How a Former NCS Engineer’s Revenge Hack Caused $670K Loss and Prison

1. Incident Background

Singapore courts sentenced Indian citizen Kandula Nagaraju to two years and six months in prison for unauthorized intrusion into his former employer’s computer system, which sparked widespread attention.

Nagaraju was accused of illegally entering the system and deleting 180 virtual servers, causing an estimated economic loss of about US$670,000 (approximately RMB 4.925 million).

From 2021 to October 2022, Nagaraju worked at Singapore’s NCS Group, where his team managed a QA system used for pre‑release testing of software and programs. His employment contract was terminated in October 2022, with his last official workday on 16 November 2022.

After his dismissal, Nagaraju felt “confused and frustrated,” believing he had performed well and contributed significantly during his tenure.

NCS is an information technology and communications engineering services provider in the Asia‑Pacific region and a wholly‑owned subsidiary of Singapore Telecom.

Following the contract termination, Nagaraju returned to India. Several months later, he used his personal laptop and server login credentials to gain unauthorized access to NCS’s systems.

In February 2023, after securing a new job and returning to Singapore, he co‑rented a place with a former NCS colleague and accessed the NCS system without permission via the Wi‑Fi network.

The most destructive phase occurred in March 2023. Between 18‑19 March, Nagaraju made 13 visits to the NCS QA system and, using a pre‑written script, deleted 180 virtual servers—removing one server per execution.

The next day, the NCS team discovered the system was inaccessible; the servers had been deleted. A police report was filed on 11 April, an IP address was handed over, Nagaraju’s laptop was seized, and the deletion script was recovered.

Investigations revealed that Nagaraju had searched Google for scripts to delete virtual servers and used the results to craft his own script.

Although NCS stated that the virtual servers stored no sensitive information, the incident resulted in losses exceeding US$670,000.

2. Final Verdict

According to the latest ruling, Nagaraju has been sentenced to two years and eight months imprisonment for the charge of “unauthorized access to computer material,” with an additional charge that may affect the sentencing outcome.

3. Impact and Consequences

Nagaraju’s retaliatory actions not only caused significant financial damage to the NCS Group but also irreversibly harmed his future career prospects.

Experts note that such behavior violates cybersecurity laws and professional ethics, warranting severe punishment to deter similar incidents.

The case should attract broad attention within the industry, prompting IT professionals and corporate managers to reassess employee management and the importance of information system security.

Companies are urged to strengthen attention to employee mental health to prevent disgruntled staff from causing costly damages.