Sarbajit Roy, NDTV's sting on Dr. Bajaj

So the truth is out, "Sarbajit Roy is a former hacker for the Government", or so says NDTV. Its comforting to know that we have a free and vibrant media in India, bold enuff to take spycams into the office of India's top cyber investigator Dr. K.K.Bajaj and get to see him blathering away that he has no powers to investigate cyber crime in India, or data theft either. Mind boggling stuff! "Sarbajit"

---

BPO fraud: Was it a sting or a set up?
Priyam Bhasin

Monday, July 4, 2005 (Gurgaon):

Ten days after the British tabloid Sun claimed its reporter had bought confidential details of British customers from an Indian call centre employee, it's not yet clear who is investigating the BPO fraud.

No formal complaint has been lodged yet though the Prime Minister has said cyber laws in the country need to be strengthened.

But in another twist, a former hacker with the government says it's very easy to get credit details of UK bank customers in India.

Reacting to charges that the Indian BPOs have poor securtiy standards, the industry has fought back saying business is booming only because they have the confidence of their clients.

"There's more security here than in many places in the west," said Pramod Bhasin, global head, Gecis.

"Clients who outsource ensure security standards. They are very good here," said Dr Balakrishnan, head, Supercomputing, IISc.

Data source

Then where did Karan Bahree get the data from?

Sarbajit Roy, a former hacker with the government, says it's not difficult to get credit details of UK bank customers in India.

Roy says these are given by banks themselves to small call centres to chase defaulting customers, which find their way to the markets in the form of CDs.

Perhaps, Bahree could have just bought one of these CDs to sell to Harvey.

So Roy, who has raised this issue with the RBI, has filed an application with the government asking Bahree to appear and reveal where the data came from.

Police investigations into the matter have been far from revealing. More than a week after the story broke, the Haryana police say they are yet to make a breakthrough. A formal police complaint has still not been registered.

In fact, it's not even clear who is investigating the case.

The IT Act says that the certifying authority of the government's IT department is fully empowered to investigate IT thefts.

But the controller of certifying authorities refused to comment saying it's not his job.

The delay means that the trail of crucial electronic evidence will turn cold and the truth may never be out.

Was it a security lapse?

So what was the sting operation trying to expose. Security lapses or just hit at the thriving BPO business?

Security experts and companies themselves see in this whole controversy an attempt to hit at the credibility of India's BPO industry and tarnish its image.

"I agree it's a set up," Dr Balakrishnan said.

"It's not about security, it's about outsourcing. You are at more risk if you use your credit card in a shop," said Bhasin.

But the Bahree case has had some positive fallout. The industry is strengthening systems just so that this one-off incident does not have any long term impact.

Agencies are being appointed to check the background of employees and the government is planning to tighten the IT Act to minimise data theft to make sure that their security standards are internationally recognised.
Business News
Trackback: Sarbajit Roy cyber hacker