Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

Smashing Security


I'm gonna tell you about a chap called sudesh qasaba ramesh and he was working at cisco which of course the giant technology firm working there from Midway through twenty sixteen up until april twenty eighteen where he departed the company. Okay so he spent. How many years say he was there for almost two years to fully months. After he left the company's employment he decided to log into their systems specifically some cisco systems which were hosted on an amazon. Aws server when those cloud buckets those blobs of computer mitchell. Don't kinds of clever things up there in the cloud. Do we know where he is in america. Always in the state somewhere else can start. Yes yes But he is no longer under their employees so he's no longer working with them but this is only months after he left. Let me just let me just repeat that. This was fi months after he some heat when he was able to do it. Not just he thought about it he actually did he did. He logged in Has it never happened to you. That a client has left the gates open after you no longer working for them anymore. I'm sure they have. I'm sure correct answer because you've never checked because that would be a bad thing. It would be yes. I i exactly. I'm sure there have been Companies i've worked for who haven't changed the credentials and you're working for technology and security firms Well in some cases. Yes so. I'm just saying i'm just saying i'm not surprised that just when i was working down kentucky fried chicken to him some extra bob. It wasn't yeah we'll okay but this was cisco you're right so cisco's is a big dog. Okay so five months. After this guy's finished employed he manages to log in. yeah he looks in someone. Forgot to do something. I wanted just having a nose you think or know. He's not just news around. They'll just have a curious to see if the company still doing well in his absence. He's not doing that. I wonder how cisco doing without me. No no i miss. I have yeah. Yeh we've all done it. That's why. I wonder how bad doing no i've left up shit. Grew up to something else. You're saying yes. So sudesh ramesh. He looks in to this. Aws server and deletes. Oh four hundred fifty six virtual machines. Oh boy which were being used by cisco to power. Its webex video conferencing service. Oh for god's he's trying to bring go to it's knees through its web x.'s. As though webex doesn't bring the entire world to its knees on a regular basis whenever you into it. Music video chat yet. The video conferences. You must have used it. Have you guys used webex video Yes pre pandemic. Oh yes it's been usurped by things. Like zoom zoom really has sort of caught everyone's imagination now hasn't but webex was. It's still worsley going strong in its eased by some organizations. What's the mark corporate one. So as a consequence of ramesh deleting all these virtual machines as a result of this over sixteen thousand webex teams accounts. Were shut down for up to two weeks. Imagine the impact on productivity. That's right productivity. Must have gone through the roof. Yes well we can't have a meeting. Oh darn we'll have to do some work instead over the sending email You're on mute and having all those kind of kenya hemi austria on my last call cheese every over there so they can hear you over the line. This is the way so. I'm just doing next to somebody who did exactly that on the national conference call five. Am called into the office showers loud as that two countries anyway and so sixteen thousand accounts were shut down up to two weeks cisco spent roughly one point four million dollars restoring the damage paying people to restore the autism restore them. Don't you have to just press. Go back to you control z. Issue dragged out of the track. They would have backups. Shirley we would think so. Wouldn't you and they also had to pay over one million dollars to customers in refunds. 'cause they're hosting all. These webex is for other companies. People would have had contracts and they would have had to say. oh terribly. sorry you haven't been to use it two weeks. We can haul webinars that people were not able to host yet. Not just internal inside your company but one would have been given to customers. Mike god the product marketing manager is going insane thinking like from the marketing team. Like oh there goes yeah calendar. We've got a problem. We've got to change the landing pages real to reel who's who's at full the guy did it. Yeah ultimately him. Yeah yeah. I mean like leaving your car unlocked right so if i left my car unlocked and then someone stole something from inside my car which has happened to me. Whose fault is it right. Ultimately prison stole a thing for my car because it is parked in my drive. But they're opportunist and you'd say well lock your doors dumb ass. Yes so so cisco should have looked dolls. Demolish had the kind of. I'm guessing pretty high level privileges to do that. Much damage that easily. I mean nobody locked. Is the countdown nine. A little bit. I mean jeez. Five months later. I mean i can understand if it was the day after he left but five months later. My guess is that win. Some sunlight ramesh left employment at the company. They may well have revoked his access to active directory and his ability to log into his email or something like that. But i wonder whether access to the aws server or something which was available to many people in the it poem. Maybe they were sharing credentials shared crafts. Yep and. I think that's probably what was happening. And it's hard to workout if you do share credentials inside an it team who might know those looking credentials in. It's a pain to change them. Because that's gonna affect lots of other people and lots of other services. Well not if you use a really good password manager. Well simplifies a lot right because you can change at the admin level for everybody. Yeah i suppose so if you also have services which might be logging into these systems and it may be. It's grabbing the password for everything. The real mistake here is sharing. Paul sweats right. There are teams of people where the password we'll be known to a variety of people and they'll log in they'll doing administration and all kinds of different maintenance and our work on a particular system and the thing is that they don't have individual password see can't just revoke a person's password scrape advice. We share passwords possibly shared. Yes we share passwords to run this. Podcast jimmy yes. You're not cisco though. I know we're not cisco but i'm saying we know better and we do it because the work around to do it. Any other way is too complicated like just ridiculously complicated. Can i show you cro- the if one of us were to leave smashing security to set up a podcast about. I didn't know piccoli predicament. Something in fact took off and weren't interested in smashing security any more than i would change the past or whoever remained would change the parts of those accounts. And so that you or whoever had left would no longer be a system really. Does this mean you're joining our podcast now. Is that what i'm understanding. It sounds like to me. So there's clearly some in the of cisco they should have changed the log in credentials right just like you would expect when people leave a company to hand in their badge or giving any keys which they have to look doors but shed credentials bad bad bad ideas so for something that business kercheval legs the kingdom. I mean it's one thing to say you know. Here's the marketing log in for. I don't know something really unimportant. But your admin credentials for your entire webex product. So cisco call sedition when they figured out what happened and say look. We obviously dismissed bad way and offer him a nice severance package and a hug will in a donut to get to the bottom. Exactly what his beef was with sysco. What made him do this with some months. Later is not really an act of passion is it. he was still doing. Shushing takes five months to stir it be angry with the company. But you're not angry necessarily move its customers and you're not probably angry with most of your former colleagues so remain professional. Don't take it out on them. Because what if you are though. What if you do eight all. Your fork is a justified in this case. Reminded me a little of the case of terry challenge. Do you remember terry. Childs was a former network administrator the city of san francisco back ten or fifteen years ago. I remember his name right. Well yes he infamously looked up. The city's entire network for days in two thousand and eight resets nor the admin passwords. So that only he knew them and he refused to reveal them to anybody and the excuse he gave and you know. He was arrested in things in a week and a half. Nothing was happening. Because no i'm gonna tell you the password you can't and he claimed it wasn't going to tell the bosses or the managers the passwords because he was concerned that they would indiscriminately share those credentials with third party contractors and so. He didn't like that. People were being careless with passwords. He was like l. So you so you the vaults you cannot break it and ultimately oh my go to me. The mayor of san francisco had to personally go and chat with him. He was the only trustworthy person. That doesn't sound just like a typical quote rogue employees. I think there's some mental stuff going on there because that's a baby or something. That's that's that goes beyond anyway sedation. Ramesh he pleaded guilty on. The ship has now been sentenced to twenty four months in the clink and to pay a fifteen thousand dollar fine as well and because he was here on a visa as well. I suspect he may find it difficult to stay case

Coming up next