Password breach at Customs leads to huge revenue loss

Password breach at Customs leads to huge revenue loss
Password breach at Customs leads to huge revenue loss

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By T.E. Raja Simhan
The Hindu Business Line
June 01, 2009

Chennai, May 31 Theft/unauthorised third-party use of customs officials=E2=80=99 
password for accessing the computer network (Customs Electronic Data 
Interchange or EDI) used by both the customs staff and the merchant 
community is causing loss of revenue, says an internal communication 
circulated to the offices at the Central Board of Excise and Customs 

On a number of occasions there have been frauds reported in the various 
Customs EDI locations involving =E2=80=9Ccompromise of password by officers=2E 
Such frauds have led to revenue loss of crores of rupees=E2=80=9D, the 
communication said.

The Directorate of Systems has repeatedly issued detailed instructions 
on password security. These instructions set out the basic steps that 
should be followed by all the users to eliminate the possibility of 
=E2=80=98compromise of passwords=E2=80=99.

Dismaying factor

=E2=80=9CHowever, despite such instructions being reiterated repeatedly it is 
dismaying to notice that instances of password compromise continue to 
recur with unfailing regularity. It is evident that officers are not 
taking these instructions seriously and there is also a failure on the 
part of supervisory officers to effectively monitor the performance of 
their subordinates,=E2=80=9D it says.

=E2=80=9CThe biggest threat to security of an electronic system comes from 
password compromise and sharing of password. In effect, when an officer 
shares his password with anybody, he has to, without doubt, be regarded 
as being in collusion in the fraud that results,=E2=80=9D it says.

Important reason

Enquiries with the customs officials revealed that a typical instance of 
an unauthorised access of officer=E2=80=99s password is that of the information 
about a particular case being investigated by the department being 
leaked to the concerned importer/exporter.

It could also lead to the information being revealed to some other 
establishment resorting to a similar trade practice that has come to 
their notice.

The merchant establishment could rearrange its affairs to escape levy of 
penalty, besides prosecution. The fact that only a few officers have 
been punished and that too, not adequately for password breach may be an 
important reason why such breaches continue to recur, sources in the 
department said.

The Central Excise and Service Tax, Directorates and other formations 
will increasingly be required to work on applications requiring 
conformity with password security guidelines. The board would like to 
ensure that all the security-related instructions issued by the 
Directorate of Systems are complied with by all officers, including 
supervising officers, and those violating them are brought to account 
without loss of time.

Further, whenever any case of =E2=80=98password compromise=E2=80=99 comes to the notice, 
it has to be thoroughly investigated and proceedings for inflicting 
exemplary punishment should be undertaken and concluded expeditiously.

It should be made clear to all the officers that maintenance of password 
security is the sole and individual responsibility of each officer and 
any breach will make them liable to disciplinary action resulting even 
in dismissal from the Government service, the CBEC has said.

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Visit the InfoSec News security bookstore! 


Site design & layout copyright © 1986-2015 CodeGods