Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'

Then took her employers to the Employment Tribunal


An NCC Group graduate trainee who emailed 300 coworkers to ask for help with what she deemed to be "unusual" behaviour from her Kali Linux VM; contacted the firm’s incident response team to complain about a faulty laptop; and said the machine had been "deliberately sabotaged", has had her victimisation claim thrown out by an employment tribunal.

Nga Hoang, who joined NCC in June 2016 on its graduate trainee scheme, claimed to the London South Employment Tribunal that her litany of 13 protected disclosures and 17 "detriments", as defined in employment law (here and here), began just 10 days after she started working for the infosec consultancy.

The tribunal took place in Croydon, south London, from 25 to 29 June this year, and the outcome was published this month.

Employment Judge Baron, sitting with two lay members, dismissed her entire case on 1 November (PDF), saying there was "no merit in any of the multiplicity of allegations" Hoang had made. She alleged her work laptop had been hacked from within the company network and that she was sacked for, among other things, revealing this to a laptop repair technician from Dell.

Hoang had had problems with her company-issued Dell laptop when she started on NCC's six-month-long graduate trainee programme. According to Hoang's written submission to the tribunal, her email to her line manager about her Windows 7 machine read as follows:

I have had odd things happening on my laptop since the first week. These would include the screen suddenly freezing up on one occasion, killing off multiple instances of an internal connection to a newly installed VM, over the past week my Kali VM instance would shut down by itself when I have been away from my laptop, intermittent issues that my wireless adapter, file shares that I have manually deleted open up again (this does not include after start-up which is done automatically), files mysteriously [being] deleted on my virtual machines – this is a specific folder on Kali that is used to store all my hacker tools – this is quite serious since I cannot imagine any scenario where I would have done this accidentally and this means I have to spend time going over previous work to reinstall software.

If it were just a one-off I wouldn't mention it... but if I do notice it happening again it would be good to know what process I should follow.

Rather than accepting, as her line manager Colin Gillingham concluded, that the problems "could be caused by either faulty hardware, the unreliable installation of software, or software conflicts," Hoang told her bosses that she was "concerned" about "unauthorised access to my laptop".

Gillingham said in his evidence that the "very nature of the work of computer security meant that software conflicts were likely to arise between hacking tools deliberately installed for testing purposes and antivirus software which was designed to prevent hacking".

NCC's internal IT helpdesk diagnosed it as a motherboard problem and booked a Dell engineer to come and repair her laptop.

"At this time the Claimant made the first suggestion of working from home," said the tribunal in its judgment, adding that Hoang had now started believing her laptop had been "deliberately sabotaged", though it said: "There was no corroborating evidence to support that belief."

Not long afterwards, Hoang asked to be posted from Basingstoke to Milton Keynes (which NCC agreed to, though she did not pursue the move) before making a formal complaint of "collective bullying behaviour" by her co-workers.

Hoang also emailed associate ops director Darren James to say her personal phone "may potentially have some kind of breach as it has been acting peculiarly," telling the tribunal under cross-examination that "it was intuition" which led her to believe this.

As recounted in the judgment, Hoang spent her time in a group training session with "her laptop and two phones [used] to form a barrier" between her and others in the session, before walking out altogether "due to trying to get her laptop fixed". The so-called DiSC session was organised so graduate trainees could "learn about their own personality types and how they interact and communicate" with others, with the tribunal describing her behaviour as "wholly inappropriate".

After several meetings with managers and HR reps, Hoang decided to email NCC's Cyber Incident Response Team complaining that her laptop had unlocked itself while she was away from it, having decided that the IT helpdesk's suggestion of reinstalling Windows was not good enough. The CIRT is a customer-facing organisation set up to deal with corporate customers' data breach fears, according to NCC's website. She also emailed 300 co-workers, on three separate email lists, asking for more help with Kali Linux virtual machines and her laptop unlocking itself. She was later told: "It's just a case of locking with ctrl-alt-delete in focus and better alternative is to use Windows key + L."

In a meeting with James and HR rep Laura Kennedy-Gill, Hoang said she did not accept the internal investigation into her laptop troubles because the investigating team "was not independent". Three months after starting at NCC, and halfway through the grad trainee scheme, Hoang told her assigned mentor: "There is not much point having a meeting as I've not made any progress" on a research project she had been assigned as part of her training scheme.

Gillingham eventually decided that Hoang was not capable of working as part of a team and she was dismissed by NCC in mid-October 2016 "due to a breakdown in the working relationship" on the grounds that she failed her probationary period, though the company later conceded in front of the tribunal that it was because of a lack of communication and soft skills.

In handing down its judgment, which was published on 7 November (PDF), the tribunal ruled: "We find that the Claimant did not make any protected disclosures, and so the claims of having suffered detriments on the ground of having made one or more protected disclosures necessarily fail.

"It must by now be the experience of most people that computers develop hardware faults, and also that there are often software issues causing unexpected things to happen. We have accepted that this was more likely than usual in the Claimant's case because of the nature of the Respondent's business."

We have asked NCC Group to comment. ®

Broader topics


Other stories you might like

  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022