from Hacker News

Fired employee deleted servers, causing it to lose S$918,000

by bovem on 6/12/24, 6:58 PM with 88 comments

  • by glonq on 6/12/24, 7:41 PM

    > His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022

    This is why you don't force employees or contractors to work through their final two weeks. Too little benefit, too much risk.

    > After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorised access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.

    Oh nevermind, it's far worse than just that!

  • by xyst on 6/12/24, 8:02 PM

    Only $678K worth of damage? Rookie numbers.

    Worked with a number of folks that caused much more than that just by mere accident. Not disgruntled or anything. Just “fat fingered” a command or had a momentary brain fart (deleted prod db instead of backup!).

    Guy truly was incompetent and deserves everything coming to him.

  • by rkwz on 6/12/24, 8:08 PM

    > On Mar 18 and 19, he ran a programmed script to delete 180 virtual servers in the system.

    > The system that Kandula’s former team was managing was used to test new software and programs before launch. In a statement to CNA on Wednesday, NCS said it was a "standalone test system".

    > As a result of his actions, NCS suffered a loss of S$917,832.

    Wondering if these are CI/CD pipelines, and how the loss amount was calculated since these can be spun up again.

  • by TacticalCoder on 6/12/24, 7:41 PM

    There's a reason why some companies are using measures that feel very inhuman when they fire someone: it's because of people like the one from TFA.

  • by technick on 6/12/24, 8:07 PM

    The level of incompetence on NCS's part is criminal, they absolutely deserved what they got. It could have been much worst, as in the malicious actor finding a way to insert code that makes it into production and then exfiltrating sensitive data to be sold on the dark web. Luckily Kandula wasn't smart enough to think like one of us.

    NCS sounds like a clown show based on this article. The administrator credentials should have been changed as soon as Kandula was let go. Ideally, these credentials shouldn't have ever been used and everyone should be acting as themselves with a elevated privilege step.

    As for the $678k in damages, why didn't NCS have snapshots that they could have quickly restored? Sounds like their BCDR plans need to be reviewed and updated.

    Moral of the story is don't do business with NCS.

  • by paulpauper on 6/12/24, 7:30 PM

    Kandula's laptop was seized by the police and the script used to carry out the deletions was found on it.

    full disk encryption is a thing. it's amazing how people who are otherwise technically competent leave such obvious incrementing evidence on computer

  • by InfiniteVortex on 6/12/24, 7:52 PM

    I wonder how much he was fine (if he was - they also have caning as a penalty). Singapore is known to be incredibly strict with criminal punishments. There was a recent $8 billion money laundering case that garnered international headlines because SG is known to be corruption-free for the most part. I'm sure you can find the reasons for verdict (SG has no jury trials) and reasons for sentence. Generally, an incredibly well run state IMHO. (Yes, it has its downsides, criticisms and controversies). It'll be interesting to see how PM Wong will govern compared to LKY & LHL.

  • by rekabis on 6/13/24, 4:56 AM

    I’m sorry but based on this,

    > NCS is a company that offers information communication and technology services.

    And more importantly, this:

    > After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorised access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.

    The company is not just ignorant, but massively incompetent.

    You don’t fire someone without totally withdrawing every last shred of access they have. The fact that he was able to use a common, generic administrative credential shows that NCS fails epically at even the simplest of security.

  • by banku_brougham on 6/12/24, 8:06 PM

    What about leaving an ssh key on there with a port open?

  • by ssahoo on 6/14/24, 6:05 AM

    180vms and 678k loss. So 3.5k a pop.