A small oversight at TCS ... a big reputation loss !

TCS is one company I admire among the other 'bellweathers' in the IT industry. And then when a small incident takes down it's website it is a matter of concern.

Yesterday, (Feb 08, 2010) their DNS was compromised and visitors to tcs.com were greeted by a message that said the domain was for sale.





It seems that this was rectified by the TCS team but the attack happened a second time (however this statement is based on the flurry of mails that hit the groups and no way for me to authenticate).

The media has picked up the story (of course) and I am sure TCS team has a lot of explaining to do to their internal and external customers. Unfortunately it is these small things that can cause damage to a spotless reputation and I am sure the business managers will have a lot of work on hand as they go about assuring their customers that the fault was not on their network !

Yes the breach (or compromise) was on the DNS server, but then there are questions which will need to be answered, as the Incident response teams do their analysis of the event. Questions like ...

1. How come a Tata company is using external DNS hosting and not working with their own VSNL or Tata Comm !

2. tcs.com has 5 name servers, of which 2 are from the external agency (tracom) and the other three are on TCS.COM ! Whoops.... so if tracom goes down then tcs.com goes down which means that you take down NS1 and NS2 and then 3, 4, 5 are automatically gone. Now what does this mean ?

Well. alls well that ends well and TCS is up and running again. I am happy about this ! And wish the company, the managers and the IT/IS teams all the best.

One thing saddens me is that tcs.co.in and tcs.in are unresponsive domains. The name servers are unresponsive too. This leads me to my friend's comment that companies do not give much importance to their websites. The general thought is that it is up and there are no transactions so why spend money; it is not a critical resource !

When some idiot goes and messes up your service provider (for kicks) and it leads to compromised website which is noticed by the world at large, a big reputation takes a hit. In case there is no hit, then there is a lot of egg on the face to wipe off !!

Media References....

http://searchsecurity.techtarget.in/news/article/0,289142,sid204_gci1381061,00.html

http://www.business-standard.com/india/news/tcs-website-hacked/385099/


Labels: , , ,