Indian national gets over 2-yr jail term for hacking ex-employer’s server system in Singapore

Singapore: An Indian national was sentenced to two years and six months’ jail term here for a charge of unauthorised access to computer material during which he deleted 180 virtual servers, costing his employer about SGD 918,000 (USD678,000).

The sentence was pronounced on Monday.

Another charge was taken into consideration for sentencing Kandula Nagaraju, 39, who was “upset” that he was fired by NCS in October 2022 due to poor work performance and his employment ended on November 16, 2022.

Between November 2021 and October 2022, Kandula was part of a 20-member team managing the quality assurance (QA) computer system at NCS, a company that offers information communication and technology services.

The system that Kandula’s former team was managing was used to test new software and programs before launch. It consisted of about 180 virtual servers, and no sensitive information was stored on them.

According to court documents, Kandula felt “confused and upset” when he was fired as he felt he had performed well and “made good contributions” to NCS during his employment, reported Channel News Asia. After being sacked by NCS, he did not have another job in Singapore and returned to India from where he used his laptop to gain unauthorised access to the system using the administrator login credentials. He did so on six occasions between January 6 and January 17 last year. In February that year, Kandula returned to Singapore after finding a new job. He rented a room with a former NCS colleague and used his Wi-Fi network to access NCS’ system once on February 23, 2023.

During the unauthorised access in those two months, the man wrote some computer scripts to test if they could be used on the system to delete the servers.

In March 2023, he accessed NCS’ QA system 13 times. On March 18 and 19, he ran a programmed script to delete 180 virtual servers in the system. His script was written such that it would delete the servers one at a time.

The following day, the NCS team realised the system was inaccessible and tried to troubleshoot, but to no avail. They discovered that the servers had been deleted.

On Apr 11, 2023, a police report was made and several IP addresses uncovered by internal investigations were handed over to the police.

Kandula’s laptop was seized by the police and the script used to carry out the deletions was found on it.

Investigations revealed that he had searched on Google for scripts to delete virtual servers, which he then used to code the script.

All the while, Kandula was aware after his employment with NCS ended that he was not authorised to access the system. As a result of his actions, NCS suffered a loss of SGD917,832, said the report on Tuesday.