NTT – Domains SA

Surely companies that defend a failure to maintain vital IT systems, should not be allowed anywhere near government contracts to support systems serving the people of South Africa? In fact, they should not be allowed any systems at all, but particularly government systems that could be infiltrated such as SARS, IEC, Home Affairs, EVDS, Eskom etc. especially given that SA Court systems are already insecure as SA-News recently reported.

Internet service provider iSAT South Africa has been struggling with an ugly ongoing dispute with the company formerly trading as Internet Solutions which was taken over by Dimension Data. Dimension Data/NTT Ltd stands accused of causing severe financial and reputational harm to iSAT over their failed cloud system called CVM, which iSAT had been using since 2014.

Whilst not denying the mistake, Dimension Data denied liability and headed to the High Court to prevent iSAT and its CEO, Rory Pearton, from making this debacle public. “Unfortunately, in March 2019, the cloud-based solution, based on a world-class product known as OpenStack, failed catastrophically, iSAT lost key business data that was duplicated over multiple cloud instances,” iSAT said in a statement at the time.

“After the failure, Dimension Data admitted that they had not maintained their CVM solution for more than four years, and that the OpenStack operating system was over four years past its end of life. Unfortunately, instead of accepting responsibility, they tried to deny any wrongdoing. In iSAT’s opinion, Dimension Data has also tried to cover up its terrible failings.” said Pearton in the statement.

As a result of the system failure, a project that iSAT had been working on for more than four years had to be scrapped, Pearton said, adding that this was because the historical data collected for analysis and predictive purposes was lost. “Scrapping of this project has led to substantial financial losses for iSAT.”

But Dimension Data was having none of it and responded by accused iSAT of engaging Dimension Data in numerous threatening correspondences since September 2019, regarding a service outage that had taken place six months earlier in March 2019.

Pearton published a website accounting for what happened, and published emails, which it said it received from Internet Solutions, stating that the CVM cloud platform had run on an outdated version of Openstack. Openstack is an open source cloud computing platform that began as a joint project between Rackspace Hosting and NASA.

Nowadays the development of Openstack is financed through the Open Infrastructure Foundation whose sponsors include the usual suspects like Facebook, Tencent, AT&T, Ericsson, Huawei, and Red Hat. New versions of Openstack are released every six months, with several old versions of the software having been declared expired or “end of life”. The developers no longer maintain or provide security updates for these end of life versions of Openstack. According to the information iSAT published, Internet Solutions stated that it had been running a version of Openstack called “Icehouse” at the time of the CVM crash. Openstack Icehouse had been end of life since 2 July 2015

This damning information compelled Dimension Data to institute a high court application to force Pearton to stop with his ongoing exposure. As a result Pearson was forced to shut down this web site because of the gag order from Dimension Data/NTT Ltd.

In a response to the recent High Court decision iSAT publicly issued the press release saying that the judge made that decision, exactly one day after Pearton sent Dimension Data a copy of the press release scheduled to go out two days later. That was their first contact with Dimension Data since the High Court case on 18th March 2021. The timing of that decision seemed too much of a coincidence, and Pearton has sent details of that case to the Directorate for Priority Crime Investigation (the Hawks).

“When I made the decision about two years ago to expose Internet Solutions (which ended up being absorbed into Dimension Data), I really did not know what I was getting myself into,” Rory said in the press release.

“I thought that being in the right would overcome all obstacles. Various people warned me of course, that taking on a company as large and powerful as Dimension Data would be very difficult. The stress on me and unfortunately those nearest and dearest to me has been immense. And of course, the global pandemic has not helped.”

“It has indeed become the hardest thing I have ever done, by far. And my sympathy and support go out the whistleblowers out there exposing corruption and malpractice within the companies they have worked in. People like Francis Haugen (Facebook could be facing a ‘Big Tobacco’ reckoning – CNN) are real heroes.”

“I started off by taking legal advice from two different law firms and they both told me that the normal legal route would be to sue Internet Solutions for losses, but that the process would take many years. I also discovered that the financial costs would be much more than I could ever afford.”

“I then contacted various IT media news companies, and suggested they investigate the problem. Much to my surprise most of them did not even bother to respond to me, and none of them was interested in investigating and reporting on the issue. It turns out of course that many of those IT media news sites survive on advertising from companies like Dimension Data. So, so much for free and unbiased news reporting.”

“I decided to go public and set up a Web site myself showing all the related documents from Internet Solutions. The site highlighted the issues iSAT suffered because of the catastrophic Internet Solutions Cloud Platform failure In February 2019.”

“One of the most important documents made available on the Web site was an email where Internet Solutions disclosed that the cloud software, OpenStack, being used for the Cloud Platform, had not been updated in many years. In fact, it had been in EOL (end of life) stage for more than four years.”

“That in two sentences is the core of the matter. It is, of course, not acceptable that an organisation which provides services to the public, other business, or state institutions does not maintain the infrastructure that the services run on. That applies both to hardware and software.”

“My goal has never been to destroy Internet Solutions or damage Dimension Data/NTT. The goal was to force these companies to conduct business in an ethical, responsible, and accountable manner.”

“Unfortunately, Internet Solutions now no longer exists and has been absorbed into Dimension Data. A sad end to what was once a brilliant company, created by a group of very clever and innovative individuals back in 1993.”

“The goal was also to resolve the issues and keep the resolution private, via a non-disclosure agreement, to protect the Dimension Data/NTT Ltd employees. Dimension Data unfortunately has tried to distract everyone by avoiding the issue of negligence and talking about the amount that ISAT is claiming from them.”

“Of course, the amount of money in damages is large. But it was based on the lowest of three projected income streams from iSAT’s business model. And it did not take into account the income from the future sale of iSAT which would generate increasing income for many years to come for the buyer. This was a project that we had been working on for more than 4 years. I also have more than 40 years’ experience in the IT industry and have worked on many large projects.”

“In the eyes of Dimension Data and NTT Ltd, the amount would hopefully be onerous. That would discourage them from being negligent and trying to cover up that negligence in the future.”

“In the eye of their ultimate holding company, the Japanese Nippon Telegraph and Telephone, the amount would be small. NTT employ over 300 000 staff around the world.”

“Systems connected to the Internet that are not maintained to industry standards are at high risk of being compromised by cyber criminals. In South Africa alone over the last several weeks, cyber criminals have gained access to Transnet and the Department of Justice.”

“Because of Dimension Data/NTT Ltd casual attitude to industry standard maintenance of systems, they have promoted an attitude that it is fine to be negligent and that lack of accountability is the norm, amongst IT companies particularly in South Africa.”

“In the previous email, I suggested that Dimension Data/NTT Ltd be blacklisted from any contracts awarded to them by SITA (State Information Technology Agency).”

The above press release was sent out to various tech news platforms, so it will be interesting to see who actually reports in it, but more importantly, who does not…