Let's Build a Responsible Cyber Society




Terrorists Intrude into Indian IT Companies?

 After the recent incident in which a Yahoo employee was found to be an important member of a terrorist outfit in India, it has become necessary for Indian IT Companies to take cognizance of the fact that there may be an organized infiltration of their ranks by terrorists.

One more incident which has surfaced recently raises more concern in this regard. It has been reported that one of India’s major Software companies Satyam Computers has been accused by World bank of having installed a “Key Logger” in one of the access systems used by them. World Bank has reportedly cancelled the contract with Satyam and the direct business loss is estimated to be around US $ 100 million. The indirect business loss can however be large enough for the future of the Company to be threatened since the incident hits at the root of trustworthiness of the Company for critical projects.

It is however granted that Satyam as a company may not have any motive for indulging in what may be described as a major international crime that the incident represents. In India it is considered as an offence under Section 66 of ITA 2000 and could land Satyam Executives at the top in jail for a minimum period of 3 years.

However giving a benefit of doubt to the Company, it appears that some malicious elements have infiltrated into Satyam and probably installed the key logger at the instance of some terrorist organization or at the instance of China as its Cyber War strategy. We may recall here some time back that a HSBC employee in Bangalore had made some changes to the information of customers in the Bank which resulted in a major fraud. It is presumed that this was a robbery of the bank by a terrorist outfit. 

A similar possibility now exists in Satyam. It is therefore necessary for CBI to immediately undertake an investigation of how the Key Logger found its way into the Company’s software and where the data stolen were reaching.  If CBI does not move, FBI may make a move and it would be embarassing for the Indian IT industry in India if this snowballs into another major assault on the Indian Outsourcing Industry.

It is necessary for NASSCOM to take note of the long term implication of such security breaches on the Indian IT industry and initiate its own disciplinary action against its members who take Information Security lightly.

In the meantime, we need to watch how Satyam reacts to this controversy coming closely on the heels of the US $ 1 billion claim on the UPAID case. To prevent its top executives facing trial under ITA 2000 for hacking, they need to prove “Due Diligence” and they need to quickly undertake an ITA 2000 audit to check where they stand.

P.S: In a response apparently sent to Fox News after it ran the story, the bank is reported to have said that the story was wrong and riddled "with falsehoods and errors." It also reportedly said that  unnamed sources had provided misinformation, and that the leaked e-mails that were linked to the Fox story had been taken out of context.


October 9, 2008

Related Article: Computer World