456 VMs deleted by ex-Cisco worker for WebEx Teams after exit; pleads guilty
Five months after leaving Cisco, an ex-worker admitted to accessing the company’s AWS environment without authorization and deleting 456 virtual machines which were used to operate the WebEx Teams application. In a US Federal Court in San Jose, Sudhish Kasaba Ramesh pleaded guilty admitting to intentionally accessing the company’s protected cloud infrastructure without any authorization and recklessly causing damage, said the FBI and the US Department of Justice (DoJ) together in a statement.
According to the statement, Ramesh, 30, of San Jose, California, worked for Cisco and had put down his papers in April 2018. He admitted to wrongfully accessing Cisco System’s AWS-hosted cloud infrastructure without permission on 24th September 2018 and was charged by Information on 13th July 2020.
Damages caused to WebEx Teams & Cisco
While accessing infrastructure of Cisco without permission, Ramesh admitted to deploying a code from his Google Cloud Project and as a result, deleting 456 VMs for Cisco’s WebEx Teams applications that provided video messaging, video meetings, file sharing and other tools. He also admitted that he was reckless in deploying the code and consciously disregarded the risk and the repercussions of the harm to Cisco.
More than 16,000 WebEx Teams accounts were shut down for almost 2 weeks and caused Cisco to spend about $1,400,000 in employee costs for damage recovery in addition to paying $1,000,000 as refunds to affected customers. The statement also reports that no customer data was compromised because of the defendant’s conduct.
Penalties & other details of Ramesh’s case
The prosecution is happening as a result of an investigation conducted by the FBI. Tech giant Cisco cooperated fully with the FBI and the U.S. Attorney’s Office, says the statement.
Defendant Sudhish Kasaba Ramesh has violated of 18 U.S.C. §§ 1030(a)(5)(B) and (c)(4)(A)(i)(I) which states the offence of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage, according to the statement.
The hearing for Ramesh’s sentencing is set for 9th December 2020 before The Honorable Lucy H. Koh, U.S. District Court Judge, in San Jose. Currently, Ramesh is released on bond and his bail is set at US$50,000.
The maximum statutory penalty for Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage is 5 years of prison time and a fine of $250,000.
For more updates and latest tech news, keep reading iTMunch