/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow Us
The incident happened a few years ago in a call center in Mumbai. The company had about 200 employees at that time, and was working on USA debt consolidation process which was handling more than 300-400 confidential credentials of US customers on a daily basis.
The business was doing well until the company received a notice from a US court. A huge amount of money had disappeared from a bunch of bank accounts that belonged to a US company. The suspicion fell on the Indian call-center which was later successfully sued by the affected US customer. Having paid several crores in fine, the call center's management started an internal investigation.
It turned out that seven months before the incident, one of the employees had infected the whole IT infrastructure, right from workstations to servers, with a keylogger Trojan that collected keystrokes from all systems. It seems that the hacker had spread the worm simply over the LAN as company's IT infrastructure had very poor malware protection, to put it mildly.
The malware was designed to collect information that call-center agents were receiving from US clients while on call. It spy monitored and recorded all keystrokes when employees were on a live call with a customer. The target of the hacker were personal credentials like name, addresses, credit card numbers and SNN or social security numbers, which is the most valuable information that any hacker looks for.
Later from our own sources, we came to know that the hacker was selling this data to Russian and Chinese hackers through several black hackers' forums. Interestingly, later the same data was also sold to a group of Nigerians engaged in card-cloning business back in Mumbai.
Well, the obvious question that comes from this is--how can a call-center work without security measures, anti-malware software at least, and a dedicated IT team which would discover the breach? Here, the story takes a new turn. The call center had quite a professional IT team. However, the hacker was so smart that he made himself safe from the very beginning. While collecting keystrokes from the employees' workstation, he managed to collect some interesting personal data about the Chief IT administrator. He started blackmailing the CTO shortly before the CTO discovered the malware. I must say that the hacker was not only technically strong, but was also very good in social engineering.
After the perpetrator was found, it took about a month to clean the whole system of the malware and get back to operations (that's where we got involved in the story, after the IT team had spent about 2 weeks trying different free anti-virus tools). We helped the company clean up the system, from endpoints to server side, as the main server responsible for ACD and IVR functions was affected, and set up comprehensive protection.
During this whole month, the call-center stayed idle, as the employees were told to sit at home on paid leave. It's not too difficult to imagine the losses the company suffered because of this.
The investments in setting up the total security measures were actually incommensurably lower than the cost of the incident.