IT Contractor Sent To Jail After Deleting 1,200 Microsoft Office 365 Accounts
Disgruntled Employee Hacked the Server of a Carlsbad Company and Deleted its Microsoft Office 365 Accounts. The Attack Shut Down the Company for Two Days.
As stated by prosecutors, an information technology consulting firm hired Deepanshu Kher from 2017 through May 2018. In 2017, this firm was hired by the unidentified Carlsbad company to assist with its migration to a Microsoft Office 365 (MS O365) environment.
The consulting firm sent its employee, Kher, to the company’s Carlsbad headquarters to assist with the migration, but at the beginning of 2018, he was pulled from the task.
The company was dissatisfied with Kher’s work and relayed their dissatisfaction to the consulting firm soon after Kher’s arrival. The firm fired Kher a few months later, on May 4, 2018, and a month after that, he decided to return to Delhi, India.
In an act of revenge, three months later, Kher hacked into the Carlsbad company’s server and deleted more than 1,200 of its 1,500 MS O365 accounts.
The erasure of Microsoft Office 365 accounts affected the bulk of the company’s employees
The attack completely shut down the company for two days creating issues that have continued to this day. As the company’s Vice President of Information Technology (IT) explained, the impact was felt inside and outside the company.
Employees’ accounts were deleted. They were unable to access email, meeting calendars, corporate directories, contact lists, Teams, video, and audio conferences.
Also, there was no way to inform the company’s clients about what had happened and when operations would get back to normal.
“Outside the company, customers, vendors, and consumers were unable to reach company employees (and the employees were unable to reach them) “, notes a press release from the U.S. Department of Justice.
Even after those two days, the issues continued to exist. Employees were not receiving meeting invites or cancellations, their contacts lists could not be completely rebuilt, and those affected could no longer access folders to which they previously had access. The company constantly handled several IT problems for three months.
The Vice President of IT closed by saying, “In my 30-plus years as an IT professional, I have never been a part of a more difficult and trying work situation.”
Acting U.S. Attorney Randy Grossman also stated that “this act of sabotage was destructive for this company. Fortunately, the defendant’s revenge was short-lived and justice has been delivered.”
Kher, was arrested when he flew from India to the United States on January 11, 2021, unaware of the outstanding warrant for his arrest.
“The FBI was able to identify, arrest, and prosecute Deepanshu Kher, despite the fact that he committed this harmful hack while outside the United States. This case shows the commitment, expertise, and reach of the FBI in working cyber intrusion cases,” said Suzanne Turner, Special Agent in Charge of FBI’s San Diego Field Office.
FBI encourages companies involved in a cybersecurity incident to immediately contact the FBI. Specialized cyber agents will work with companies to protect company information and the personal data of their customers.
“We encourage companies to develop a relationship with the FBI and local law enforcement prior to a cybersecurity incident and incorporate us into incident response plans. In this case, the victim company’s swift notification and cooperation with the FBI contributed greatly to the successful outcome. Living in a digital world, it is important to get ahead of the threats, be proactive and predictive in the way we approach cybersecurity.”
Kher admitted his guilt last year to a count of intentional damage to a protected computer. As stated by prosecutors, U.S. District Judge Marilyn Huff, who sentenced Kher, said the attack was “planned and clearly intended as revenge,”.
Kher was sentenced to two years in prison and three years of supervised release. He is also obliged to pay more than $567,000 to the company to cover costs associated with fixing issues caused by the retaliatory hack.