Unhappy with Dismissal, Ex-Employee Deletes Servers Worth Rp11 Billion

Jakarta, CNBC Indonesia - A former Indian employee is reported to have sabotaged a system after being dismissed from his job. The man named Kandula Nagaraju (39) accessed his former company’s internal system and deleted hundreds of virtual servers, resulting in significant losses.

The act occurred after he no longer worked at the Singapore-based technology company NCS. Using old access credentials, he entered the company’s testing system and executed a command that completely deleted 180 virtual servers.

The company is estimated to have suffered losses of around S$918,000, equivalent to Rp11.1 billion. The case led to legal proceedings, where the perpetrator was sentenced to two years and eight months in prison.

During the trial, it was revealed that the perpetrator was unhappy with the termination of his contract. He claimed to be disappointed because he felt he had worked well during his time at the company.

Citing CNA, Kandula’s contract with NCS was terminated in October 2022 due to poor performance. He last worked on 16 November 2022. According to court documents, Kandula felt confused and angry when he was fired, as he believed he had worked well and contributed positively to NCS during his employment. After leaving NCS, he had no other job in Singapore and had to return to India.

Chronology

From around November 2021 to October 2022, Kandula was part of a 20-person team managing the quality assurance (QA) computer system at NCS. NCS is a company offering information, communication, and technology services. The system managed by Kandula’s former team was used to test new software and programmes before launch.

In a statement to CNA on Wednesday, NCS said it was a “standalone testing system”. It consisted of about 180 virtual servers, and no sensitive information was stored in it.

After his contract was terminated and he returned to India, Kandula used his laptop to gain illegal access to the system using administrator login credentials. He did this six times between 6 January and 17 January 2023.

In February that year, Kandula returned to Singapore after seeking a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access the NCS system once on 23 February 2023.

During the unauthorised accesses over those two months, he wrote several computer scripts to test whether they could be used on the system to delete servers.

In March 2023, he accessed the NCS QA system 13 times. On 18 and 19 March, he ran a programmed script to delete 180 virtual servers in the system. The script was written in such a way that it would delete the servers one by one.

The next day, the NCS team realised the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted.

On 11 April 2023, a police report was filed, and several IP addresses found through an internal investigation were handed over to the police. Kandula’s laptop was seized by the police, and the script used for the deletion was found on it.

The investigation revealed that he had searched Google for scripts to delete virtual servers, which he then used to code the script. As a result of his actions, NCS suffered losses of S$917,832.