Private Data Sold From Indian Call Center

Matt Freman writes to mention a ZDNet article on reports that private data is being sold out of an Indian call center. A U.K. television programme, 'Dispatches', follows a 12-month investigative report on illegal privacy-related activities. During the taping of the show thousands of U.K. bank customers had their personal information sold by the staff of a call center. From the article: "Indian IT trade organization Nasscom criticized Channel 4 for refusing to show it any of the footage before it was broadcast on Thursday evening. It urged the program makers to cooperate in rooting out and prosecuting any 'corrupt' call center workers. 'The whole issue of data security is a global problem,' said Sunil Mehta, a vice president at Nasscom. 'There are bad apples in every industry around the world, and these incidents happen in India and the U.K. This is not a widespread problem in India. Security measures and practices that Indian companies have are the best in the world.'"

How are cases prosecuted?

[weave (48069)]

If a worker who works in same country as the company is caught in fraud, they are prosecuted and thrown in jail. If a megacorp outsources off-shore and the employees of that company are involved in fraud, exactly what assurances does that company or its customers have that the perps are prosecuted?

Also, I always wondered why companies that outsource are assured their trade secrets are not sold too.

Re:

[tygerstripes (832644)]

IANAL, but I would assume that the company is liable, not the individual. The likelihood is that the company will take action against the outsourced-service-provider. If they then choose to take action against the individual, that's their prerogative.

That's not much of an "assurance" of prosecuting the individual, sure, but in terms of civil action you will be more likely to win compensation from a company than an individual so you're on a winner there. If it's not about the money but the principle, well,

Re:

[CodeBuster (516420)]

What assurances does that company or its customers have that the perps are prosecuted?

It depends upon the country, but in popular outsourcing destinations, such as India, the assurance is basically worthless. The Indian court system is a byword for red tape, bureaucracy, and inefficiency that lends new meaning to the phrase, "waiting in hell for a glass of ice water". Nothing gets done without every petty bureaucrat getting his palm greased and even then it is not unusual for cases to spend fifty (50) y

can the fired bad guys sue easily?

[krell (896769)]

"I work at an outsourced customer support company. The policies where I work is if your caught abusing the information you get, you get fired. Simple as that"

Is it easier to fire the bad guys there because you are less likely to have a crooked lawyer come up out of the ooze and file a frivolous "wrongful termination" lawsuit? I know that is a problem in the US.

Re:can the fired bad guys sue easily?

[weave (48069)]

Fired? That's it? I'm curious of the economics of the crime then. Is it possible that one can earn enough coin by selling information where they never have to work again, and hence firing is worth it?

Re:

[Name Anonymous (850635)]

Is it possible that one can earn enough coin by selling information where they never have to work again, and hence firing is worth it?

In a word: Yes!

In more detail, a credit card number with enough information to use it (name, address, phone number, etc) is worth about $100. So if you work at a place that has lots of customers (Amazon or Paypal for examples) you could very well make enough money with all that data.

Re:

[khallow (566160)]

Is it easier to fire the bad guys there because you are less likely to have a crooked lawyer come up out of the ooze and file a frivolous "wrongful termination" lawsuit? I know that is a problem in the US.

This isn't any more of a problem in the US. It's very easy to fire someone who has committed a crime. The fired employee would have to weigh any potential compensation against jail time (or perhaps more jail time).

Re:How are cases prosecuted?

[pete6677 (681676)]

Most shady people who would sell others' information would not care about being fired from some $7.50/hr call center job. Prosecution is not a big threat either, as rare as it is for people to be aggressively prosecuted for data theft. This is true no matter what country the call center operates in. It's just what will inevitably happen when you farm out important corporate operations to the lowest bidder. Of course they will take shortcuts and of course there will be shady people willing to exploit the situation. The only thing surprising about this article is that people didn't realize the potential for these problems a lot sooner. And the only thing that surprises me about fraud is that it isn't more common, as easy as it is to do. All it takes to succeed is a little common sense is a complete lack of morals.

How do you know it doesn't happen more often?

[Svartalf (2997)]

All you see is the more careless ones getting caught. Identity theft actvities goes on, even in the US- we just
have a better handle on it so that the sloppy ones don't get very far. In India and elsewhere, you pay for cheap,
they don't give a care about security- what costs is the pay for the labor to be less inclined to do corrupt things
and for the security to ensure that if they do, they typically get caught real quick.

All because of some idiot that has an MBA that thinks he has a solid handle on economi

Re:

[TubeSteak (669689)]

The really competent ones cost as much as they do here over there.

Cost of living "over there" is drastically lower than it is in the U.S. or the EU.

30,000 USD is a lot of money in India or the former Soviet States.

I know there are at least a few American /.'ers, who make a low end American IT salary, but do quite quite well living in India.

Maybe one of them will chime in

Its the Economics, STUPID

[Anarke_Incarnate (733529)]

When you pay someone a wage, that relative to those of the people they deal with, they will become angry and resentful. The point of moving offshore is to save costs because the cost of living is so low, making the wages low.

Thus, the people who know they are making a great deal less than people in the UK or US feel that they are doing this to equalize themselves. It is a psychological phenomenon. People don't just want to do well, they want to do better than others.

Re:

[Anarke_Incarnate (733529)]

Doh, should have said "is lower, relative to"

Re:

[99BottlesOfBeerInMyF (813746)]

Thus, the people who know they are making a great deal less than people in the UK or US feel that they are doing this to equalize themselves. It is a psychological phenomenon.

You're completely correct, but this does not apply only to India. Wage disparity correlates more strongly with violent crime than pretty much any other social phenomenon. The way most modern cultures have evolved, the primary motivation to not steal is ethical. Punitive measures are very weak motivation by comparison. For all those

Its the Criminals, STUPID

[mcmonkey (96054)]

B.S.

I won't even repeat such hog wash by quoting the parent post. Poor/poorly paid people don't break the law because they're poor/poorly paid. If it were that simple, why do rich people break the law also?

Wages should be based on the value of the work, not relative to those the worker deals with, or relative to the worker's self-esteem.

As even the parent admits, we're not talking about people on the edge of existence--someone stealing a crust of bread just to survive another day. We're talking about peop

Nope. India is just a morass of corruption.

[frost22 (115958)]

They can not even prosecute clear cut cases of murder, when there is ample proof.

Just a somwhat current example: the murder of Jessica Lal.

The victim, an attractive model, worked at the bar at a friend's party in a fancy restaurant. A son of a powerful politician comes in with his entourage and asks for a drink. She refuses to give him one, because the bar is already closed. The man - offended beeing refused in front of his friends - pulls a gun and shoots her direct in the face.

Numerous witnesses. Ample evidence. OJ Simpson was a mystery compared to that. And yet, after seven years of judical wrangling, the man walks away free (not that he ever spent a day in jail). Witnesses who can not remember anything, a police that just happens to destroy or devalue all evidence - the case stinks of corruption.

Its been a major scandal in India half a year ago. But only because the victim was well known and had many influential friends of her own. Had she been a simple rural woman, we wouldn't even know. Local observers note that affairs like that are standard practice - if you are rich enough in India, there is no law that applies to you, because everybody is corrupt and can be bought.

Don't believe me ? Just google for Jessica Lal, and read the whole sordid story.

Blame it on India!

[RexRhino (769423)]

Of course, there isn't any reason to believe that private data couldn't be illegally sold in the UK... or in the U.S., or France, or Canada, or Germany, or Japan, or whereever. In fact, data theft has most certainly happened in all those countries!

But you are going to have a salvo of posts demonizing India as a place to do buisness. People with either a xenophobic agenda, or a protectionist agenda will jump on this with the whole "India is evil! Don't outsource to India" paranoia and hysteria, when in fact there is no reason to believe your data is more secure anywhere else.

Re:Blame it on India!

[Danga (307709)]

People with either a xenophobic agenda, or a protectionist agenda will jump on this with the whole "India is evil! Don't outsource to India" paranoia and hysteria, when in fact there is no reason to believe your data is more secure anywhere else.

There is a reason to believe my data would be more secure somewhere else and for me that would be here in the US. The reason it would be safer is because if someone were to sell my information working at a company here in the US then they would be held accountable to the laws we have against that and they would pay the price because I certainly would go after them myself if necessary. If the person who sells my data happens to be in another country then I would not have the choice to go after them myself and even though they most likely would lose their job their home country may not have any laws against what they did with my information so they could basically get away with it. So while there truly are "bad apples" everywhere there would be MUCH more deterent to sell someones personal information in a country that has laws against it than in a country where those laws do not exist.

I think if I was making $2/hr (I made that up, I don't know what the real number is but I am sure it is low compared to the US) while I knew I was being exploited for cheap labor and was offered a large sum of money in exchange for personal data knowing I would lose my job but not be in trouble legally that I would probably take the money and go hunting for a new job.

Basically I hope that some laws are passed in the US (and other countries) that already have laws guarding personal information to make sure if companies outsource access to that information that they are only allowed to outsource it to a country that has at least the same laws in regard to personal information. The best choice would to not outsource that information at all (so if the company in another country did not persue the employee legally I could do it myself) but at least this way if someone did do something with my personal information I would have some hope that they would be punished more than just losing their job.

Re:Blame it on India!

[dotdash (944083)]

I think if I was making $2/hr (I made that up, I don't know what the real number is but I am sure it is low compared to the US) while I knew I was being exploited for cheap labor and was offered a large sum of money in exchange for personal data knowing I would lose my job but not be in trouble legally that I would probably take the money and go hunting for a new job.

A call center employee in India does make about $2.3 dollars per hour. However, I am really tired of people quoting these low Dollar figures for pay, while forgetting to mention that the "low pay" tends to be rather high for the local economy.

Let me give you some estimate of costs and expenses in US Dollars. These numbers are for cities like Bangalore and lie closer to the upper limit. I have considered the kind of restaurants and other establishments a young and hip call-center employee is likely to haunt. In the interest of full disclosure: I am Indian, and am quite familiar with the goings on in India in the IT and BPO fields.

Here is the summary before I give you the details: A call-center employee has the potential to save about 35% of his monthly pay. I wish I could do so in the US. Even by Indian standards, 35% is very good savings potential. For comparison, my sister and brother-in-law live in Bangalore, do not work in IT or BPO, and together earn less than the average call-center employee does. Mind you they both have daily expenses. They also have other expenses (schooling and feeding children mostly) an average call-center employee tends not to: The average call-center employee is single, in early 20s, and quite often not contributing much financially to his family.

With numbers like these, I can argue that call-center employees in India have a lot less incentive to sell out. That is, people in the US might look for "supplemental income" more than an Indian call-center employee does. Now, I don't believe that is so, just like I don't believe the argument that the lower Dollar-wage makes Indians (or other nationals) sell out data.

Here is the deal: For every 100 guys selling data, there is one guy buying it. The buyer shops in India because doing so is less expensive for him. So, how about we also look at where the buyers are coming from and what they do with it?

Average Monthly Numbers

• Pay: $444.44
• Expenses: -$276.75 (Everyday expenses (-$150.9), and rent and other montly expenses (-$125.85)
• Savings: $167.69 (37.7% of income)

Everyday expenses (Note: Call centers in India give their employees free refreshments and free/subidised transportation)

• A cup of coffee at a really fancy coffee house: $0.33 (yes, 33 cents)
• A cup of ice cream at a really fancy parlour: $0.65 (must buy ice cream for the girl that tags along)
• A pack of cigarettes: $1.5 (cigarette smoking seems to be on the rise)
• A full meal at a really fancy restaurant: $2.22
• A day pass on a city bus: $0.56 (though the average call-center employees are unlikely to take a bus: they ride bikes)
• A can of beer: $2.00 (most people don't drink beer everyday, but I list it here in case you are wondering)

Monthly expenses

• Rent: $44.00 (A native is likely to live with parents, and pays well below this number)
• Hair cut: $0.55
• Movie tickets, for four shows: $3.00 (movies are the most popular form of entertainment)
• Concessions at the movies for four shows: $4.50
• Apparel for self: $10.00
• Apparel for the person you are wooing: $10.00
• 10 gallons of gas: $48.8 (yes, gas is that expensive)
• Vehicle maintenance: $5.00

Big-ticket

• A new motorcycle: $1000.00

Good to know

[by Anonymous Coward]

It's good to know that there isn't anyone in America who'd do the same thing...

Of course

[bytesex (112972)]

I goes without saying that the security measures in Indian companies are among the best; why, with all those CMM level 5 companies, security comes for free !

Courts and Law

[blueZhift (652272)]

While I'm no fan of offshoring, in all fairness, it is true that data theft as described is not a problem unique to India. The real question is, how are these things handled by the courts and laws of the countries in which they occur? If there is some assurance that perpetrators will be brought to justice and things put to rights, as much as possible, then it may not be as big a deal. However, if the courts or laws are weak/corrupt and the penalties associated with data theft are laughable compared to the benefits, then you have a big problem. Many companies have been attracted to India and other countries by relatively cheap labor, but they really need to look at the rule and culture of law in any country they plan to do business in as well. This of course assumes that they are truly interested in benefitting the customer and haven't just added in data theft as a cost of doing business.

Re:

[happyemoticon (543015)]

The real question is, how are these things handled by the courts and laws of the countries in which they occur?

"The Indian prosecutors had everything they needed to throw the book at them, until they found out that the police had stapled the CDs and floppies containing the data to their forms."

(elaboration from a story I heard about Indian police a few months ago)

Re:

[hey! (33014)]

While I'm no fan of offshoring, in all fairness, it is true that data theft as described is not a problem unique to India. The real question is, how are these things handled by the courts and laws of the countries in which they occur?

I think you're almost there.

The real question is what are the risks entailed by offshoring, and how do you prepare for them? The stance of authorities in the offshore countries is just part of that.

Let's assume for sake of argument that the law in the other country is aggressiv

What can you say

[Garette (206805)]

A related atricle on BBC.
http://news.bbc.co.uk/2/hi/business/5405438.stm [bbc.co.uk]
Not every Indian is necessarily corrupt. However, even an handful can ruin the reputation of the entire bunch. The Indian Govt. has to crack down really hard on the people caught seeling the data.

PS: I am an Indian too...

What can anyone say anywhere?

[krell (896769)]

"Not every Indian is necessarily corrupt. However, even an handful can ruin the reputation of the entire bunch. The Indian Govt. has to crack down really hard on the people caught selling the data."

Substitute "American" for "Indian" in that sentence. Then start going down the line with other countries. P.S. I am an American too.

It's not that it's everywhere that's the problem!

[erroneus (253617)]

It's that it is beyond the reach of local law enforcement which complicates things.

Let's say that the same crime happpens locally. Local laws are applied against local criminals. If I recall correctly, the last time this issue was discussed, "identity theft" and related fraud weren't necessarily a crime in India or at least they didn't have the same level of urgency out there. Whatever the case, there is no guarantee that the handling of these problems would reflect the same level of justice as it would locally due to disparity of law enforcement priority, communications among law enforcement, etc.

On the other hand, if we had some sort of international treaty regarding these matters, that might balance out the problem. For example, all employees of these call centers should be made to operate under the laws of the city, state and nation of the company they are representing and if they are suspected of being in criminal violation of such laws, they should be extradited to the city, state or nation for criminal prosecution.

But in my opinion, that wouldn't really be enough. These people are simply too far out of reach to be held accountable. I just feel like we're at risk having some rather critical information exported to other countries for processing where our laws and regulations do not necessarily apply. It's bad enough when it happens here on our own soil, but at least we can take SOME action against it. Internationally, it's just all the more complicated.

Re:

[fdiskne1 (219834)]

I just feel like we're at risk having some rather critical information exported to other countries for processing where our laws and regulations do not necessarily apply.

Too late. Your personal credit information is already there. I had a problem getting a credit report from one of the credit reporting agencies. When I called them to be sure they took care of the problem, the phone was answered by someone with such a heavy Indian accent I could barely understand him. The first question out of his mouth wa

I watched this,

[joe 155 (937621)]

last night, people were selling amazing amounts of information. One person claimed (and showed a recording as proof) to have actual voice recordings of people handing over credit card and security numbers...

Whilst this might be just a few bad apples it does make the whole sector look bad, and I'm not sure I want to be giving my card numbers to compainies who outsource so readily without checking fully what staff are up to.

Interestingly though was the response from the banks, which amounted to "so what". They really don't care. Whenever someone is a victim of fraud through these, or other, means they simply pay up and give the customer their money back, which apparently is cheaper than making sure that it doesn't happen - besides not everyone will notice, and they profit from the people who are scammed and don't notice

Re:I watched this,

[REBloomfield (550182)]

I saw it too, and realised where the three cold calls i recieved earlier this year may have originated from. I was called on my mobile by an middle eastern sounding man or woman, and told that they could move me to a much better contract, and if i was happy they could go ahead and make the change straight away as they had all the details they needed. They hung up when I demanded to know what details they had and where they got them from. Scary stuff; I'm careful with my details, and I haven't bought a mobile 'phone over the 'phone or online like most of the people mentioned.

It was eye opening for my wife, she had no idea how easy it was to commit fraud with a few card details and the CSV number on the back. She doesn't buy anything remotely, so wouldn't know better, but i was shocked that many people could be this open to potential fraud.

Banks move call centers, we pay the price.

[Trifthen (40989)]

I saw this coming last year when several banks here stated they were moving many services unrelated to call centers, out of the US for financial reasons. It would appear that people generally don't care about others, which is only exacerbated by national identity detracting from emotional identification. What does an Indian care about some schmuck from the UK? About as much some guy in the UK cares about an Indian.

Then again, it could be argued that by sending financial services to the lowest bidder, banks are encouraging wholesale fraud. It's probably a combination of many factors, these only being the low-hanging fruit. I'd like to think banks would be more responsible with our money, but apparently charging outrageous interest rates on loans and transactions isn't enough of a profit.

The best in the world

[gutnor (872759)]

"Security measures and practices that Indian companies have are the best in the world."

And what about the rest of world like US, Japan, Europe ?

Well, I guess the "best in the world" just follow "cutting edge", "breakthrough", "leading", "enterprise", "professional" in the list of expressions Marketing department sucked the meaning.

Mind you, I'm not bashing India, that happens everywhere: in Europe Spain, France and Belgium all declared at various time that they have the best healthcare system in the world .

offshore identity theft too

[peter303 (12292)]

Why should IT and manufacturing be the only ones benefiting from offshoring? Let crime do so also!

(I think this might be a joke, but its not funny.)

Call center employees shouldn't be able to do this

[Fastolfe (1470)]

If the company designed its security and auditing correctly, call center employees should never have the ability to do this in the first place. Why are they trusting call center employees with wholesale access to customers' private data? Competent companies will require the employees to provide an explanation every time they access a record, and these will be tied to their phone records to make sure they are only accessing information relevant to their current task. A good audit trail, flagging unusual access behavior, combined with limiting access only to individual records at a time would have stopped these breaches.

Yes, some of these outsourced call centers are inexpensive because they don't do things like this. But you get what you pay for, right?

This is why I don't outsource

[Serveert (102805)]

I don't believe in cuttting corners, I don't think that's a long term strategy. For example, I don't hire people I don't trust. I hear people talking about outsourcing and they mention giving them a part of the non-critical portion of the code. Why bring these people on board who you don't trust? Short term profit? What about long term profit when these people you don't trust steal the rest of your code and compete against you?

Or, since you're just looking at them on a cost basis, paying them as little as possible, they aren't motivated. So their productivity is lower. I believe you should hire people and give them ownership and high pay. That's a long term strategy. All these companies outsourcing right now are going to get a rude awakening down the line.

I'm shocked... shocked...

[Maxo-Texas (864189)]

to discover people making 15% of 1st world wages can be corrupted with large amounts of money for valuable private data.

It would be no different in the 1st world-- except it would take about six times as much money to corrupt them at the same level.

Just The Tip of The Iceberg

[aldheorte (162967)]

This is just the tip of the iceberg. Consider what happens to code development shipped offshore. It amuses me that businesses with strict non-open source code policies offshore code development because it's pretty much a de facto, if unofficial, grant of open source. It's even worse when people use offshore resources for "secret" prototype development and the such in an attempt to save money on project startup. I cannot think of a worse venue to put confidential new development into.

This problem is a compound problem. First you have low wage workers that are more likely to succumb to temptation of selling such secrets. Second, you have jurisdictional problems - technically you could make a legal claim through treaties and the like, but the hassles and delays would take years and years to resolve and probably give no real satisfaction (this is why I say de facto in the above, even if you disallow something, if there is no real useful legal remedial process behind it, whatever agreed is basically unenforcable). Third, there are cultural problems where intellectual property and consumer privacy are fairly artificial constructs of the legal systems of developed countries.

The bottom line is that this is only going to get worse and I imagine that Western companies will soon face legal liability for outsourcing in two ways:

1. To shareholders for assigning development to offshore resources that results in compromise of trade secrets or the like.
2. To consumers for breaches of privacy and resulting identify theft and the like.

The companies will argue that they entered into contractual agreements with third parties so it wasn't their fault, but I suspect that many of these cases could and will be successfully pressed on the basis of a lack of due diligence, especially against the backdrop of known incidents such as this.

Some hackers tried this in the 70s

[mcmonkey (96054)]

This is just the tip of the iceberg. Consider what happens to code development shipped offshore.

It would be easy for someone to slip in a virus to round off the fractions of a cent in the interest computations and put the remainders in an account.

You just need someone who knows the credit union software to install it.

Cheap shot journalism

[nuggz (69912)]

These type of "fear the indian call center" play really well because they hit such a high number of issues.

ID theft- scary, currently a nice hot issue.

Privacy - little recourse for violations,

Offshoring - They're stealing jobs!!
Jobs people don't want. FWIW there are some larger call centers in various parts of North America that are growing.

Indian accents - some people have trouble with them.

Racism - Some people just don't like them even if we solve all the other issues.

This is just cheap shot journalism at an easy target that gets people upset. This same type of privacy violation can and does happen in every part of the first world.

Re:

[jnf (846084)]

I didn't RTFA, but it should hit a very important point. When I worked in the banking industry we had four or five bases of operation in India, we then had a problem that no one really wanted to talk about- we couldn't do background checks on the employee's in India, so we were not even in compliance with our own policies. This was a huge issue because these people had access that ranged from nothing to administrative access over all of the workstations and some of servers.

Think about that for a moment a

Re:

[geekoid (135745)]

Offshoring - They're stealing jobs!!
Jobs people don't want. FWIW there are some larger call centers in various parts of North America that are growing.

Jobs people don't want? what you mean like programming? or the thousands of people that have been fired so there call center/support job can go to india?

To say migrant works do jobs most people don't want is true(ever pick strawberries for a day?); many people want office jobs.

Re:Cheap shot journalism

[MrMickS (568778)]

The programme did speak to someone working in a call centre in the UK. That person pretty much said that the security was so lax that any of the breaches levelled at India could also take place within UK call centres. So the programme wasn't making cheap shots.

The difference between India and the UK was the manner in which this data was marketed. Outside Hyderabad, which had G.Bush visiting and high security at the time of the investigation, the personal information was being dealt as any other commoditiy. That is, openly traded. The makers of the programme weren't able to gain access to data as readily within the UK. The speculation, as it was untested, as to why this was the case was down to jurisdictional issues.

A large number of UK companies have taken advantage of the services supplied by Indian call centres. The security of data is a genuine concern. The numbers being talked about were in the 50,000 - 100,000 new leads per month. This is fraud on a large scale even if its only being carried out by a relatively small number of people. Some of the sample data, which when challenged was said to be made up, was used to track one person down that was prepared to appear on camera and confirm it as true. Interestingly this data was obtained because the person had a credit check done in a UK shop which happened to go through to an Indian call centre.

Incidentally the programme did say that the information was garnered not from banking call centres but mostly from ones used by mobile phone companies. The implication being that the banking call centres had a higher level of security.

Legal recourse

[dodobh (65811)]

The law is being made a lot more stringent, and every person whose personal data has been compromised can get compensation upto 5 crore INR (50 million INR) as civil damages, as well as criminal action leading to fines and/or imprisonment. Under Indian law, any affected individual can bring a criminal lawsuit, without having to wait for the government to intervene.

http://tech.groups.yahoo.com/group/cyberlaw-india/ message/2848 [yahoo.com]

Re:Hmm...

[weave (48069)]

Amen. We just recently had an esoteric problem with Windows and roaming profiles where in about 1% of the logons, the user's perms to their user hive in the registry would be removed, preventing any GPOs from applying. After two weeks of debugging and not being able to faithfully reproduce it, we called microsoft and paid for an advanced support call to troubleshoot mission critical issues. This is one where "senior management" is allegedly notified of your issue.

We never got out of India, as evidenced by the emails that went back and forth and their origin (you can't always judge by accent because there are Indian citizens working domestically). However, as you stated, the ability to understand what they were saying was enough to drag each call out to twice as long as it should have been.

Then there's the quality of the "support." We were treated as if we were Grandma with a PC problem. We provided clear userenv logs and asked specific questions like "What causes migratent4tont5 process to invoked? What exactly is it checking for since we have no nt4 machines left?" No answers to our specific questions. Instead we got "advice" like.

• It's probably a virus problem.
• Please remove all non-microsoft services from all of your machines. "What? Including our Anti-virus software?" The answer was, yes.
• It's a driver issue with nvidia video cards (we don't have any machines with nvidia cards)

After a while the case person stopped returning our calls and their email started bouncing. Emailing the manager on record for this also bounced. Seemed like their email server was having problems.

They never followed-up on the call. After another week we found out what the problem was. If the ProfileList HKLM key didn't match what local cached profiles of roaming profiles exist on any given machine, it *sometimes* triggered this process that ended up changing the ACLs on the user hive preventing GPOs from being set. Solution was a machine startup script to check that list and remove any entries that conflicted.

They never even hinted to us where to look. We just found it through a heck of a lot of trial, errors, and observations. As far as I know, over a month later, the case is still open with them. They have never bothered to follow up. Then again, they probably closed the call with some lame excuse like "Customer refused to cooperate" (yes, we refused to remove anti-virus from all 2000 of our desktops. It was a stupid suggestion and had nothing to do with the problem at all)

Re:

[Lactoso (853587)]

GP is blaming Microsoft. Specifically, Microsoft's decision to outsource support to a foreign nation, Microsoft's lack of training of this outsourced support staff, Microsoft's apparent apathy with the end-user (used to be called 'the customer' in the old days) experience, and Microsoft's failure to meet their support claims (this was a paid support call where 'senior management' was supposedly notified).

And the saddest part of this tale is that since the problem was solved (by the customer) after having

Re:

[weave (48069)]

There ARE lots of qualified NT admins in India, who have the professionalism and knowledge to really research this kind of problem.

I have no doubt about that. But this particular problem I described was very esoteric. Basically, if you get an userenv dump and google for some of the words found in it, you get tens of thousands of matches from other dumps people have posted over time.

The problem was, some of these in the section at issue we googled and got ZERO hits on, meaning no one has seen it before

Re:

[stfvon007 (632997)]

This happened to me. had an email adress that didnt get any spam and only used it for internal company communications. Emailed Leadtek one day about a part that needed a replacement, and boom, spam stars pouring in the next day.

Re:

[RexRhino (769423)]

Are you saying that a security expert in the UK couldn't provide security in India, because he can't speak Hindi? What does language ability have to do with Security skills?

Re:

[gorfie (700458)]

Don't be too quick to downgrade the parent. His message may seem trollish but his point is valid. They claim that their security measures are the best in the world but they also make other claims that are done purely to make their industry look more appealing to potential customers - not necessarily with any basis in reality(whether that is sales abilities, communciation skills, work ethic etc.). So if one claim is pure marketing then who is to say that the claim regarding security is anything other than

Re:

[Xest (935314)]

Exactly, whilst I agree my post probably came across as a little too trollish, my point was that comments like that are as ignorant and short-sighted pro-India marketing propaganda as the original article is anti-India marketing propaganda. When many outsourcing companies have been making claims like that (although of course in this case it was a response) is it suprising that western organisations hit back with an equivalent amount of propaganda? In an ideal world they'd all just grow up and avoid spreadi

Re:

[Maxo-Texas (864189)]

In an ideal world, the SE that gave a realistic estimate of 300 hours would get the contract.

In the real world, the SE who says it will take 150 hours and then extends it to 300 hours for various reasons gets the contract.