The Hindu Business Line : Uncertain world

BlackBerry, the wonder machine that helps you keep track of your e-mail wherever you happen to be in the globe, is no longer the status symbol that it was until a few years ago. It has almost become a necessity, and an addiction that some wives abhor in their husbands.

Many companies do not mind the high costs involved in giving one such telephone to even their middle-level executives.

More than its amazing geographic reach, it was, till a few weeks ago, known for its absolute reliability.

Its formidable reputation for dependability received a beating on April 17, 2007 when a substantial number of its subscribers, especially in North America, and parts of Europe and Asia, were affected by an outage that lasted for about 12 hours. Till the problem was fixed, subscribers could not access their mail box or the Web. They could, however, make telephone calls and send/receive SMS messages.

The funny part is, till now, a month after the incident, no one is certain how exactly this happened. There are only speculations — bordering on intelligent guesses — none of which may exactly convince the BlackBerry devotee! In these days of turbulence in the cyberspace, one automatically thought of a hacker attack that paralysed BlackBerry, although a massive power disruption seemed a reasonably acceptable explanation. No doubt it is true that twice in the past, both during 2005, there had been similar BlackBerry blackouts. But, over a course of time, BlackBerry addicts had put these behind them and had come to believe that the service was impregnable. They should definitely be distressed by the third blackout, because this mobile phone had become their sure and trustworthy ally on travel for carrying on their business transactions without any hitch.

Some fundamental facts

There is one theory circulating after the April disaster that the BlackBerry clientele had become too large to manage, and the service itself was too centralised for comfort and smooth operations. Here are some fundamental facts that most of us, current subscribers or prospective ones, should know.

Blackberry is owned by Research in Motion (RIM), founded in 1984 and headquartered in Waterloo (Canada). There are now 8 million BlackBerry subscribers the world over. According to one claim by RIM, the BlackBerry base is increasing by a million each quarter. Imagine there were just two million on the whole, just a year ago.

The growth is phenomenal, something that requires an enormous infrastrcture back-up and a hardening of security procedures that has to be very much above the routine. There are just two Network Operation Centres (NOCs) — basically huge data centres — through which all BlackBerry e-mail traffic flows. These function as an intermediary between the corporate mail servers and the subscribers.

One of these is situated in Canada that takes care of the service in the Western Hemisphere and parts of Asia. The other NOC is in the UK, and it looks after Europe, Africa and West Asia.A Lotus e-mail server transfers all e-mails to the company's Enterprise Server, which, in turn, forwards them to one of the NOCs. This NOC functions as the delivery system, authenticates users before forwarding each message to the appropriate hand-held device. According to experts, there is here a built-in safety from potential hackers. The authentication is handled away from the corporate network, and hackers are kept at bay because email servers are inside RIM's firewall. This kind of protection enhances customer confidence in respect of data secrecy. This is why a frontal hacker attack was straightaway ruled out as the cause for the recent Black Berry failure. The suspicion, therefore, moved on to a power failure that is, however, yet to be identified as the chief villain. There is then a possibility of a software bug or viruses, neither of which has however been established.

In the days following the incident, RIM took the position that it was not the result of a problem in security or an inability to cope with the required capacity that led to the outage. It attributed the glitch to a system upgrade, which had been insufficiently tested before installation.

The public debate will go on inconclusively, perhaps till another calamity strikes! But nothing is going to shrink the numbers of those who are sold out to the lure of the sleek instrument, especially with the arrival of two more attractive models, the BlackBerry Pearl and the BlackBerry 8800, which carry also media players and Web browsers.

Nevertheless, the investigation into the much-talked-about incident is worth pursuing to its logical conclusion if only to prevent it from happening again. For reasons of transparency and customer relations I hope RIM will keep talking to us.

Disquieting happening

One more recent happening of great magnitude should give us the creeps, especially those of who use the wireless to connect to the Web. The victim: TJX, the giant US retail group of companies. The aggressors: possibly a Romanian or Russian organised criminal group.

With a market capital value of more than $13 billion, TJX has been found to be shockingly negligent or parsimonious in protecting its network. According to one report, it used a primitively fundamental Wired Equivalent Privacy Protocol (WEPP), instead of the much more secure and accepted Wi-Fi Protected Access (WFPA) to guard its network.

Even more difficult to believe is that it had hardly deployed any firewalls or installed software patches. The net result was intruders were able to break into the system all over the world and steal information in respect of 45.7 million credit/debit cards. Personal data relating to 5,00,000 individuals was also compromised.

There are press reports that vividly describe how the criminals breached the TJX network. The Wall Street Journal tells us that the hackers used an antenna resembling a telescope and a laptop for this absurdly simple operation. The break-in operation was carried out in Minnesota at a discounting cloth store owned by the group. Also, TJX employees logging on to the group's central server in Framingham near Boston were eavesdropped upon and the intruders were able to proceed swiftly to set up their own accounts. It was child's play thereafter.

The gang could access the TJX system from any part of the world. Lifting of customer card information was also facilitated by TJX's failure to use encryption.

This was, therefore, a classic case of utter disregard of security by a giant company that, going by the volume of its trade, should have made a huge investment on computer security.

I hope some Indian corporates will read this incredible account of cyber crime and take appropriate measures to harden their networks. Anything less than the best system that is imaginatively assembled will be vulnerable to even a moderately skilled hacker.

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Security | Telecommunications | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Receive M-gyan

`Open Season' for Java

From NetBeans to bean bags

`Create more product development companies'

Disk partitioning

Recording TV programs on PC

Making the mobile phone a tool that teaches

Doing IT differently

Uncertain world

Quiz

Cartoon