This report in Mint suggests an intelligence report that ISI might have planted a trojan in the BSNL network to enable it spy on the database. It is interesting to note the social engineering methods used by ISI to get the trojans planted.
Mint reports the following modus operandi.
“ISI spoofed a landline number (011-23016782) so that the call would appear to originate from Indian Army HQ in Delhi, and called up a BSNL executive on his mobile phone.
Posing as Major Vijay, the ISI officer claimed that the Indian Army was unable to access BSNL’s subscriber base from its website, and also sent the BSNL employee a “test mail” on his Gmail address. The BSNL employee replied to this email by sending three online links, believing that he was helping the Army. The ISI officers then got back claiming they were unable to open the links. Besides, they (ISI) sent some links to the BSNL employee who opened the same on his computer thus enabling the Pakistani agency to allegedly install the malware in the state-owned telco’s systems. “
The incident should be a good lesson to other people employed in sensitive organizations.