How a Disgruntled Engineer Deleted 180 Virtual Servers and Cost $670K

Incident Overview

CNA reported that an Indian engineer employed by a Singapore IT firm was dismissed, became resentful, and four months later maliciously deleted 180 virtual servers, causing a loss of about US$678,000 (approximately RMB 4.91 million).

Employment Background

Kandula Nagaraju worked for the NCS group from November 2021 to October 2022. He was part of a team that managed a QA system used for pre‑release testing of new software. He was terminated in November 2022 due to poor performance, with his last working day on 16 November 2022.

Unauthorized Access Timeline

After leaving NCS, Kandula returned to India and, from 6 January to 17 January 2023, used his personal laptop to log into NCS systems with administrator credentials without authorization, doing so six times.

In February 2023 he secured a new job and returned to Singapore, sharing a flat with former NCS colleagues. He accessed the NCS network via the flat’s Wi‑Fi without permission.

Script Development and Server Deletion

During the two‑month period of illicit access, he wrote computer scripts to test whether they could be used to delete servers. In March 2023 he accessed the QA system 13 times. On 18 and 19 March 2023 he executed his scripts, deleting 180 virtual servers—one server per execution.

Detection and Investigation

The following day NCS staff found the system inaccessible and, after troubleshooting, discovered the servers had been removed. On 11 April 2023 NCS filed a police report, providing multiple IP addresses linked to the incident. Although the deleted virtual servers contained no sensitive data, the breach cost the company more than US$670,000.

Police investigations traced the suspicious IP addresses back to Kandula. A search of his seized laptop revealed the deletion scripts, and logs showed he had Googled how to delete virtual servers before writing the code.

Legal Outcome

On 10 June 2024, the 39‑year‑old Kandula Nagaraju was sentenced to two years and eight months in prison for unauthorized computer access. He faces additional charges that could increase his sentence.