labels: IT news, World Bank
Satyam may be in the dock over World Bank data security breach news
13 October 2008

In the midst of global market mayhem, an issue of considerable importance has escaped the media attention it thoroughly deserved - a security breach in the World Bank Group's computer network, one of the largest repositories of sensitive data about the economies of every nation in the world. More alarmingly, this has been a regular occurrence over the last year, or so Fox News has reported.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.

In total, at least six major intrusions, two of them using the same group of IP addresses originating from China, have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. Although the bank has taken pains to undermine the seriousness of the problem, leaked internal memos sent by the investigating team confirm the compromise of data in 18 servers, with five of them being classified as containing ''sensitive data''.

This serious issue apparently has a direct India connection. Hyderabad-based computer services major Satyam has been a vendor for the international bank for quite a long period time and was evidently responsible for many of the compromised systems. As a result, there have been reports in the international media that World Bank has barred it from doing offshore work.

The first breach of the bank's secrets was discovered in September, 2007, after the FBI, while at work on a different cybercrime case, notified the bank that something was wrong. The investigators pointed to a part of the bank's network that led out of the Johannesburg hub of the International Finance Corp. (IFC), a bank arm that lends to the private sector.

The second major breach, of the bank's treasury network in Washington, was discovered in April 2008.And now comes the potentially most harmful bit of news for Indian IT providers. A forensic analysis of the treasury breach supposedly revealed spy software which recorded keyboard entries allegedly installed by one or more contractors from Satyam.

Incidentally, a five-year contract between the bank and Satyam lapsed in September. The fourth largest IT services provider from India had bagged the contract in 2003 to implement Enterprise Resource Planning solution, extend document management and integrated messaging system. The hacking story may now be held up as the real reason behind the non-renewal of the contract.

However, the Indian company has vehemently denied these allegations, saying such stories have ''no validity.'' A Satyam spokesperson said on Saturday that the story was wrong and was riddled with falsehoods and errors. ''The story cites misinformation from unattributed sources and leaked e-mails that are taken out of context,'' the statement said.

''Like other public and private institutions, the World Bank has repeatedly experienced hacking attacks on its computer systems and is constantly updating its security to defeat these,'' it said. ''But at no point has a hacking attack accessed sensitive information in the World Bank's Treasury, procurement, anti-corruption or human resources departments.''

Although Satyam's immediate future in the wake of such allegations is a matter of grave concern for the Indian corporate sector in general and the IT sector in particular, of greater concern is the issue of possible terrorist infiltration in the ranks of Indian companies.

After the recent incident in which a Yahoo employee was found to be an important member of a terrorist outfit in India, it has become necessary for Indian IT Companies to take cognizance of the fact that there may be an organized infiltration of their ranks by terrorists.


 search domain-b
  go
 
Satyam may be in the dock over World Bank data security breach