A disgruntled former Cisco engineer hacked Cisco’s WebEx Teams causing millions of dollars of damage. The engineer, Sudhish Kasaba Ramesh, was sentenced to 2 years in federal prison and ordered to pay a $15,000 fine.
WebEx Teams Hacked
A former Cisco Systems Inc employee, Sudhish Kasaba Ramesh, hacked into Cisco’s systems and deleted over 450 virtual machines.
Ramesh worked for Cisco from August to 2016 to April 2018. Then 5 months later he hacked into his former employer’s systems. According to an announcement from the US Attorney’s Office, Ramesh accessed Cisco’s hosted cloud infrastructure through his Google Cloud Project account. This account had not been deleted by Cisco after Ramesh left the company thus providing him access to their systems. Ramesh accessed Cisco’s hosted cloud infrastructure on Amazon Web Services.
16,000 Accounts Affected
The deletion of the virtual machines caused outages to Cisco’s WebEx Teams customers for two weeks. The hack affected some 16,000 WebEx Teams accounts and caused Cisco to have to restore parts of its cloud infrastructure. WebEx Teams provides video meetings, video messaging, file sharing, and other collaboration tools.
However, the company stated that no customer data was stolen during the incident. Cisco estimated that the hack caused it approximately $1.4 million in damages and engineering staff salaries to restore the virtual machines. The company also paid a further $1 million to affected customers for the inconvenience caused.
In August, Ramesh, 31, pleaded guilty to one charge of “intentionally accessing a protected computer without authorization and recklessly causing damage”. Then last week, Ramesh was sentenced to serve 2 years in federal prison for his hacking of WebEx Teams’ virtual servers.
Furthermore, Ramesh was ordered to pay a $15,000 fine. Following his prison term, he will also have to serve one year of supervised release. Ramesh will begin serving his sentence in February 2021.
Even though Ramesh apologized for his actions, he never explained why he deleted Cisco’s servers. He has since been fired from his current job with personal lifestyle site Stich Fix over the WebEx Teams incident. And is facing possible deportation. Although Ramesh has a green card application pending and holds an H1 visa, he may be deported to his native country of India after his release.
According to the 2020 Verizon Data Breach Investigations Report, insider threats are the cause of about 30% of breaches and security incidents. However, most of these are thought to be the result of human error rather than malicious intent, as was the case in this instance.
“Admittedly, there is a distinct rise in internal actors in the data set these past few years, but that is more likely to be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors,” says the report.
Malicious insider threats such as Cisco’s WebEx Teams incident are relatively rare. However, they can be difficult to detect and prevent. Just one month ago, it emerged that a Microsoft employee stole over $10 million from his employer, Microsoft.