author photo
By Bruce Sussman
Mon | Aug 31, 2020 | 8:45 AM PDT

Sudhish Ramesh was an engineer at Cisco.

Like engineers at a lot of companies, he resigned and moved on. But a few months later, he gained unauthorized access to Cisco's cloud environment and caused more than $2.4 million in damage.

Ramesh just pleaded guilty to the crime in a Silicon Valley courtroom.

Former Cisco engineer admits deleting hundreds of virtual machines

The U.S. Department of Justice published details of his plea which specifically targeted Cisco's WebEx Teams app:

"Ramesh admitted to intentionally accessing Cisco Systems' cloud infrastructure that was hosted by Amazon Web Services without Cisco's permission on September 24, 2018. 

During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco's WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools. 

He further admitted that he acted recklessly in deploying the code, and consciously disregarded the substantial risk that his conduct could harm to Cisco. As a result of Ramesh's conduct, over 16,000 WebEx Teams accounts were shut down for up to two weeks, and caused Cisco to spend approximately $1,400,000 in employee time to restore the damage to the application and refund over $1,000,000 to affected customers."

Susan Knight, the Assistant U.S. Attorney who is prosecuting the case, says Ramesh faces up to five years in jail and up to a $250,000 fine. His sentencing is scheduled for December 2020.

How did the former engineer access Cisco cloud environment?

One lingering question here: how did Ramesh gain unauthorized access?

Was there a gap around Identity and Access Management (IAM) following his departure? Or did Ramesh create a backdoor on his way out like the former IT Director at Columbia Sportswear? 

So far, the U.S. Department of Justice is not saying.

Comments