Rediff Logo Infotech The Rediff Music Shop Find/Feedback/Site Index
HOME | INFOTECH | HEADLINES
October 12, 1998

HEADLINES
JOBS
COM:PORT
POLICY POLICE
ARCHIVES

iLeap - intelligent internet ready indian languages

 Intel presents the future of business computing

*rotfl*: If it is VSNL, it must be April 1. Somebody sent off emails in their name, offering super discounts! Priya Ganapati and Zasha Penn
in Bombay

The Videsh Sanchar Nigam Limited has made students an offer that they will find very difficult to refuse: A full-fledged TCP/IP Internet account for just Rs 2,000 per 500 hours! A similar 500-hour account ordinarily costs Rs 10,000.

Email this story to a friend.

And if you think this is too good to be true, guess what? You are absolutely right! The emails were an hoax.

The official line at VSNL is the predictable "we are looking into the matter". But Rediff has learnt that it was an engineering student in Bombay.

However, the student's account cannot be blocked easily. Mr Deep Throat, who lives beyond the high-security visitors' lobby at VSNL headquarters, tells us that the moment you block off an account it becomes a legal issue. That is why any such action has to be discussed threadbare.

He says "A meeting and a detailed report on the hoax will be submitted to officiating CMD Amitabh Kumar on his return from New Delhi tomorrow morning."

What seems to have robbed the VSNL of its sense of humour is the fact that their own Helpdesk people fell for the hoax too. They thought that the Customer Services Department must have issued the email their excited callers were talking about.

Because it was a Sunday they could not confirm it immediately and told eager inquirers to check out the scheme on Monday morning.

Monday morning, however, saw hell. The Customer Services and Helpdesk people realised in the same instance that they had been taken for a ride.

Since then inquirers are being told over the phone to ignore the email. Deputy General Manager, Customer Relations, V N Sharma told Rediff that "The students themselves had realised that this email is an hoax. They were calling the Helpdesk to confirm whether it is an hoax. Also it is not a serious matter. It only has nuisance value. As to why an email was not sent out to the subscribers, telling them that it is an hoax, we will ask the systems people about it. Even if there has been a lapse we will submit a detailed report about it."

By the way, the prank is easy to explain. But before we tell you how it was done, here is the hoax email:

From: VSNL System Admin <helpdesk@giasbma.vsnl.net.in> Sun 4:26

Subject: TCP/IP for students

 

Dear Internet User,

As a continuing effort to provide you with the best of our services, we have decided to permit TCP/IP access for students with effect from 1 November 1998.

The costs involved are: TCP/IP access (500 hours) Rs 2000 per annum.

Students desirous or taking up this facility will be given due credit for the number of unused hours on their shell accounts.

This facility is presently open to students who presently have a students account at VSNL only.

Please register yourself by mailing aaa@giasbma.vsnl.net.in as soon as possible (we have limited capacity at present).

Accounts will be given on a first-come-first-served basis. Details about payment will be subsequently mailed to you.

Due to the low receipts from students shell accounts, we are now unable to cope up with the costs and have decided to discontinue issue of new shell accounts for students.

We have now stopped accepting any new registrations. Any complaints in this matter should be filed in writing at our Fort office.

With warm regards,

 

System Administrator

GIAS

"Always at your help"

-----------------0-help-0---------------------------

email: helpdesk@giasbma.vsnl.net.in

http://guide.vsnl.net.in (New!!)

news:vsnl.feedback.internet

-------------------0-desk-0-------------------------

That was not difficult to do.

In the Netscape email client, go to the 'Edit' menu and select 'Preferences'. A dialogue box will pop up.

In this dialogue box select 'Mail & Groups' and within it select 'Identity'.

On the right hand of these selections enter 'VSNL System Admin' in the box where you are expected to put in 'Your name:'. In the box for 'Email address:' just put in helpdesk@giasbma.vsnl.net.in

Now you are ready. Whoever you mail will see his email has come 'From: VSNL System Admin <helpdesk@giasbma.vsnl.net.in>'

Of course, you cannot fool all the people all the time. Provided there is even a remote doubt to suspect the authenticity of the email, a microscopic minority of the nerdy kinds will know what to do.

They have to just view the full header of the email and it will tell them the precise identity of the real sender.

And that's what the VSNL's backroom boys did to sniff out the prankster.

Now only one question remains to be answered. How on God's Earth did our budding engineer lay his hands on the huge list of VSNL's email addresses?

Here we need to do a recap on vintage VSNL.

A few years ago when VSNL began Internet services it had a publicly declared email address called 'allusers'. Sending an email to that address would automatically send your message to, what else but, all VSNL users.

People soon began using the utility to spam and the service was discontinued. But a version of 'allusers' continued to live on the VSNL servers. Whispered about only among the eggheads at the 14-storey headquarters.

Then last year, somebody discovered it. That discovery was quickly rendered useless by the VSNL, which promptly changed settings and shut out the intruder.

But the damage had been done. People had used the rediscovered 'allusers' to make a list for themselves.

Some users got to VSNL's old UNIX prompt and managed to pry open the /usr and /etc directories to look at the list of user and email IDs.

One student at Anushakti Nagar, the Bhabha Atomic Research Centre's staff quarters, claims to have routinely peeked at the secret files at VSNL until recently when suddenly he could not break in at all.

There are some good pointers to the fact that our prankster is using a list that is a few months to at least one year old. Sometime around the rediscovered 'allusers' date.

One telltale sign is that the new account holders, of the 'shell' or 'text-only' variety, have not received the hoax email.

That should also explain VSNL's reluctance to send all its users an explanation and thereby advertise the prank in the fullest possible way.

Sharma admits that the students could have hacked into some VSNL machines to get the user groups. "All these things are under the purview of the security department. They will now be looking into the matter to see that such incidents are not repeated. Anyway, we have not put any serious information on any of the machines. There are certain important filters and firewalls which will protect the machines from hackers."

But Sharma is a forgiving soul. "Some person might have done this for fun's sake. But this is extremely bad in taste. We do not want to be too harsh and take legal action because the student stands to lose his future."

However, he does not shy from condemning such acts of subversion. "When we started the Internet services, we wanted to help students in whatever way it is possible. So we thought of providing a shell account for Rs 500 only. For people who spend Rs 40,000 to Rs 50,000 on PCs, this account is practically free of cost. It was given only with good intentions. But whenever they do an act that is hazardous to society, the society has a right to condemn them."

He assures "Ours is a very open society. Everybody is open to criticism. But something has gone wrong here. We will have to have some sort of propaganda saying this is wrong and students should not misuse concessional accounts. We will have to make the officials at VSNL aware of these dangers."

Tell us what you think

HOME | NEWS | BUSINESS | SPORTS | MOVIES | CHAT | INFOTECH | TRAVEL
SHOPPING HOME | BOOK SHOP | MUSIC SHOP | HOTEL RESERVATIONS
PERSONAL HOMEPAGES | FREE EMAIL | FEEDBACK