A computer engineer of Indian origin, Sudhish Kasaba Ramesh, formerly with Cisco, pleaded guilty in federal court in San Jose Aug. 26, 2020, to intentionally accessing a protected computer without authorization and recklessly causing damage. On an H-1B visa, Ramesh appears to have secured another job and his new employer appears to want him to remain with the company.
The guilty plea was announced by United States Attorney David L. Anderson of the Northern District of California, and Federal Bureau of Investigation Special Agent in Charge John L. Bennett.
According to the plea agreement, Ramesh admitted to intentionally accessing Cisco Systems’ cloud infrastructure that was hosted by Amazon Web Services without Cisco’s permission on September 24, 2018.
Ramesh worked for Cisco and resigned in approximately April 2018. During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools.
He further admitted that he acted recklessly in deploying the code, and consciously disregarded the substantial risk that his conduct could cause harm to Cisco.
As a result of Ramesh’s conduct, more than 16,000 WebEx Teams accounts were shut down for up to two weeks, and caused Cisco to spend approximately $1,400,000 in employee time to restore the damage to the application and refund over $1,000,000 to affected customers. No customer data was compromised as a result of the defendant’s conduct.
Ramesh, 30, of San Jose, California, was charged by Information on July 13, 2020. He was charged with one count of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage.
Under the plea agreement, Ramesh pled guilty to the sole count of the Information.
Ramesh is currently released on bond. Bail was set at $50,000.
Ramesh’s sentencing hearing is scheduled for December 9, 2020, before The Honorable Lucy H. Koh, U.S. District Court Judge, in San Jose. The maximum statutory penalty for the offense of Intentionally Accessing a Protected Computer Without Authorization and Recklessly Causing Damage is 5 years imprisonment and a fine of $250,000.
According to a court document available on the Web, and a report in the news outlet theregister.com, Ramesh is currently on an H-1B visa and has been employed by another company, StitchFix.
The court document dated July 30, 2020, U.S. v Sudhish Kasaba Ramesh (Case No. CR 20-00289 LHK STIPULATION AND (PROPOSED) ORDER CONTINUING DATE FOR ENTRY OF PLEA AGREEMENT AND EXCLUDING TIME UNDER THE SPEEDY TRIAL ACT) says the following:
“Mr. Ramesh is in the United States on an H1 visa and has a green card application pending. Although he and his employer recognize that his guilty plea in this case may have immigration consequences, up to and including deportation, his employer (Stitch Fix) is willing to work with him regarding the possibility of his remaining in the country and continuing to work for the company.”
It goes on to say, “The employer is exploring the alternatives and conducting its own consultation regarding the potential immigration/employment consequences. Whether he can remain in the United States or not and whether he can retain his current employment are both considerations that will have a considerable impact on Mr. Ramesh and his family.”
Ramesh submitted his passport to authorities and told his counsel, “I am NOT a flight risk nor will I harm anyone,” the court document revealed.