World Bank slaps Satyam with 8 year ban. Is the Indian Government complicit in cyber espionage?
If the title confuses you, let me quickly catch you up on this story. Satyam is one of the largest IT companies in India and has been the darling of the Indian outsourcing industry for some time now. The company is/was run by Ramalinga Raju, who has been hailed as one of the leading lights of Indian enterprise. Well, it so happens, that the World Bank was one of Satyam’s customers, and their experience brought out into the open what we’ve been hearing various murmurs about; that outsourcing to India is becoming increasingly dangerous, and the service delivered by Indian IT companies is continuing to decline. Not only is this reflected in the quality of output, but also in the free-falling standards of plain old-fashioned business ethics.
While working with Satyam, the World Bank discovered that Satyam had been stealing proprietary World Bank information. Yahoo News! had this to say:
“The World Bank move came after bank investigators discovered that spy software was covertly installed on workstations inside the bank’s Washington headquarters”
Any customer outsourcing to India, or Satyam in particular, would cringe while reading this. This story raises very serious questions about the integrity of the customers’ own systems… and frankly, the privacy of millions of consumer’s personal and financial information. It only took a bit of research to discover that Satyam has plenty of financial services customers, including banks. They also enable mobile commerce transactions. Well, how safe is that consumer data? Now that we know Satyam has been deliberately stealing proprietary information from its own customers and indulging in all sorts of other financial frauds, what reason do we have to believe that this practice was exclusive to the World Bank? Who else could Satyam have stolen from? Do erstwhile Satyam customers have to invest in expensive audits to ensure that consumer information and other proprietary data is safe?
American companies like IBM and Accenture are already jumping in to drive the last nail in Satyam’s coffin, but the bigger questions that need to be focused on, are: What does this means to indian industry in general? And, was Satyam used as a tool of espionage by the Indian government to steal proprietary information from important agencies, companies and countries? The fact that the World Bank is the first target to be discovered should certainly warrant more careful scrutiny of Satyam’s dealings with other important institutions.
With regard to the first question, I think the writing is on the wall. American businesses will have a very hard time trusting Indian IT companies the way they did prior to this disastrous scandal. This is high profile enough that we wouldn’t be surprised if some regulatory agency in the US took notice and made it more difficult or impossible, in some cases, for American companies to outsource to Indian software firms. The Indian news media is abuzz with the disastrous implications of the Satyam fraud; investors have lost billions of dollars, 53,000 employees stand to lose their jobs and the reputation of Indian enterprise has been seriously blackened. No small potatoes.
Coming to the second question, this is a very, very serious issue and one that multiple institutions, including US intelligence agencies should look into. The Raju family has very deep political connections in India and may yet find a way out of this crisis. Was it really possible for multiple systems inside the World Bank, managed by Satyam, to have surveillance and espionage software installed on them without the management of Satyam finding out? And if it was, once this was discovered, why did Satyam fight the World Bank so publicly? Clearly, the decision to push back on the World Bank had to be taken at the Raju level. This company, was after all, a dictatorship. So Raju had to have known that a) information was being stolen from the world bank illegally b) the World Bank now knew about it and c) that Satyam’s response – rather than cooperation – was absolute refusal to acknowledge the theft of data.
Was such a bold, brazen and public response issued by Raju because he knew no one in India could touch him? Why would he think that? Was it just because of his political connections or because he knew there were several people within the Indian establishment that would come forth to protect him on this issue?
There are many, many unanswered questions. If Raju and Satyam have been used by the Indian Government and intelligence agencies to steal important data from global institutions, are they the only ones? What about the other major indian outsourcers?
Come to think of it, the involvement of a leading businessman in acts of global espionage would not be a first. And the fact that indian outsourcers have their tentacles deep into western businesses do make them a very attractive source of information on other governments and citizens across the globe. Could the Indian intelligence agencies resist such temptation?