An Indian national formerly employed in Singapore by information technology (IT) services company National Computer Systems (NCS) has been sentenced to prison for removing the 180s from his test. servers with scripts he found on Google and then “perfected.”
The story (via Tom Hardware) says Kandula Nagaraju, 39, did not agree with his dismissal for poor performance from the NCS Quality Assurance (QA) department, worried about trying new applications, and took advantage of the fact that his colleagues and superiors left their active access credentials to remotely wipe servers in a plan developed from January to March 2023.
The affected servers, according to NCS, were dedicated to internal application testing, so no sensitive customer data was lost in the attack. Tom Hardware wrote that it cost approximately S$678,000 to recover the servers, but did not share specific details on how it was done.
Access credentials and data loss.
If we had to guess, the colossal scale of data lost in the attack (and the time Nagaraju spent perfecting and testing the scripts) meant that data recovery software It probably wouldn't be enough. Perhaps some consultants who charged exorbitant fees had disk images for the servers out there.
It's a bit like a movie, the way Tom says it: the QA team discovered that all of its test servers had been wiped within the space of one morning on March 20, 2023.
Although Nagaraju managed to evade detection while continuing to abuse his login credentials and destroy servers, he is no evil genius: the Singapore police managed to track him through IP addresses sent by his former employer, stopped his laptop and found the offensive scripts.
Apparently he couldn't even be bothered to delete his browser history, which puts him face to face with rights for copying them from the Internet.
speaking to Asia News Channel (CNA), an NCS spokesperson said Nagaraju's access credentials remained active due to “human supervision.”
That's all well and good, but you'd think an IT company would keep a closer eye on servers vital to the running of an entire department, especially when CNA also reported that NCS suffered a total loss of S$917,832 thanks to its dishonest ex-employee.
But not everything is bad. Once Nagaraju is released from prison, he will likely have a bright future ahead of him in vulnerability testing.