In the course of developing software for companies, it is a common, although unadmitted practise to leave backdoors in the applications so that they would be able to bypass certain steps in the process of development. For obvious reasons, I can’t say what is being done, however, one system engineer decided to take a step further. He locked the system up before leaving his company.

While some may think that it’s a human resource and perhaps technical issue that the company should clear up with the systems engineer, this person, as mentioned in the article below, became the first guy to be hauled to court under the Computer Misuse Act. While this is somewhat a case of “randsomware”, the reverse may result in the same kind of prosecution. Meaning, if you leave the company leaving loopholes and backdoors (knowingly or unknowingly), there’s a chance that you may run into trouble with the law.

So while all software engineers feel that there is sometimes a need to create a backdoor for convenience, do take a note of where the backdoors are and remember to close all of them. When it comes to fingerpointing, especially when confidentiality of information is compromised, very few people can be spared of it.

Editor: Special thanks to reader Onlooker for pointing out this article.

A SYSTEMS engineer has been hauled to the criminal courts by his former employers for allegedly sabotaging a computer software he developed.

SMC Marine Services has accused Thangavelu Boopathiraja, 36, of secretly setting passwords within the program before leaving the company.

The password protection, discovered months after his resignation, has left the company unable to check, modify or upgrade the system, lawyers for SMC told a district court on Friday, at the start of the hearing.

SMC is taking criminal action against Thangavelu under the Computer Misuse Act, for preventing access to the computer program without authority.

This is believed to be the first private prosecution involving the act.

Thangavelu denies setting the passwords and has claimed trial.

The defence’s position is that SMC’s prosecution of Thangavelu is malicious and is aimed at putting him out of business.

Thangavelu, a former Indian national who is now a Singapore citizen, was employed by SMC between February 2004 and August 2006.

SMC is in the business of transporting bulk cargo using tugboats and barges.

At the time, Thangavelu was developing a vessel monitoring system that allowed real-time information, such as fuel usage, to be sent from the vessels to SMC’s office.

According to the prosecution’s opening statement, the software tool that is used to write the source codes allow a programmer to add password protection features.

But these passwords can only be set knowingly and not inadvertently, said the statement.

The firm says that Thangavelu was not authorised to configure the system such that a password was required to retrieve source codes.

Anyone convicted of preventing access to a computer without authority can be fined up to $10,000 or jailed up to three years or both.

Article obtained from straitstimes.com on 14th June 2008

It’s quite amazing that someone would have thought that a backup copy of their deleted SMS would be available from the telcos if they accidentally deleted their SMS. The official reply from 2 of the telcos was that the messages are expunged daily, with Singtel commenting that they do it a “regular basis”. Come to think of it, this is beginning to sound like the start of a good model to work on. The telcos may consider offering a service of SMS backup that will be accessible to the subscribers on a monthly basis, and the onus will be on the subscribers to back it up onto their PC. While software may be available to backup SMSes directly from phone, it may not always be possible.

Additionally, the subscribers may even configure such that the SMS are zipped and sent to their email addresses every month so that they do not have to worry about logging in every month to download it. This is a good idea, isn’t it? So, if you are a 3rd party start-up company and are interested in figuring out how to do this without going through the telcos, do feel free to drop me an email to discuss. I can do this without a fee, do let me in on some shares. =P

Talk about being a serial entrepreneur. =)

IF YOU have deleted an important text message, don’t expect your cellphone company to have a magical backup server that will bail you out.

One Singapore man recently found that out the hard way when he tried to recover messages that he had trashed nine months ago.

Mr Huang Yongliang wrote to The Straits Times Forum this week asking about the possibility of retrieving the long-since-deleted texts.

‘I got curious about the policies on retrieving SMSes when I accidentally deleted mine,’ said Mr Huang.

The 27-year-old said he wanted the texts for ‘personal reasons’, but declined to elaborate.

Telecom companies, though, said customers can practically kiss the messages goodbye once they hit the delete button. The companies handle billions of messages annually and deleted SMSes are expunged from servers almost immediately, they say.

SingTel, for example, said it processes 20 million text messages a day. That adds up to around seven billion a year.

‘It is therefore not economically or physically viable to store SMSes in our system for retrieval purposes,’ said its corporate communications manager Cheam Tze Hui in a statement.

There are a few exceptions. Logs that record the phone number, date and time of an SMS are captured and stored. StarHub and M1 keep these records for seven years and one year respectively. It is understood that these logs serve as verification when customers dispute SMS charges on their bills.

Meanwhile, telecom companies say they also face privacy concerns when it comes to releasing text messages. Even if they are still on a backup server, SingTel said it will not release them - not even to someone who wants to retrieve his own message.

Telecom companies will, however, release the information to the police and the courts. The former have the right to such information when they are investigating a crime.

In 2001, police probing fake bomb threats sent via SMS traced the texts to a 20-year-old national serviceman. They tracked him using help from the telcos, which would not specifically reveal the method. But the telcos suggested that it involved SMS logs.

In civil lawsuits, a judge can order companies to release messages if they are relevant to the case, according to Mr P. Padman, a partner in law firm Tito Isaac & Co. He has encountered this in defamation and divorce cases in the past. However, telcos are obliged to give the courts only information which they still possess.

The only way to be certain of retaining the SMSes for one’s own use is to keep them in phones, according to service providers.

Two telcos - M1 and StarHub - said SMSes are purged from their systems as soon as they are delivered. SingTel would only say that while this is not done daily, it is fairly regular.  

Article obtained from straitstimes.com on 14th June 2008