Ex-Cisco engineer deleted 456 VMs for WebEx Teams after exit

A former Cisco worker admitted to accessing the vendor’s AWS environment and deleting 456 virtual machines used to run the WebEx Teams application.

Sudhish Kasaba Ramesh pleaded guilty in a US federal court in San Jose to “intentionally accessing a protected computer without authorisation and recklessly causing damage,” the US Department of Justice (DoJ) and FBI said in a joint statement.

Ramesh had worked for Cisco but resigned in around April 2018, according to the statement.

Months later on September 24, Ramesh admitted to intentionally accessing Cisco Systems’ cloud infrastructure, which was hosted by AWS.

“During his unauthorised access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools,” the statement said.

“He further admitted that he acted recklessly in deploying the code, and consciously disregarded the substantial risk that his conduct could harm to Cisco.”

The VM deletion caused over 16,000 WebEx Teams accounts to be shut down for up to a fortnight.

Cisco said it spent about US$1.4 million (A$1.94 million) in employee costs fixing the damage and a further US$1 million (A$1.38 million) issued as refunds to impacted customers.

According to the statement, Ramesh is currently released on bond, with bail set at US$50,000. 

His sentencing hearing is scheduled for December 9. He could face up to five years imprisonment and a fine of US$250,000.