Terrorists Intrude into Indian IT
the recent incident in which a Yahoo employee was found to be an important
member of a terrorist outfit in India, it has become necessary for Indian
IT Companies to take cognizance of the fact that there may be an organized
infiltration of their ranks by terrorists.
One more incident which has surfaced recently raises
more concern in this regard. It has been reported that one of India’s major
Software companies Satyam Computers has been accused by World bank of
having installed a “Key Logger” in one of the access systems used by them.
World Bank has reportedly cancelled the contract with Satyam and the direct
business loss is estimated to be around US $ 100 million. The indirect
business loss can however be large enough for the future of the Company to
be threatened since the incident hits at the root of trustworthiness of the
Company for critical projects.
It is however granted that Satyam as a company may not
have any motive for indulging in what may be described as a major
international crime that the incident represents. In India it is considered
as an offence under Section 66 of ITA 2000 and could land Satyam Executives
at the top in jail for a minimum period of 3 years.
However giving a benefit of doubt to the Company, it
appears that some malicious elements have infiltrated into Satyam and
probably installed the key logger at the instance of some terrorist
organization or at the instance of China as its Cyber War strategy. We may
recall here some time back that a HSBC employee in Bangalore had made some
changes to the information of customers in the Bank which resulted in a
major fraud. It is presumed that this was a robbery of the bank by a
A similar possibility now exists in Satyam. It is
therefore necessary for CBI to immediately undertake an investigation of
how the Key Logger found its way into the Company’s software and where the
data stolen were reaching. If CBI does not move, FBI may make a move and
it would be embarassing for the Indian IT industry in India if this
snowballs into another major assault on the Indian Outsourcing Industry.
It is necessary for NASSCOM to take note of the long
term implication of such security breaches on the Indian IT industry and
initiate its own disciplinary action against its members who take
Information Security lightly.
In the meantime, we need to watch how Satyam reacts to
this controversy coming closely on the heels of the US $ 1 billion claim on
the UPAID case. To prevent its top executives facing trial under ITA 2000
for hacking, they need to prove “Due Diligence” and they need to quickly
undertake an ITA 2000 audit to check where they stand.
In a response apparently sent to Fox News after it ran the story, the bank
is reported to have said that the story was wrong and riddled "with
falsehoods and errors." It also reportedly said that unnamed sources
had provided misinformation, and that the leaked e-mails that were linked
to the Fox story had been taken out of context.
October 9, 2008