|HOME | INFOTECH | HEADLINES|
October 1, 1999
Indian officials today slammed as ridiculous a suggestion by US officials that Indian Y2K software firms could have been used to smuggle in computer codes aimed at threatening Washington's security.
Michael Vatis, the top cyber cop in the Federal Bureau of Investigation, has said that malicious code changes under the guise of Y2K modifications had begun to surface in some US work undertaken by foreign contractors.
Vatis, who heads the National Infrastructure Protection Centre, gave no details. But Terrill Maynard, a Central Intelligence Agency officer assigned to the NIPC, said in a recent article that India and Israel appeared to be the "most likely sources" of malicious code.
The article appeared in the June issue of Infrastructure Protection Digest.
"I think this is an utterly ridiculous assertion... without, as far as I can see, any basis whatsoever," said Montek Singh Ahluwalia, chairman of the Indian government's Y2K Action Force.
"I have no idea if this report is factually correct and if indeed a responsible officer has made what appears to be an irresponsible statement," Ahluwalia said.
He said the Indian government has not received any official communication to suggest wrongdoing by Indian firms or agencies.
The CIA declined to comment on Maynard's article. Referring to it, Vatis said: "This is our effort to put out in the public information that hopefully can be useful to people."
Indian firms have done more than $2 billion worth of coding work to protect old computers whose date fields denoted years only by the last two digits. Unless rectified, such computers can cause valuable data crashes when the year 2000 dawns.
India and Israel have had differences with the United States on security matters, particularly on nuclear policy.
Too much at stake
Dewang Mehta, president of India's National Association of Software and Service Companies, cited several reasons to dismiss suggestions that Indian firms may be a security threat.
He said too much is at stake for India's booming software companies, which have used Y2K as a strategy to gain long-term clients.
Besides, Indian firms did the bulk of Y2K work at US sites under client supervision, he added.
"We cannot visualise that any moles have been planted. This is absurd. For us, too much is at stake," Mehta said.
He said Indian firms had also carried out "regression testing", which is aimed at ensuring Y2K programming work does not hamper other software in client systems.
Vatis said it is "quite easy" for an outsider to code in ways of gaining future access or causing something to "detonate" down the road.
This could expose a company to future "denial of service attacks", open it to economic espionage or leave it vulnerable to malicious altering of data, he said.
Vatis said that so far "not a great deal" of Y2K related tampering had turned up. But a US Senate panel said last week that long-term consequences of using foreign firms for Y2K work could include more espionage and reduced information security.
Mehta said he heard during a recent visit to Israel a rumour about a computer virus designed to wipe out Y2K solutions.
"I am afraid as only three months are left and many American systems are not compliant, this kind of global rumour mongering is beginning to happen," he said. "We all think we should guard ourselves against it. NASSCOM strongly condemns such rumours."
Maynard noted Ireland, Pakistan and the Philippines among nations whose firms did significant Y2K repair. He said they were "least likely" to harm US systems but did not rule out threat possibilities.
BOOK SHOP | MUSIC SHOP | GIFT SHOP | HOTEL RESERVATIONS | WORLD CUP 99
EDUCATION | PERSONAL HOMEPAGES | FREE EMAIL | FEEDBACK