Asian Call Centres - Security Threat
Discussion
Sorry if its been done before but i got a letter from a insurance company earlier today to warn me that some data from a datasystem abroad has been hacked and details of customers have been obtained.
There was also a peice on the news about Lloyds relocating by the end of the year aswell.
Then i googled it and found this
There was also a peice on the news about Lloyds relocating by the end of the year aswell.
Then i googled it and found this
This is london said:
'India call centre staff bribed'
Pete Warren, Evening Standard
10 February 2004
STAFF at call centres in India are being bribed by organised crime and industrial spies to them help hack into the computer systems of British firms.
In at least two recent cases, local IT staff working on the sub-continent for UK institutions were involved in what industry sources say were 'security issues' in what is described as the tiniest fraction of a far larger problem.
In one case, sensitive financial information and credit card details were apparently illegally taken from a leading British financial institution.
A spokesman for the National Outsourcing Association (NOA) in Britain said: 'This shows that there are some things that you really should not send overseas. For organised criminals, this is a godsend.
'If you are using people in a low wage area, organised crime can afford to pay a lifetime's wages for data.'
Richard Hollis, managing director of Orthus, an information security solutions company in London, claims the problem is growing because Indian staff have access to increasingly sensitive customer information.
He said: 'We're seeing a significant increase in security problems associated with this type of outsourcing. Given that the majority of hacking originates from within organisations, outsourcing administrative responsibilities to an engineer making around £4,000 annually is asking for problems.
'The engineers employed by these firms are extremely skilled technicians and since they already possess the passwords and unrestricted access to the networks they service, they have quickly become targets for organised crime and private investigative firms looking to buy their way into a network.'
The revelations came after Trade Secretary Patricia Hewitt chaired a meeting last Monday to discuss the growing trend for call centres and other outsourced tasks to be switched from Britain to India.
Several British firms including Aviva, BT, ebookers, HSBC and Tesco have unveiled plans to relocate, or already created call centres in India.
Academics and industry experts believe this exodus could represent just the tip of the iceberg as other service industries look set to follow.
Manchester Business School's Professor Peter Barrah, author of the International Handbook on Outsourcing, said: 'It's a trend that is limited only by your imagination. There are some services that have to be delivered here and now; for anything that is produced with, or uses, a computer there is the potential for offshore outsourcing.
'There are companies that have now outsourced their strategy, the development of their marketing campaigns and their new product development.'
The DTI is currently commissioning research that it hopes will give a clearer picture of the true trend of job migration.
In the UK, there are about 400,000 people involved in the call-centre industry in about 5,500 call centres.
wiggy001 said:
Thing is, at least in the UK there is the DPA to try to protect the data.
To be honest I don't think that anything like the DPA will stop this sort of thing going on. Collusion is the most powerful fraud mechanism out there and all legislation can do is place accountability onto the employer. However rigerous they are at vetting applicants, some bad 'uns will get through the system.
In these times of centralised data repositories, the risk is all the greater. Until data security becomes more prevalent than trust or responsibility, our data is at risk.
barry sheene said:
Same bribery goes on in UK call centres. Social Engineering is and always will be an easy way to get information.
But it's got to be a lot cheaper bribing someone out there as their salaries are proportionately lower than here (at the moment
I think it depends where the gangs operate - if you are UK based you will work with UK people as you have more "influence" over them. If you are offshore then the gangs will operate within their localities (or where they have people/favours)
As costs go your money will always go further where there is lower wages, however at the moment at least I think the DPA does restrict what data is stored and is accessible outside the EU. (although I may be wrong).
The evidence I have seen (nothing really juicy) and a few reports I have read supports the local thing as many of the people getting caught are small groups of people without obvious links to larger organisations. I think that many of the larger organised groups have got "sleepers" in place in many organisations as it is already so there is not a huge threat from that avenue.
As Plotloss said there is a whole load of kneejerk reactions going on in the media already - Medical records is one large area. Our info has always been available to people who will pay for it, it's just that it's more transparent these days. Just because someone who perpetrates a crime is 3000 miles away when they do it doesn't make it any more or less worse then if they were in the UK.
Afterall, I have a reasonable grasp of IT security and systems + a reasonable grasp of techniques to get into IT systems. If I really wanted to get some money it would still be easier for me to go and mug someone or rob a bank.
bga said:
bga said:
Same bribery goes on in UK call centres. Social Engineering is and always will be an easy way to get information.
But it's got to be a lot cheaper bribing someone out there as their salaries are proportionately lower than here (at the moment
I think it depends where the gangs operate - if you are UK based you will work with UK people as you have more "influence" over them. If you are offshore then the gangs will operate within their localities (or where they have people/favours)
As costs go your money will always go further where there is lower wages, however at the moment at least I think the DPA does restrict what data is stored and is accessible outside the EU. (although I may be wrong).
The evidence I have seen (nothing really juicy) and a few reports I have read supports the local thing as many of the people getting caught are small groups of people without obvious links to larger organisations. I think that many of the larger organised groups have got "sleepers" in place in many organisations as it is already so there is not a huge threat from that avenue.
As Plotloss said there is a whole load of kneejerk reactions going on in the media already - Medical records is one large area. Our info has always been available to people who will pay for it, it's just that it's more transparent these days. Just because someone who perpetrates a crime is 3000 miles away when they do it doesn't make it any more or less worse then if they were in the UK.
Afterall, I have a reasonable grasp of IT security and systems + a reasonable grasp of techniques to get into IT systems. If I really wanted to get some money it would still be easier for me to go and mug someone or rob a bank.
Thsi is not really getting a smal amount of money really is it.
With the records that they have access to abroad if the information did get out into the open in these countries it would be easier for these gangs or people to get people in the UK and hence give them an ID from the database they have stolen.
Would you Like it if a asylum seeker was given your identity and got a bank account etc.
stevieb said:
Thsi is not really getting a smal amount of money really is it.
With the records that they have access to abroad if the information did get out into the open in these countries it would be easier for these gangs or people to get people in the UK and hence give them an ID from the database they have stolen.
Would you Like it if a asylum seeker was given your identity and got a bank account etc.
You are absolutely right, I (nor anyone else for that matter) would not like anyone to get hold of my info at all!
in my reply I was trying to say how easily available information of all kinds is (and has been)available to people with the right resources. I don't think that offshoring call centres is going to have an impact on the availability of certain data. Bribery is always going to be cheaper in poorer nations.
If a gang importing Asylum Seekers into the UK wants to get my data, they will regardless of it's location.
As we are getting more and more dependent on electronic records to identify us as individuals, that info is going to be worth something to people who can profit from it. The majority of firms worldwide are not doing enough to secure our data. I am no more trusting of a call centre in the UK as I am of one in India. If data is properly tied down then where it's hosted or accessed is going to be less of an issue.
If we don't support firms who offshore their operations then it's removing one part of the risk but not addressing the core problem.
Gassing Station | General Gassing [Archive] | Top of Page | What's New | My Stuff