Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Hardware
Tom’s Hardware
Technology
Jowi Morales

Disgruntled ex-employee costs company over $600,000 after he deletes all 180 of its test servers — found server deletion scripts on Google

Delete.

Kandula Nagaraju, a 39-year-old Indian national who worked at NCS (National Computer Systems) in Singapore, was given a two-year-eight-month sentence after the courts found him guilty of unauthorized access to computer material. According to CNA, Nagaraju illegally accessed his former employer’s systems for several months after his termination, running scripts that he could use to delete its test servers. After he completed testing, he deployed the scripts overnight, resulting in the complete removal of all 180 company test servers.

NCS is a major IT services firm in South-East Asia and is headquartered in Singapore. It also has a presence across Australia, Hong Kong, China, and India, with over 13,000 employees. Nagaraju worked in the company’s quality assurance computer system, where he and his team used test servers to run apps before they were deployed to customers and end users.

Nagaraju's contract was terminated in October 2022, allegedly due to poor performance, although he stayed in his office until November 16, 2022. Nagaraju said he was confused and upset about the firing, especially as he felt he was performing well in his position. But since he didn’t have another employment lined up in Singapore after that, he left the nation-state and returned to his home country.

Although Nagaraju was no longer connected with NCS, he discovered that his credentials remained valid, giving him remote access to the company’s servers. Between January and March 2023, he hatched a plan of revenge against his former employer. He Googled for server delete scripts during this time and, using his still valid credentials, began testing them on NCS’s test servers.

None of his former team members were aware of this, allowing him to access the system over 13 times in March of 2023 alone. It was during this time that he perfected and hid the deletion scripts. Finally, on March 18 and 19, he activated the scripts, which began to delete the servers one at a time to minimize suspicion.

When the NCS QA team logged in on March 20, they discovered that their test servers were inaccessible. It was during their troubleshooting that they found out that all 180 of their test servers were deleted.

NCS claims that the test servers were standalone systems used for new apps. It also said that no sensitive information was stored on the servers, so company and client data remains safe. However, it still cost the company the equivalent of around $678,000 to remedy the situation.

The company reported the incident to the police in April 2023, after it had presumably reconstructed what happened to the servers. Since Nagaraju returned to Singapore in February 2023, the police tracked his location through the IP addresses the company submitted, and seized his laptop. This was when the authorities found the scripts he used on NCS’s servers, as well as his Google search history for scripts to delete virtual servers.

“Due to a human oversight in administering the standalone test environment, the perpetrator’s access to the test environment wasn’t terminated immediately upon departure from the company,” NCIS said in a statement to CNA. However, the company has “stringent processes and controls in place, and [stated] that it will continue to monitor and enhance them.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.