Ex-Cisco Engineer Who Nuked 16k WebEx Accounts Goes To Prison

Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018,

A plea agreement filed in July 2020 revealed that the 30-year-old man accessed Cisco’s cloud infrastructure hosted on Amazon Web Services without permission on September 24, 2018, after resigning from the company five months earlier, in April 2018.

Customer data not compromised during the intrusion

“[D]uring his unauthorized access he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provides video meetings, video messaging, file sharing, and other collaboration tools,” a Department of Justice press release says.

As a direct result of his activity, over 16,000 WebEx Teams accounts had to be shut down for roughly two weeks which resulted in Cisco having to spend around $2,400,000 in customer refunds and employee time for restoring the damage caused by Ramesh.

Also Read: Letter of Consent MOM: Getting the Details Right

However, no customer data was compromised due to his malicious conduct as the prosecutors explained in the DoJ press release.

Ramesh admitted to his reckless actions in his guilty plea and said that he also consciously disregarded the substantial risk and damage deleting the virtual machines from Cisco’s systems would cause.

“Cisco addressed the issue in September 2018 as quickly as possible, ensured no customer information was lost or compromised, and implemented additional safeguards,” Cisco said in a statement.

“We brought this issue directly to law enforcement and appreciate their partnership in bringing this person to justice. We are confident processes are in place to prevent a recurrence.”

Sentenced to two years in prison

Ramesh received a sentence of 24 months in prison after being found guilty of a count of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage.

He was further sentenced to pay a $15,000 fine and to serve one year of supervised release after two years imprisonment.

The maximum statutory penalty he faced for his actions after pleading guilty in August 2020 was five years imprisonment and a $250,000 fine.

Despite having a green card application pending and having an H1 visa, Ramesh also faces deportation to his native country of India following his sentence.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

At the moment, “the defendant is out of custody and will begin serving the sentence on February 10, 2021,” according to the U.S. Attorney’s Office for the Northern District of California.