Warning To Employers And Their Former Employees: Ex-Engineer Sentenced To 2 Years In Prison For Hacking Cisco’s WebEx

A former Cisco engineer was sentenced this past Wednesday (December 9, 2020) to 24 months in prison (and a $15,000 fine) for accessing Cisco’s network, and subsequently causing a service outage of Cisco’s WebEx Teams video conferencing service.

Sudhish Kasaba Ramesh, who worked in California for Cisco from July 2016 to April 2018, pled guilty in August to charges emanating from his alleged accessing of Cisco’s network in September of 2018 (5 months after he left Cisco), and his subsequent running of a script that deleted 456 virtual machines operating Cisco’s WebEx Teams video conferencing service; Rameh’s actions are alleged to have deleted (temporarily) more than 16,000 WebEx accounts, and to have inflicted over $2.4 Million in damage (including $1 Million of refunds to impacted customers and $1.4 Million worth of employee time over the 2 weeks it took to repair the damage and restore service to all affected parties).

While Ramesh has since apologized for his actions, to date he has not explained his motivation for launching the cyberattack. He is scheduled to begin his prison sentence in February.

This incident should serve as a warning to both every individual and to every organization that employs workers:

Employees must understand that when they leave a job, they are prohibited from accessing any of the information systems or data repositories of their former employers – even systems and data which they have become accustomed to accessing on a regular basis. Furthermore, folks must understand that they may face serious punishment – including significant jail time – for taking any actions that harm their former employers’ systems and data.

Employers, too, must learn from this incident, as it underscores the need to properly terminate access to data systems when an employee departs the organization. When a person exists – by choice or not – the organization must immediately decommission all of that user’s login credentials, and completely terminate all of that person’s access to internal systems. Ideally, organizations should have a single, secure authorization system that enables authorized administrators to use a single interface to to implement decommissioning for all systems and data; in most environments, however, the termination-of-access process encompasses multiple steps – and, as such, the organization should maintain a current checklist detailing each and every step that must be followed when an employee leaves.