On August 5, 2010 we received a message from a Riyas Paramban who purportedly represents the Information Technology and Services (IT&S) Digital Security Alert Centre of BP plc. The notice requests that we remove a document concerning BP’s use of RFID technology for tracking not only equipment, but its own employees, specifying that the material is “BP Confidential and disclosure of this document may lead to security breach.”
The message was sent from an IP address in Bangalore, India (18.104.22.168) owned by Wipro Technologies. Mr. Paramban’s LinkedIn page confirms that he is an employee of Wipro Technologies, a Bangalore-based IT company that specializes in outsourced positions for Western companies. It is one of the largest IT companies in India with over 100,000 employees.
The message makes no notice of its actual origin. In fact, it indicates to the end-recipient that Mr. Paramban is an employee of BP, which is apparently not the case.
We are currently hosting a number of internal BP documents including nearly fifty safety and environmental impact manuals from BP’s deepsea drilling operations in Azerbaijan.
Subject: Regarding disclosure of BP Confidential document on public web sites
From: “IT&S DS AlertCentre” <ITSDSAlertCentre@bp.com>
Date: Fri, 6 Aug 2010 01:40:56 +0100
CC: “IT&S DS AlertCentre” <ITSDSAlertCentre@bp.com>
We are Digital Security Alert Centre Team of British Petroleum (BP). We
have observed a BP document which appears to contain “BP Confidential”
information available on following location.
Kindly remove this document from above mentioned location as these are
BP Confidential and disclosure of this document may lead to security
Looking forward to hearing from you.
Information Technology and Services (IT&S)
Digital Security Alert Centre
24-Hour Hotline: +44 (0)1932 739489
This communication contains information from BP p.l.c. or its affiliates
and is intended only for the use of the addressee(s) named above. This
communication may be confidential and/or privileged. Access to this
electronic transmission by anyone other than the intended recipient(s)
is unauthorised. If you have received it in error please notify the
sender immediately. Please then delete the e-mail and do not disclose
its contents to any person. Within the bounds of law BP p.l.c. or its
subsidiary companies may monitor electronic transmissions through their
internal and external networks to ensure compliance with internal
policies and for legitimate businesses purposes.