IT admin with axe to grind sent to prison for wiping Microsoft user accounts
A former IT contractor with a grudge has been sentenced after mass-deleting the majority of a company’s Microsoft accounts.
Deepanshu Kher was sentenced to two years in prison for breaking into the network of a Carlsbad, California-based firm after being fired potentially in connection to a consultancy job the firm hired him for.
Kher worked for an IT consultancy firm from 2017 through May 2018. This company was recruited to help a client with migration to a Microsoft Office 365 environment and Kher was selected to assist.
The client was not pleased with Kher’s performance and once this feedback reached head office, the IT admin was sacked. A month after being fired, in June 2018, Kher returned to India.
However, two months later, Kher decided to exact revenge on the Californian company, according to the US Department of Justice (DoJ). The 32-year-old infiltrated the firm’s servers while outside of the US and deleted over 80% of employee Microsoft Office 365 accounts, with over 1,200 out of 1,500 wiped in total.
As staff members were suddenly unable to access emails, contacts, calendars, stored documents, as well as Microsoft’s Virtual Teams remote management platform, they were unable to work.
The company’s entire operations ground to a halt for two days. The VP of IT said, “In my 30-plus years as an IT professional, I have never been a part of a more difficult and trying work situation.”
IT issues persisted for a further three months after the cyberattack and the FBI was informed.
Kher was arrested while flying from India to the US on January 11, “unaware of the outstanding warrant for his arrest,” US prosecutors say.
US District Court Judge Marilyn Huff charged the Delhi, India resident with intentional damage to a protected computer, a crime which can lead to up to 10 years in prison and a $250,000 fine.
Kher will face two years behind bars and three years of supervised release, but must also pay $567,084 in damages — the bill his victim organization had to shoulder to restore its systems.
“The victim company’s swift notification and cooperation with the FBI contributed greatly to the successful outcome,” commented Suzanne Turner, Special Agent in Charge of FBI’s San Diego Field Office. “Living in a digital world, it is important to get ahead of the threats, be proactive and predictive in the way we approach cybersecurity.”
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0