Sunday, 10 October 2021 20:27

iSAT, Dimension Data ugly dispute puts dire consequences for all South Africans.

By Rory Pearton,CEO iSAT (Internet Services and Technologies).

As is well known in the IT industry, iSAT is currently in litigation against Dimension Data and NTT Ltd.

After the catastrophic failure of Internet Solutions Cloud Platform, in February 2019, that iSAT was making use of, it was disclosed, via an email from Internet Solutions, that the Cloud operating software being used, OpenStack, had not been maintained and updated by Internet Solutions for years.

The version of Openstack software had actually expired (reached End of Life) 4 years before the Cloud Platform failed. In the IT industry not maintaining software, particularly, connected to the Internet, directly or indirectly, is as close to criminal negligence as is possible.

Shortly after this Cloud Platform failure, Dimension Data announced that Internet Solutions was getting absorbed into Dimension Data, Internet Solutions was widely recognized as the oldest Internet Service Provider in South Africa and the Internet Solutions brand name was extremely highly recognized and regarded.

Dimension Data refused to accept any accountability and denied negligence. ISAT approached NTT Ltd, the holding company of Dimension Data. Instead of taking the necessary steps to remedy the negligence, NTT Ltd instead accused iSAT of harassment. NTT Ltd thereby condoned the behavior of its subsidiary.

iSAT then made public all documents relating to the negligence via the https://www.isat-vs-is-and-dd-and-ntt-ltd.net Web site.

Despite being asked multiple time to check the content of the Web site, Dimension Data and NTT Ltd, decided to rather try and hide the truth and take the approach of gagging iSAT via a court order.

iSAT readily agreed to take the Web site down until the case was heard in the High Court. The High Court case was finally done on 18th March 2021. The presiding Judge said that he would deliver judgement after 30 days. The matter being a simple one, iSAT had expected this to be a quick process, considering Dimension Data and NTT Ltd could not find anything that it considered incorrect on the Web site that iSAT had created.

The CEOs of Dimension Data (Grant Bodley) and NTT Ltd (Jason Goodall) announced in advance that they would be stepping down from their positions on 1st April 2021, which they duly did. The new CEO of Dimension Data is Werner Kapp and the new CEO for NTT Ltd is Abhijit Dubey.

Unfortunately, 6 months have passed with the two new CEOs in charge, Werner Kapp and Abhijit Dubey, and neither have attempted to contact iSAT, or make a relevant statement to the press, so it must be assumed that they too believe that the industry standard of correctly maintaining system software is unnecessary.

Various long standing Dimension Data executives, including founding members, also parted ways with Dimension Data in June 2021, see Dimension Data founder Jeremy Ord quits amid massive exec exodus | ITWeb .

Additionally, within weeks of the legal process starting, any employees of Internet Solutions/Dimension Data who had communicated with iSAT, were no longer employed by those companies.

Those employees include Michelle Brink (account manager), Andrew Green (Cloud engineer), Basha Pillay (Cloud manager for Internet Solutions) and Julian Sunker (Internet Solutions and Dimension Data CFO, and listed Director for Internet Solutions and Dimension Data).

It has now been 7 months, and the High Court judgment has just been sadly delivered against iSAT, exactly one day before this press release was due to be sent out. A coincidence? iSAT are forwarding details to the Directorate for Priority Crime Investigation (Hawks). They can investigate that potential problem in their own time.

It is indeed in the interest of South Africans in particular that this press release still goes out. Nothing has changed. Dimension Data and NTT Ltd have still been negligent and refuse to accept accountability.

And the final straw was in any case when in early September 2021, it was disclosed that South African judiciary system was compromised by cyber criminals.

The cause of these breaches quite often, is when software being used is not being maintained properly. Most software updates released are security related. As can be seen from updates for Windows 10 and other Microsoft products.

iSAT has been trying to get people to understand since March 2019 how serious and how unacceptable this behavior is by large IT companies in South Africa, like Dimension Data and NTT Ltd, when they do not properly maintain systems connected to the Internet.

It should be clearly understood as well, that if the cybercriminals can encrypt data and demand a ransom, it means that they have access to the data to copy, and then sell, normally on the dark web.

It is thought that the Department of Justice (DOJ) hackers had access to the DOJ data since April 2021. High Court judges have had to resort to documenting legal matters on paper, DOJ data has been encrypted and is inaccessible. Data backups have also been encrypted. It should be accepted that all data on breached DOJ servers will now be for sale on the dark Web.

When the information of Dimension Data/NTT Ltd.'s negligence was originally exposed in the press, no comment was made by any of the executives at the other large IT companies in South Africa, like for example Datacentrix, Westech, Business Connexion and Bytes.

Possibly because the press reaction to the news was fairly subdued. In South Africa and other countries there is often a problem with news reporting being one sided when one of the parties involved regularly provides paid content for the news site.

Dimension Data and NTT Ltd are owned by Nippon Telegraph and Telephone. Nippon Telegraph and Telephone employ over 300 000 people around the world and are 33.33% owned by the Japanese government. Does Nippon Telegraph and Telephone condone the negligence and lack of accountability of its subsidiaries Dimension Data and NTT Ltd? What does the Japanese government have to say about this?

iSAT believes that Dimension Data and NTT Ltd.'s lack of responsibility has served to create and sustain an environment in South Africa where IT negligence is acceptable, and lack of accountability is the norm.

A few of the institutions in South Africa that have been breached just over the last few weeks include:

Transnet

Department of Justice (DOJ)

African Bank

As previously mentioned, the situation in South Africa is really serious, and iSAT has tried to make this clear since March 2019.

Just in government related systems, South African citizen are facing potentially many threats, for example the capturing and encrypting of data such as being used by:

SARS (South African Revenue Service)

IEC (Independent Election Commission)

Eskom (Including Koeberg control systems?)

Public servant salary systems

EVDS data (Electronic Vaccine Data System)

And unfortunately, many more.

The implications of security breaches in one or more of these systems will have dire consequences for all South Africans, particularly in the current climate of political and economic uncertainty and instability.

And it is not as though these data breaches are not preventable. For example, the DOJ equivalents in the United States and the United Kingdom have not had their systems breached. There will be cases where systems can still be breached, but the number and effect of these breaches will be limited if systems are properly maintained.

The following needs to be done immediately to help prevent more disasters and at least try and mitigate the problems South Africa is currently facing:

  1. SITA (State Information Technology Agency) should immediately blacklist Dimension Data and NTT Ltd (and any entity that either party is involved in) from competing for any SITA contracts. SITA is responsible for awarding contracts for government related IT infrastructure.
    See list of SITA service providers at RFB 1183 Contact details amended list- 02-03-2021.pdf (sita.co.za)Dimension Data have a long and sometimes difficult history with SITA. See Dimension Data dismisses corruption allegations (mybroadband.co.za)
  2. Any existing contracts that Dimension Data and NTT Ltd may have in place with SITA, should be overseen and preferably taken over by a third party with the correct experience and credentials and business ethics.
  3. Non-government companies and institutions making use of Dimension Data and NTT Ltd infrastructure and/or consulting services should understand that they will be held fully responsible should data be stolen, and/or encrypted and losses be incurred by their clients and shareholders. They should get risk assessments done as a matter of priority.

Unfortunately, this press release will result in major job losses within Dimension Data and NTT Ltd, both in South Africa and the many other countries that they operate in. iSAT deeply regrets this. But risks for the general South African population as a whole will be reduced if Dimension Data and NTT Ltd are forced to be accountable. It may be possible for those Dimension Data and NTT Ltd employees who lose their jobs to institute a class action suite against NTT (Nippon Telegraph and Telephone).

There are of course may excellent employees at Dimension Data and NTT Ltd. iSAT works with a group of those people in the Dimension Data business group Ignite. iSAT makes use of their Internet access solutions, as well as those that they provide on behalf of MTN and Rain. iSAT does not consider these solutions as high risk.

Additionally, iSAT asks individual South Africans to check with institutions they make use of like banks, medical aid and insurance companies, and other medical institutions to check whether these institutions are making use of Dimension Data or NTT Ltd, infrastructure or getting security support from them.

These institutions should be made aware that in the case that their systems are breached they been giving due warning and will held liable by their clients/customers.

It is not reasonable or ethical to make use of companies that do not consider themselves to be held accountable for their actions in any private or public enterprise.

The bickering between Pearton and Dimension Data dates back to March 2019 when Internet Solutions, which has since been integrated into Dimension Data, suffered hard drive failures that resulted in two weeks of Consumer Virtual Machine (CVM) platform downtime.