Stories
Slash Boxes
Comments

SoylentNews is people

Engineer Admits Wiping 456 Cisco AWS WebEx VMs after Leaving, Derailed 16,000 Teams Accounts

posted by martyb on Monday August 31 2020, @05:36AM   Printer-friendly
from the credentials-still-worked-FIVE-MONTHS-after-he-left? dept.

upstart writes in with an IRC submission:

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts:

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service.

"During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco's WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools," the US Attorney's Office for the Northern District of California said in a statement.

According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds.

[...] According to a court document[*], Ramesh is in the US on an H-1B visa and has a green card application pending.

[...] Ramesh faces up to five years in the clink and a fine of $250,000 when he is sentenced, an event scheduled for December.

[*] STIPULATION AND (PROPOSED) ORDER CONTINUING DATE FOR ENTRY OF PLEA AGREEMENT (PDF)

Original Submission

 
This discussion has been archived. No new comments can be posted.
Engineer Admits Wiping 456 Cisco AWS WebEx VMs after Leaving, Derailed 16,000 Teams Accounts | Log In/Create an Account | Top | 46 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Booga1 on Monday August 31 2020, @06:52AM (2 children)

    by Booga1 (6333) on Monday August 31 2020, @06:52AM (#1044505)

    No kidding. As a sysadmin I've had all access revoked as soon as I locked my machine and stepped away from my desk on the last day. It shouldn't be some giant task to do that. It should be as simple as disabling or deleting an account.
    At the VERY worst there might be service accounts he had access to, but even with that they're supposed to be rotating passwords regularly. Why, oh why did he have any access at all for MONTHS after he left? He's to blame for his actions, but they should never have been possible in the first place.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Touché) by Anonymous Coward on Monday August 31 2020, @07:31AM

    by Anonymous Coward on Monday August 31 2020, @07:31AM (#1044509)

    Indeed. We have two mishaps, one a firm who did not revoke credentials. Two an engineer who used said credentials instead of losing them to "some hack"😁.

  • (Score: 2) by Grishnakh on Monday August 31 2020, @03:21PM

    by Grishnakh (2831) on Monday August 31 2020, @03:21PM (#1044606)

    This is basically like a bank that gets robbed by their former employee because they left the doors unlocked or didn't bother to change a safe combination after he left, and then tries to blame the ex-employee. What kind of idiot would trust their money to that bank?