Governance & Risk Management , Insider Threat , IT Risk Management
Ex-Cisco Engineer Sentenced to 2 Years in Prison for HackingProsecutors Say Sudhish Ramesh Caused $1.4 Million in Damages
A former Cisco engineer has been sentenced to serve 2 years in federal prison after pleading guilty to charges that he hacked his former company, causing $1.4 million in damages, the U.S. Justice Department announced Wednesday.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
In August, Sudhish Kasaba Ramesh, 31, pleaded guilty to one charge of intentionally accessing a protected computer without authorization and recklessly causing damage, according to the U.S. Attorney's Office for the Northern District of California, which oversaw the case (see: Ex-Cisco Engineer Pleads Guilty in Insider Threat Case).
Ramesh worked for Cisco from August 2016 to April 2018. After he left the company, he regained access to Cisco's hosted cloud infrastructure on Amazon Web Services and deleted over 450 virtual machines, which caused outage issues for the company's Webex customers, according to the Justice Department.
The wiping of these virtual machines affected about 16,000 Webex accounts over a two-week period, which forced Cisco to restore part of its cloud infrastructure and then refund over $1 million to the affected customers, federal prosecutors say. No customer data was stolen during the incident.
Cisco later estimated that the incident caused about $1.4 million in damages to the company's cloud infrastructure and internal systems, including the time engineers spent restoring the virtual machines.
In addition to the federal prison sentence, Ramesh was ordered to pay a $15,000 fine.
How the Damage Was Done
After resigning his position at Cisco in April 2018, Ramesh regained access to the company’s AWS infrastructure and then deployed malicious code from his Google Cloud Platform account, prosecutors say. That malware deleted 456 virtual machines used to support Cisco's Webex applications, which provide video and collaboration tools for customers.
After the incident was discovered, Cisco contacted the FBI, which started an investigation, a company spokesperson previously told Information Security Media Group.
In court documents, Ramesh is described as an accomplished engineer with several degrees who is fluent in several languages. He previously held jobs at top companies, including Qualcomm, Oracle, WePay and Stitch Fix.
"The government is perplexed on how the defendant - a highly intelligent individual - could have left a trail of bread crumbs that led the FBI to determine that he was responsible for the deletion of Cisco’s servers on AWS," according to a sentencing memo.
The memo notes that Ramesh did not use a proxy internet service to hide his identity, registered his Google Cloud Platform account with his email address and American Express card and launched the attack from his work computer.
"In fact, when the FBI searched his work computer, the case agent found numerous Google searches for information on AWS servers and how to delete servers. The government surmises that the defendant possibly did not realize that he was accessing a live production environment," the court document notes.
The 2020 Verizon Data Breach Investigations Report released in May says insider threats now account for about 30% of breaches and security incidents (see: Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019).
"Admittedly, there is a distinct rise in internal actors in the data set these past few years, but that is more likely to be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors," according to the Verizon report.