Off-Prem

SaaS

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts

Switchzilla's cloud infrastructure trashed. And his new employer doesn't want to fire him


Updated A former Cisco employee pleaded guilty in a San Jose federal court on Wednesday to unlawfully accessing Switchzilla's Amazon Web Services infrastructure and damaging the networking giant's cloud computing resources.

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service.

"During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools," the US Attorney's Office for the Northern District of California said in a statement.

According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds.

Holy smokes! Ex-IT admin gets two years prison for trashing Army chaplains' servers

READ MORE

Ramesh is said to have admitted that he acted "recklessly" by deploying the code and that he "consciously disregarded the substantial risk that his conduct could harm to Cisco."

The specifics of the plea agreement remain under seal. And no mention is made in the accessible court filings of a motive. Nonetheless, Ramesh's current employer, personalized fashion biz Stitch Fix, appears keen to keep him on, if possible.

According to a court document, Ramesh is in the US on an H-1B visa and has a green card application pending. "Although he and his employer recognize that his guilty plea in this case may have immigration consequences, up to and including deportation, his employer … is willing to work with him regarding the possibility of his remaining in the country and continuing to work for the company," the document [PDF] says.

As far as Cisco is concerned, the main issue is that customer data wasn't lost or stolen.

"Cisco addressed the issue in September 2018 as quickly as possible, ensured no customer information was lost or compromised, and implemented additional safeguards," a Cisco spokesperson told The Register in an emailed statement.

"We brought this issue directly to law enforcement and appreciate their partnership in bringing this person to justice. We are confident processes are in place to prevent a recurrence."

Ramesh faces up to five years in the clink and a fine of $250,000 when he is sentenced, an event scheduled for December. ®

Updated to add

"Sudhish Ramesh no longer works at Stitch Fix," the company told The Register in a statement.

Send us news
56 Comments

'This is the worst I've seen it' says Arista boss as entire network hardware sector battles component shortages, doubled lead times for semiconductors

Campus, routing, switching, and data centre kit all affected

Semiconductor lead times are running at up to 60 weeks or twice the pre-pandemic norms, according to networking biz Arista.

This chimes with talk in the UK channel that reached The Reg last week, which indicates delays in the delivery of orders as network hardware manufacturers try to juggle rising demand with the relative scarcity of silicon and other components.

On a conference call to discuss calendar Q1 earnings, John McCool, senior veep and chief platform officer at Arista, was asked to explain the industry-wide challenges.

Continue reading

WireGuard VPN gets native port to the Windows kernel

'This project is a big deal to me' says protocol's creator

WireGuard, a high performance and easily configured VPN protocol, is getting a native port from Linux to the Windows kernel, and the code has been published as experimental work in progress.

A WireGuard implementation for Windows already exists and can be found here, based on what Jason A Donenfeld, the creator of WireGuard, called "a generic TUN driver we developed called Wintun" and a cross-platform Go codebase called wireguard-go.

This current implementation "lives in userspace, and shepherds packets to and from the Wintun interface," Donenfeld said. The goal with the new implementation, called WireGuardNT, is that the whole protocol implementation will be in the Windows networking stack, "in the same way that it's done currently on Linux, OpenBSD, and FreeBSD."

Continue reading

UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting

Small steps could lead to bigger strides

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne.

A month-long "hacker security test" culminated in a couple of dozen folk being handed unspecified rewards – and marking the first public confirmation of HackerOne's UK government partnership.

One of those infosec pros, Trevor Shingles (@sowhatsec on Twitter), said in a canned statement: "I successfully reported an OAuth misconfiguration, which would have allowed me to modify permissions and gain access, but instead was able to help the MoD fix and secure."

Continue reading

Salesforce follows application rivals into the RPA market with Servicetrace purchase

Replacing swivel-chair integration is not a market that independent vendors will get to themselves

Salesforce-owned application integration biz Mulesoft has gobbled up Servicetrace, a robotic process automation vendor.

In a move that follows Oracle and SAP in the RPA market, the buy is intended to help Salesforce provide integration, API management, and RPA platforms, which would further "enrich" its Customer 360 tool, according to Brent Hayward, Mulesoft CEO.

"The new RPA capabilities will enhance Salesforce's Einstein Automate solution, enabling end-to-end workflow automation across any system for Service, Sales, Industries, and more," he said.

Continue reading

UK chancellor: Getting back to the altar of corporate dreams (the office) will boost young folks' careers

Look at what hanging around the water cooler did for me, says son-in-law of billionaire Infosys founder

Getting back into the office after a pandemic spent home working and on video calls would be "really beneficial" to young people's careers, the UK's Chancellor of the Exchequer has said.

Talking to LinkedIn News – no, really – Rishi Sunak reflected on his own career, and observed that he would not have been able to build strong networking relationships had he been working from home.

Sunak, who was privately educated at elite fee-paying school Winchester College, said he'd been chatting to young people about how to get on in their careers.

Continue reading

Customers warn Gartner of AWS's high-pressure sales tactics in latest verdict on public cloud providers

Top three no surprise but users offer some sharp comments

Gartner has published its latest Magic Quadrant report on public cloud providers, reporting that customers are facing "unexpected pressure from AWS Sales" and that Microsoft still has reliability challenges.

The Magic Quadrant for Cloud Infrastructure and Platform Services covers IaaS (Infrastructure-as-a-Service) as well as PaaS (Platform-as-a-Service) – but not SaaS (Software-as-a-Service), so it excludes Microsoft 365 and Google Workspace. It is based not only on analyst views, but also on customer panels, and these appear to be the source of some sharp observations within the report.

The MQ rated AWS as ahead of the pack, beating number two Microsoft a little in "completeness of vision" and substantially in "ability to execute." Google came in at number three, and these were the only occupants of the top right quadrant, the one place a vendor likes to be situated.

Continue reading

Shopping for execs: ID management biz Okta poaches Google's veep of engineering to run product dev activities

Head techie for Chocolate Factory's search ad biz departs Mountain View

Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.

Nandy will run his new employer's engineering and business technology functions, including the planning of product development activities. He will report directly to Okta CEO and co-founder Todd McKinnon.

During 15 years at the Chocolate Factory, Nandy was distinguished engineer and senior director of analytics and measurements, and veep of display advertising. Most recently he ran engineering for search ads, as well as the in-house advertising unit.

Continue reading

'Prophetic' Steve Jobs autograph telling kid to 'go change the world!' among Apple memorabilia at auction

The kid went on to work for IBM. Awks

Wealthy people continue to assign inordinate value to items associated with the rich and/or famous so here's yet another auction of relics touched by our lord and saviour Steve Jobs (peace be upon him).

Among the paraphernalia set to be flogged by Boston-based RR Auction is a signed Apple II manual addressed to the son of Michael Brewer, an entrepreneur who won exclusive Apple distribution rights in the UK in 1979.

Opposite the table of contents the Apple co-founder wrote:

Continue reading

Leeds City Council swallows the Gartner glossary and orders up 'post-modern' ERP in £44m SAP replacement

When do we get avant-garde ERP?

Leeds City Council is huntig down a replacement for its SAP HR and finance system in a bid to leap onto the SaaSy bandwagon.

In a tender document, the public authority said it anticipates a 20-year relationship to replace its current core business applications.

It is looking for people and finance functions of human resources, payroll, finance, and procure-to-pay software to support users both within the authority and to external partners and organisations.

Continue reading

Vivo X60 Pro: Branding was plastered all over the Euros, but does the phone perform better than the English team?

We reckon it'd snatch it in extra time thanks to camera

Review As England made it way to the final of the Euro 2020 footie tournament, fans of the beautiful game could hardly have failed to notice adverts for Vivo flashing up during matches. The company's X60 Pro phone is in play but is it any good?

The Register was handed a device by the company to snap shots around London's Wembley stadium during the recent sporting event and we've since spent the last few weeks living with the phone as a daily driver. The result? The Vivo didn't score any own goals.

The X60 Pro is a flagship device and, while it doesn't trouble four figures like certain other handsets, will set you back £749 (at time of writing).

Continue reading

Amazon sets the date for televised return to Middle Earth: September 2022

Big tech gets busy in New Zealand as LoTR TV show wraps filming the same day Google opens Auckland office

Amazon Studios, Jeff Bezos' filmed entertainment outfit, said its much-anticipated Lord of the Rings television series will debut on Amazon Prime Video on Friday, September 2, 2022.

The much-anticipated first season is thought to have cost Amazon US$465m to make on top of the US$250m it shelled out for rights to Tolkien's works, reportedly making it the most expensive series of all time.

Anyone concerned Bezos can’t afford LoTR and fun side trips into almost outer space needn’t worry. The New Zealand government’s Official Information Act released information, first reported by the New Zealand-based outlet Stuff, detailing production subsidies to the tune of US$114m.

Continue reading