Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM 'playing up'
Then took her employers to the Employment Tribunal
An NCC Group graduate trainee who emailed 300 coworkers to ask for help with what she deemed to be "unusual" behaviour from her Kali Linux VM; contacted the firm’s incident response team to complain about a faulty laptop; and said the machine had been "deliberately sabotaged", has had her victimisation claim thrown out by an employment tribunal.
Nga Hoang, who joined NCC in June 2016 on its graduate trainee scheme, claimed to the London South Employment Tribunal that her litany of 13 protected disclosures and 17 "detriments", as defined in employment law (here and here), began just 10 days after she started working for the infosec consultancy.
The tribunal took place in Croydon, south London, from 25 to 29 June this year, and the outcome was published this month.
Employment Judge Baron, sitting with two lay members, dismissed her entire case on 1 November (PDF), saying there was "no merit in any of the multiplicity of allegations" Hoang had made. She alleged her work laptop had been hacked from within the company network and that she was sacked for, among other things, revealing this to a laptop repair technician from Dell.
Hoang had had problems with her company-issued Dell laptop when she started on NCC's six-month-long graduate trainee programme. According to Hoang's written submission to the tribunal, her email to her line manager about her Windows 7 machine read as follows:
I have had odd things happening on my laptop since the first week. These would include the screen suddenly freezing up on one occasion, killing off multiple instances of an internal connection to a newly installed VM, over the past week my Kali VM instance would shut down by itself when I have been away from my laptop, intermittent issues that my wireless adapter, file shares that I have manually deleted open up again (this does not include after start-up which is done automatically), files mysteriously [being] deleted on my virtual machines – this is a specific folder on Kali that is used to store all my hacker tools – this is quite serious since I cannot imagine any scenario where I would have done this accidentally and this means I have to spend time going over previous work to reinstall software.
If it were just a one-off I wouldn't mention it... but if I do notice it happening again it would be good to know what process I should follow.
Rather than accepting, as her line manager Colin Gillingham concluded, that the problems "could be caused by either faulty hardware, the unreliable installation of software, or software conflicts," Hoang told her bosses that she was "concerned" about "unauthorised access to my laptop".
Gillingham said in his evidence that the "very nature of the work of computer security meant that software conflicts were likely to arise between hacking tools deliberately installed for testing purposes and antivirus software which was designed to prevent hacking".
NCC's internal IT helpdesk diagnosed it as a motherboard problem and booked a Dell engineer to come and repair her laptop.
"At this time the Claimant made the first suggestion of working from home," said the tribunal in its judgment, adding that Hoang had now started believing her laptop had been "deliberately sabotaged", though it said: "There was no corroborating evidence to support that belief."
Not long afterwards, Hoang asked to be posted from Basingstoke to Milton Keynes (which NCC agreed to, though she did not pursue the move) before making a formal complaint of "collective bullying behaviour" by her co-workers.
Hoang also emailed associate ops director Darren James to say her personal phone "may potentially have some kind of breach as it has been acting peculiarly," telling the tribunal under cross-examination that "it was intuition" which led her to believe this.
As recounted in the judgment, Hoang spent her time in a group training session with "her laptop and two phones [used] to form a barrier" between her and others in the session, before walking out altogether "due to trying to get her laptop fixed". The so-called DiSC session was organised so graduate trainees could "learn about their own personality types and how they interact and communicate" with others, with the tribunal describing her behaviour as "wholly inappropriate".
After several meetings with managers and HR reps, Hoang decided to email NCC's Cyber Incident Response Team complaining that her laptop had unlocked itself while she was away from it, having decided that the IT helpdesk's suggestion of reinstalling Windows was not good enough. The CIRT is a customer-facing organisation set up to deal with corporate customers' data breach fears, according to NCC's website. She also emailed 300 co-workers, on three separate email lists, asking for more help with Kali Linux virtual machines and her laptop unlocking itself. She was later told: "It's just a case of locking with ctrl-alt-delete in focus and better alternative is to use Windows key + L."
In a meeting with James and HR rep Laura Kennedy-Gill, Hoang said she did not accept the internal investigation into her laptop troubles because the investigating team "was not independent". Three months after starting at NCC, and halfway through the grad trainee scheme, Hoang told her assigned mentor: "There is not much point having a meeting as I've not made any progress" on a research project she had been assigned as part of her training scheme.
Gillingham eventually decided that Hoang was not capable of working as part of a team and she was dismissed by NCC in mid-October 2016 "due to a breakdown in the working relationship" on the grounds that she failed her probationary period, though the company later conceded in front of the tribunal that it was because of a lack of communication and soft skills.
In handing down its judgment, which was published on 7 November (PDF), the tribunal ruled: "We find that the Claimant did not make any protected disclosures, and so the claims of having suffered detriments on the ground of having made one or more protected disclosures necessarily fail.
"It must by now be the experience of most people that computers develop hardware faults, and also that there are often software issues causing unexpected things to happen. We have accepted that this was more likely than usual in the Claimant's case because of the nature of the Respondent's business."
We have asked NCC Group to comment. ®
Sponsored: Becoming a Pragmatic Security Leader