Portuguese 
English 
Spanish 
3 min of reading 
34 comments 
A Company Neglected The Revocation Of IT Access After Firing An Employee, Resulting In A Major Financial Loss.
A technology company in Singapore faced enormous losses after failing in a critical aspect of IT security – the revocation of access from a terminated employee.
The incident resulted in the loss of nearly R$ 4 million in virtual servers of the company.
The Carelessness That Cost Dearly
In October 2022, NCS fired software engineer Kandula Nagaraju due to unsatisfactory performance.
-
Researchers in the U.S. have created a flying robot that transforms into a land vehicle while still in the air. The technology, based on aerodynamic transition, converts landing into a scene worthy of Transformers and redefines mobility between sky and ground.
-
Spread across two continents, with 197 parabolic antennas in South Africa, 131,000 2-meter antennas in Australia, and a range of up to 150 km, the SKA begins to “listen” to the Universe on an unprecedented scale and accelerates the search for black holes, primitive galaxies, and nearly invisible radio signals.
-
Goodbye batteries: a new sensor created by Japanese scientists uses sweat as an energy source and points to a promising path for more sustainable devices, with greater autonomy and less need for frequent recharging.
-
The Brazilian Army inaugurated the assembly line for the Guaicurus armored vehicle with a contract for 420 units by 2033, and the same vehicle has already been tested in combat in Afghanistan and Lebanon by European armies.
However, what should have been a routine termination turned into a corporate nightmare.
NCS did not immediately revoke Nagaraju’s IT access, allowing him, driven by resentment, to use his credentials to cause irreparable damage to the company’s systems.
In the following months, the former employee accessed NCS’s virtual servers and, using scripts found online, deleted 180 servers essential for software testing operations.
Although the servers did not store sensitive data, their destruction caused a halt in the company’s internal processes, resulting in losses of nearly R$ 4 million.
A Planned Retaliation Against The Company’s IT System
After his dismissal, Nagaraju returned to India but kept his access credentials active. In January 2023, he made six unauthorized accesses to NCS’s systems using his personal laptop.
Upon returning to Singapore, where he started a new job, he continued exploring vulnerabilities of his previous employer.
Staying at a former colleague’s house, he used the shared Wi-Fi network to mask his illicit activities.
For three months, Nagaraju devised a meticulous retaliation plan. Using scripts obtained online, he developed a program that systematically deleted the company’s virtual servers.
When executed, the code resulted in the complete loss of testing systems, forcing NCS to allocate resources for recovery.
The Legal and Business Consequences
An internal investigation revealed the source of the unauthorized access and led to the identification of Nagaraju as the author of the attacks.
The Singapore police located the code responsible for the destruction on his laptop, resulting in his arrest and subsequent conviction.
The Singapore court sentenced Nagaraju to two years and eight months in prison for unauthorized access and intentional damage.
The case served as a warning about the severity of digital retaliation in an increasingly reliance on secure IT infrastructure.
For NCS, the losses were far more than financial. The incident exposed critical failures in the company’s security protocols and tarnished its reputation in the technology sector.
Clients and partners questioned the company’s ability to protect its digital assets, demanding swift measures to prevent future occurrences.
Lessons Learned and Preventive Measures
This incident reinforced a fundamental principle that many companies neglect: revoke access immediately upon an employee’s termination.
NCS’s mistake highlighted how the lack of a rigorous offboarding process can lead to catastrophic operational and financial damages.
To avoid similar situations, security experts recommend the following preventive measures:
- Immediate Revocation Of Access: As soon as an employee is terminated, all access credentials should be disabled.
- Continuous Monitoring: Periodic audits can identify attempts of unauthorized access and prevent incidents.
- Multi-Factor Authentication: The use of two-step authentication makes unauthorized access difficult even with compromised credentials.
- Clear IT Policies: Well-defined rules on information security should be implemented for all employees.
Bem feito.. eu faria o mesmo ou até pior . devem ter sacaneado muito o cara .metas e cobrança absurdas com chefes puxa saco e incapacitados
O cara poderia ter tomado outro rumo sem optar pela vingança,ele se queimou nessa área!!
Muito ****