Satyam in major trouble: Client Attack blamed on Satyam

The story, the details of which were contested by the World Bank after it ran, quotes unnamed sources as saying the banking group was victimized by at least six major intrusions from the Summer of 2007 through September of this year.

At least two of the intrusions appear to have originated from the same batch of IP addresses within China, the report said. The first of the intrusions, from China, was discovered in Sept. 2007 when the FBI apparently informed the bank of the problem which it discovered while it was conducting an unrelated investigation. It apparently allowed the perpetrators to gain full and complete access to a secret data hub maintained by the organization in Johannesburg, South Africa for a period of at least six months, the Fox News story said.

Another of the breaches, this time involving the bank's treasury network in Washington D.C, appears to have been perpetrated by a contractor or contractors working for India's Satyam Computer Services, the story said. The Satyam employee or contractor infected some workstations at the banks headquarters in Washington with keystroke logging software, which then sent any information it captured to a still unknown location.

“The story cites misinformation from unattributed sources and leaked e-mails that are taken out of context,” the statement said.

“Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these,” it said.

“But at no point has a hacking attack accessed sensitive information in the World Bank’s Treasury, procurement, anti-corruption or human resources departments,” the spokesperson said quoting the bank’s statement.

Originally Posted by Safin

This would be the worst case publicity for Indian IT companies if this comes out to be true.

After the recent incident in which a Yahoo employee was found to be an important member of a terrorist outfit in India, it has become necessary for Indian IT Companies to take cognizance of the fact that there may be an organized infiltration of their ranks by terrorists.

One more incident which has surfaced recently raises more concern in this regard. It has been reported that one of India’s major Software companies Satyam Computers has been accused by World bank of having installed a “Key Logger” in one of the access suystems used by them. World Bank has reportedly cancelled the contract with Satyam and the direct business loss is estimated to be around US $ 100 million. The indirect business loss can however be large enough for the future of the Company to be threatened since the incident hits at the root of trustworthiness of the Company for critical projects.

It is however granted that Satyam as a company may not have any motive for indulging in what may be described as a major international crime that the incident represents. In India it is considered as an offence under Section 66 of ITA 2000 and could land Satyam Executives at the top in jail for a minimum period of 3 years.

However giving a benefit of doubt to the Company, it appears that some staff members have infiltrated into Satyam and probably installed the key logger at the instance of some terrorist organization or at the instance of China as its Cyber War strategy. We may recall here some time back that a HSBC employee in Bangalore had made some changes to the information of customers in the Bank which resulted in a major fraud. It is prsumed that this was a robbery of the bank by a terrorist outfit.

A similar possibility now exists in Satyam. It is therefore necessary for CBI to immediately undertake an investigation of how the Key Logger found its way into the Company’s software and where the data stolen were reaching. If CBI does not move, FBI may make a move and it would be embarassing for the Indian IT industry in India if this snowbnalls into another major assault on the Indian Outsourcing Industry.

It is necessary for NASSCOM to take note of the long term implication of such security breaches on the Indian IT industry and initate its own disciplinary action against its members who take Information Security lightly.

In the meantime, we need to watch how Satyam reacts to this controversy coming closely on the heels of the US $ 1 billion claim on the Upaid case. To prevent its top executives facing trial under ITA 2000 for hacking, they need to prove “Due Dikigence” and they need to quickly undertake an ITA 2000 audit to check where they stand.