Sunday, 8 November 2015

Manipulation Software Spreading in Post Offices

11/08/2015

Changes are happening everywhere and people are start using gadgets and computers on a larger scale.  As a result of this, new generation people are searching for various solutions for getting their work done very quickly and smartly by bypassing some traditional mechanism.

The spark of above said changes can be seen in the newly originated work culture of India Post employees also.  Through this article, I am trying to showcase you one of such changes happening in India Post.


The practice of using unauthorized Software Tools developed by officials of India Post or third party is increasing day by day.  We can see this activity from different perspective.  I cannot say blindly that whether this practice is good or bad.  I am just trying to watch this activity from different view point.

After reading this full article, surely you can make a clear decision or at least you can understand the facts.


Few years back, when an error shows while doing an operation in any of the modules, the official would call the concerned System Administrator and explain the error. Then he would execute a solution supplied either by CEPT Mysore or SDC Chennai.  If the solution was not readily available with him, he will call another System Administrator who is working nearby office and ask for the solution supplied by CEPT or SDC.

He would report the error to CEPT or SDC and would get solution with in one or two days if it is a new error.

Likewise if any report was not available in a particular version, they had to wait until the next version has been released.

Now everything has been changed.  Let us see some questions or statements frequently used in the conversation between staffs in India Post.

Do you have any tool to rectify error …………….…? 
Do you have any tools to change the status of accounts in database?  
Please send me the tool for reviving all silent accounts?
Have any Tool for taking that report?
Use that tool and clear the discrepancy quickly, etc.

In short, Tools rules the operations of India Post.  Every one asking for tools and more people start developing tools.  Officers are also formally or informally insisting for using these type tools. 

Majority of the people insisting or using the software are not well aware of the software development concept and database security issues. That is why I have come with this matter to explain the background.

Evolution and Cause of Birth

While analyzing the evolution of such tools, you can see that the reporting tools were the first of this kind.  In certain case some required reports may not be available in the official software but the data will be available in the database.  Inorder to overcome this issue, persons having good understanding about the database might have developed reporting software for taking a particular or number of reports.

After the development of different types of reporting tools by various ‘in-house’ developers, the developers had started exploring new possibilities through such tools which was actually a risky job in different ways.  Let us discuss risk factors later.

In certain cases, inorder to complete a work within a stipulated time, changing database value is easier than doing it though the actual module.  In such case a new updation tool may be developed for bypassing many application level activities.

Delay for getting solution from CEPT or SDC Chennai may be one of the reasons for developing updation tools.

Picture of support from CEPT has already written in the previous post See how CEPTsupport team distract employees through HDMS

Good numbers of newly recruited Postal Assistants are engineering graduates or highly qualified persons and some of them are interested in programming and application development.  If such persons are working as System Administrator, they can easily study the database structure and thereby they can develop software tools based on local database.  Such tools may make the developer more popular through various blogs or social media sites.

In short fame or popularity may be one of the reasons for such development.

What is behind the curtain?

You will be happy if the error gets solved while executing a solution/Fix tool. But have you thought about what had happened in background while using a particular tool.  I know, you might not think about it.  That is why I have written this article.

I shall try to explain the back ground of database tools and its applicability as simple as I can.

Let us assume that some gold or equivalent valuable are kept inside a room and this room has two doors, one front door and one back door.  This room also has a very small window.  Here there are four possibilities to access the valuable kept inside the room.

a)   Through the front door( The Direct way)
b)   Through the back door (In Direct way)
c)   Through the window(Difficult but possible)
d)   By making hole on the roof or wall(Extremely difficult but possible)

Likewise in database concept, there are many way to access or manipulate the data.  Database is the collection of valuable data stored on the server which can be compared with gold in the above example.  Here Database may be accounts details or article details or employee details, etc.

If you consider the Database of a Post Office, it is also accessible through different ways like below.

1.    Through Application Level: - Accessing database through Front Door, This is the direct way of accessing database by end user and it is very easy and completely legal.

2.   Through Database Engine: - This is a formal back door activity.  Formal way of accessing database by database administrators.

3.   Through Custom made executable: -   This is using the advantage of window.  Here window means the knowledge about the database structure and its week security.  Person with insider knowledge can access DB through this way.  This is also an unfair activity.

4.   Hacking: - This is lime destruction of wall or roof.   A hacker can access the database by destroying the security or can intrude by using the advantage of week database security.  This is purely illegal in nature.

Developers of the manipulation tools use the third option to alter the database. You may think that developing a small manipulation tool is very difficult and only a smart programmer can do this.  But actually anyone with basic understanding of SQL query and programming language can develop a manipulation tool.
Instead of running SQL query in the Query Analyzer, the developers will run the same query using executable files in such tools. A programmer can include any number of queries in one exe file so while running this file he can make any modification in any database according to his will without your permission.
He can change the balance of all accounts in Sanchay Post or can delete all accounts by writing a single line of code.  In short the manipulation is as much as easy by using executable.

Inserting values in some columns of a table in a database according to the will of programmer is very common while developing a solution fix exe.  In certain circumstances while developing a solution exe, the programmer cannot insert the original values back into a particular column due to various constraints and such values will not be affected by the working of an application. In such cases developer of the tool may insert dummy value in to that field.

Such changes will not be identified by an end user but even if it will not make any adverse effect now, it may be questioned in future if any fraud has been committed.

Major Threat

99% percentage of the Software tools spreading and using in the Post Offices are developed with good intension.  They may not make any unnecessary changes in database.  There is another side for this case.  You people knowing only about the fair tools spreading through blogs or social Medias but there may be some other secret tools spreading or exchanging for malpractice or fraud.

Even if chances are very rare, special care should be given while preparing for CBS migration.  A culprit can make changes in database using this method without knowing any person and can reap the advantage after migration from any other office.

There is another chance for unnecessary alteration of database due to partial knowledge of the developer.  The change may not be intentional but it is also dangerous.

Administrative offices are very keen about Data Entry module and they are reluctant to give permission for data entry.  Because they think that data entry module is the only means through which a Post Office staff can do fraudulent activity.

But persons having knowledge in programming are actually laughing while hearing such comedies.  At the same time Administrative offices are silent about the use of manipulation tools which are more vulnerable than data entry. But in some places they are also encouraging database manipulation and tool developing.  This is actually giving license for doing fraud.

The administrative staffs are well aware that getting a solution from concerned software development centre is not practical and they are reading and hearing every day about the lapses from the part of Development centres.  So they may be forced to do such promotion due to pressure of circumstances.

How to Avoid This Threat

This is very simple as below.

1.   Avoid using unnecessary outside tools or Fix.
2.   Use the solution provided by official software development centres only.

3.   If it is absolute necessary, please receive from reliable source and verify the credibility of the developer.

Editor SKN Achari

A blogger from God’s own country, thinking about various things and speaking loudly about what he have learned and observed. And acting as one man Army against corruption and mismanagement.

3 comments:

  1. " Use that tool and clear the discrepancy quickly"

    Good .. Thanks ...

    ReplyDelete
  2. Sir I think u should be included in the technical team of CEPT, so ur technical skills will help the Dept.

    ReplyDelete
  3. Sir I think u should be included in the technical team of CEPT, so ur technical skills will help the Dept.

    ReplyDelete

 

© 2015 Speak Post. All rights resevered to The Publisher Speak

Back To Top