- This topic has 11 replies, 6 voices, and was last updated 1 year, 4 months ago by
.
-
Posts
-
-
UI run a small IT business in Singapore, and we hired a local company to redesign our website. We didn’t realize they would hire an overseas subcontractor (in India) to do the technical parts. After numerous delays and botched assignments, we insisted on getting more involved in the process, and found out the truth. The subcontractor is a small boutique company who doesn’t seem to have much expertise in the task at hand. The project was doing so badly that we had to involve our own developers for help. Nevertheless, the project was nearing completion.
A few days ago, we woke up to see that our website in progress is completely gone. At the same day, I was contacted by the subcontractor who said that our designers did not pay him *for other projects* and stopped talking to him. To “fix” the situation, he deleted all the files on our server (!!!) and wants me to pay him “to complete the job”. When I asked, what is there to complete, he couldn’t remember. (The correct answer is, their part was nearly done and what was left was beyond their level of expertise.)
So basically, he sabotaged infrastructure of his customer’s customer who had no dealings with him.
From the conversation with our prime contact, it appears that the subcontractor’s team botched three other projects to the point that the customers walked away, but that they were paid the deposit.
Luckily, the guy is as stupid as dishonest. The source code was copied so we restored it, and changed the credentials. Unfortunately, we forgot about one loophole. And, sure enough, at night he logged on again (through his normal login) and deleted more files.
We are currently restoring it, but assuming it might escalate, what is the best way to handle it? I doubt police will take care of something as trivial and relatively bloodless. Is there a way to blacklist them or something, beyond leaving bad reviews and listing as scammers?
-
ALawyer here.
Seek damages from your local company. Your contarct is with them. They are in violation.ย
-
UThank you for your advice.
The local designers are not in violation of my contract (the contract doesn’t explicitly say that everything is to be handled in house), and they are very small not to mention suffering themselves. Most importantly, I doubt it’ll solve the main issue.
I am more interested how to keep the crazy idiot away. Any practical/cost-effective way to do that in India?
-
FHmm. Did you enter into any contract with the sub-contractor? I guess, No. Did the contract with the local contractor explicitly mention that if they outsource something they will not be responsible? I guess, No.
In your case, logically and presumably, a task was given to the local contractor. If the task is incomplete, whom would you sue? The local contractor. You have got nothing to do with the sub-contractor in India. And don’t involve indian jurisdiction in all this, as Indian jurisdiction is quite slow as compared to Singapore.
-
UMost assumptions are correct, except:
>If the task is incomplete
If you read the question carefully, you’ll see that the task is *complete*. The tech part was also mostly complete, and while some bits and pieces had to be indeed solved in-house. That was the crux of all issues: that dude’s attention was all over the place and he barely knew what he was doing, and didn’t realize that it was over. I take it, when he understood that, he resorted to sabotage. He explicitly told me that his payment issues were with *other* projects, which is the next level of insane: it’s like shooting a bystander who happened to say “hello” to a guy you don’t like.
-
-
-
-
RHoneypot the loophole login so that he si busy deleting useless files.
Move your setup project files to a new secure place with 2FA if possible.
-
UIt’s all blocked now, but thank you for the advice.
Looks like it’s not relevant anymore. But I wonder if such a situation arises again, is there a legal solution for this kind of stuff?
-
RLegal framework is like calling for airstrike in a street fight. It’s for cases when big money is involved. In small cases the toll of lawyer and court and peace will cost more than the actual project.
-
-
-
-
-
UIn this particular CMS it’s not supported. As for the access we gave them, well, they were the developers, and all the drama was unfolding behind our backs.
But it wasn’t some sort of a super hack, just a silly oversight in a chaotic situation. As a half-full glass though, the guy helped us find security holes, which is always a good thing before going live, and make sure that our backup procedures run properly. So looks like everything is well now on our side.
Still, thank you for the advice.
-
-
-
