Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts


Former Cisco employee Sudhish Kasaba Ramesh admitted to accessing Cisco’s cloud infrastructure and deleting 16,000 Webex Teams employee accounts.

A former Cisco Systems employee pleaded guilty this week to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco’s collaboration application for enterprises.

In a plea agreement in a San Jose federal court, Sudhish Kasaba Ramesh, 30, admitted to intentionally accessing Cisco’s cloud infrastructure – without the networking company’s permission – on Sept. 24, 2018. The incident occurred five months after Ramesh resigned from his position as an engineer at Cisco in April 2018.

“During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools,” according to the Department of Justice (DoJ) in a Wednesday post.

As a result of this incident, the 16,000 WebEx Teams accounts were shut down for up to two weeks, which caused Cisco to spend approximately $1,400,000 to restore the damage to the application and refund over $1,000,000 to affected customers.  However, no customer data was compromised, according to the DoJ.

“Cisco addressed the issue in September 2018 as quickly as possible, ensured no customer information was lost or compromised, and implemented additional safeguards,” a Cisco spokesperson told Threatpost. “We brought this issue directly to law enforcement and appreciate their partnership in bringing this person to justice. We are confident processes are in place to prevent a recurrence.”

Ramesh also admitted that he “acted recklessly in deploying the code, and consciously disregarded the substantial risk that his conduct could harm to Cisco,” the DoJ said.

Ramesh, who is currently released on bond (with a bail set at $50,000), has a sentencing hearing scheduled for Dec. 9, 2020. The DoJ said that the maximum statutory penalty for the offense of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage is five years imprisonment and a fine of $250,000.

The incident points to an overarching insider threat security concern for companies: Malicious insiders – which can include disgruntled employees – who leak or make away with sensitive data. The massive Capital One breach in 2019 – which hit more than 100 million people in the U.S. and 6 million in Canada – occurred after a former engineer at Amazon Web Services (AWS) allegedly boasted about the data theft on GitHub, for instance. In May 2018, insider threats were also highlighted in a report outlined how Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. And a report in 2018 found that Facebook had fired an employee who allegedly abused their access to data to stalk women.

On Wed Sept. 16 @ 2 PM ET: Learn the secrets to running a successful Bug Bounty Program. Resister today for this FREE Threatpost webinar “Five Essentials for Running a Successful Bug Bounty Program“. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.

Suggested articles

jokers stash takedown

Joker’s Stash Carding Site Taken Down

The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort – and now Tor sites are down.