prison time. Couldn't round up to 2 yrs? Couldn't round down to 1.5 yrs? Just stupid.

      But that is how third-world countries are. We're working on getting that stupid here in the US. Just wait to see what Hunter Biden's sentence is... when he did what EVERY SINGLE GANG MEMBER and EVERY SINGLE CART

      • by Anonymous Coward

        1. The $ amount was probably from a currency conversion
        2. One year eight months is 1 2/3 years, nice and round
        3. lol

      • by tlhIngan ( 30335 )

        But that is how third-world countries are. We're working on getting that stupid here in the US. Just wait to see what Hunter Biden's sentence is... when he did what EVERY SINGLE GANG MEMBER and EVERY SINGLE CARTEL MEMBER does every day. Use drugs. Buy ammo. Buy firearms. Lie on forms.

        Singapore is far from a third world nation. They are considered first world and highly advanced technologically. The government is rather bad - authoritarian to say it nicely, but generally considered "failed democracy" along w

      • by haruchai ( 17472 )

        "Just wait to see what Hunter Biden's sentence is"
        I don't understand what's the fuss about Hunter Biden & what's so heinous about what he did?
        The text of the 2nd Amendment states clearly "the right of the people to keep & bear arms shall NOT be infringed".
        So he used drugs? So what? What he dealing them? Giving them to kids? Committed a violent felony, or any felony while under the influence?
        If you already own guns, is it illegal to get high?
        Why can a convicted felon run for office - apparently even

    • "That is suspiciously precise."

      The damages were not calculated in US dollars, since the trial was in Singapore. In fact, the actual source article reasonably rounds the S$918,000 value when converted as US$678,000.

      $679,493 does not appear in the original article, which makes me think the submitter tried to be too clever and made that change on their own.

    • If someone damages _your_ computer system by logging in without authorisation, at the very least you have to check whether they have left any other surprises. If he is morally capable of causing damage after being laid off, you need to make absolutely sure that he cannot cause more damages after your company forced him to pay.

      And if that costs more than just restoring service, thatâ(TM)s his problem. Shouldnâ(TM)t have hacked in in the first place.
  • If it was a test system that he took down, why did it cost the company so much?
  • Oh my, the fault is 99.9999% on the company for not immediately revoking all access and creds. If you're this sloppy and casual about security, you kinda deserved to get hammered.
    • I disagree. There were two crimes here (though only one is likely subject to prosecution): First, the crime of illegal computer access and the damage done with it, second, the corporate negligence that allowed that crime to be successfully executed.

      Each crime has a 100% responsible entity to assign blame to.

  • It's hard to say which is worse here; the malevolence or the incompetence? Sheesh.

No spitting on the Bus! Thank you, The Mgt.

Working...