India Slams U.S. Talk On Y2K-Linked Security Fears

Updated 4:45 AM ET October 1, 1999

By Narayanan Madhavan

NEW DELHI (Reuters) - Indian officials Friday slammed as ridiculous a suggestion by U.S. officials that Indian Y2K (Year 2000) software firms could have been used to smuggle in computer codes aimed at threatening Washington's security.

Michael Vatis, the top cyber cop in the Federal Bureau of Investigation (FBI), told Reuters Thursday that malicious code changes under the guise of Y2K modifications had begun to surface in some U.S. work undertaken by foreign contractors.

The claim signaled possible economic and security threats.

Vatis, who heads the National Infrastructure Protection Center (NIPC), gave no details. But Terrill Maynard, a Central Intelligence Agency officer assigned to the NIPC, said in a recent article that India and Israel appeared to be the "most likely sources" of malicious code.

The article appeared in the June issue of Infrastructure Protection Digest.

"I think this is an utterly ridiculous assertion...without, as far as I can see, any basis whatsoever," said Montek Singh Ahluwalia, chairman of the Indian government's Y2K Action Force.

"I have no idea if this report is factually correct and if indeed a responsible officer has made what appears to be an irresponsible statement," Ahluwalia told Reuters.

He said the Indian government had not received any official communication to suggest wrongdoing by Indian firms or agencies.

The CIA declined to comment on Maynard's article. Referring to it, Vatis said: "This is our effort to put out in the public information that hopefully can be useful to people."

Indian firms have done more than $2 billion worth of coding work to protect old computers whose date-fields denoted years only by the last two digits. Unless rectified, such computers can cause valuable data crashes when the year 2000 dawns.

India and Israel have had differences with the United States on security matters, particularly on nuclear policy.

"TOO MUCH AT STAKE"

Dewang Mehta, president of India's National Association of Software and Service Companies (NASSCOM), cited several reasons to dismiss suggestions Indian firms may be a security threat.

He told Reuters that too much was at stake for India's booming software companies, which have used Y2K as a strategy to gain long-term clients. Besides, Indian firms did the bulk of Y2K work at U.S. sites under client supervision, he added.

"We cannot visualize that any moles have been planted. This is absurd. For us, too much is at stake," Mehta said.

He said Indian firms had also carried out "regression testing," which was aimed at ensuring Y2K programming work did not hamper other software in client systems.

Vatis said it was "quite easy" for an outsider to code in ways of gaining future access or causing something to "detonate" down the road.

This could expose a company to future "denial of service attacks," open it to economic espionage or leave it vulnerable to malicious altering of data, he said.

Vatis said that so far "not a great deal" of Y2K-related tampering had turned up. But a U.S. Senate panel said last week that long-term consequences of using foreign firms for Y2K work could include more espionage and reduced information security.

Mehta said he heard during a recent visit to Israel a rumor about a computer virus designed to wipe out Y2K solutions.

"I am afraid as only three months are left and many American systems are not compliant, this kind of global rumor-mongering is beginning to happen," he said. We all think we should guard ourselves against it. NASSCOM strongly condemns such rumors."

Maynard noted Ireland, Pakistan and the Philippines among nations whose firms did significant Y2K repair. He said they were "least likely" to harm U.S. systems but did not rule out threat possibilities.

==================================== End

Should be real interesting to see how this all unfolds. Does anyone think the US government is going to take the blame for ALL of their y2k failures ??

Ray

-- Ray (ray@totacc.com), October 01, 1999

Answers

Dewang Meta is right to be upset when the CIA casts aspersions on them for anticipated potential problems that in reality correspond to the lack of progress made in Y2K projects. It is obvious that Indian firms were often chosen for Y2K remediation due to the low cost of Indian programmers compared to programmers resident in the United States. Now, the CIA is setting them up as potential scapegoats. As Meta says, this is irresponsible and a step in the wrong direction in relations with India. The fact is that even in this country, South East Asian immigrants make up the higher percentage of those obtaining graduate degrees in computer sciences and filling key roles in the technology industry. It is not some sinister plot. Rather, we should admit that our educational system and culture does not produce the mathematical intelligence required for such disciplines and we are actually rather fortunate to be able to import South East Asians and their software. It has been a boon to us and to our nation.

Sincerely, Stan Faryna

-- Stan Faryna (faryna@groupmail.com), October 01, 1999.

>>Rather, we should admit that our educational system and culture does not produce the mathematical intelligence required for such disciplines and we are actually rather fortunate to be able to import South East Asians and their software. It has been a boon to us and to our nation.

Er, what southeast Asian software?

The fact that lots of technical Asian may come to the US does not mean that Asians are more educated or more intelligent than US people. The fact that we see smart, well-educated-- as well as dumb, poorly-educated-- Americans, but only smart southeast Asians, does not mean that dumb and uneducated Asians do not exist.

The US, with its dramatic strides in hardware and software, and money-- has certainly been a boon to Southeast Asia. Doubt it? Look at all the Southeast Asians coming to the US to work. How many US citizens are flooding to SE Asia to attend school & work?

-- Scarecrow (Somewhere@Over.rainbow), October 01, 1999.

I SAW M. Vatis on cspan being grilled by a couple of senators (was one of them Bennet?). Anyhow, for a civilian who is ostensibly working for the good of american business, he was SUBSTANTIALLY less talkative than Kevin Bacon was during the Kosovo war.

Vatis is full of it. You'll get no straight answers from him. He might as well be NSA.

-- Spanky (Otay@lilrsacles.com), October 02, 1999.

I knew this was coming, and bet we'll be seeing a lot more of it. The FBI and other government agencies are starting up their disinformation machine in order to fabricate scapegoats for actual Y2K failures.

"Michael Vatis, the top cyber cop in the Federal Bureau of Investigation (FBI), told Reuters Thursday that malicious code changes under the guise of Y2K modifications had begun to surface in some U.S. work undertaken by foreign contractors."

"I think this is an utterly ridiculous assertion...without, as far as I can see, any basis whatsoever," said Montek Singh Ahluwalia, chairman of the Indian government's Y2K Action Force."

The FBI can continue to spread all kinds of lies about people attacking our computers and there is now way anyone will be able to dispute these accusations. I don't doubt that a few terrorists might try to sabotage our systems, but they'll probably blame 50% of the failures on non-existant terrorists. Happens to work quite well as a coverup of failures that our own government neglected to spend the money to fix, so they'll just have to add a few more $billion into the budget to fix them again.

-- @ (@@@.@), October 02, 1999.