Two senior officers working for Bangladesh’s counter-terrorism police allegedly collected and offered residents’ delicate and private data to criminals by means of Telegram, TechCrunch has realized.
Based on a letter signed by a senior Bangladeshi intelligence official seen by TechCrunch, the info allegedly offered included residents’ nationwide identification knowledge, cellphone information and different “delicate labeled data.”
The April 28 letter was written by Brigadier Basic Mohammad Baker, who’s the director of Bangladesh’s Nationwide Telecommunication Monitoring Heart (NTMC), the nation’s digital eavesdropping company. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch.
“Each instances are underneath investigation,” Baker mentioned in an internet chat, including that Bangladesh’s Residence Ministry had ordered the affected police organizations to take “needed motion towards these officers.”
The letter, which was initially written in Bengali and addressed to the senior secretary of the general public safety division of the Ministry of Residence Affairs, alleged that two police brokers had accessed and leaked “extremely delicate data” of people on Telegram in alternate for cash.
Based on the letter, police brokers had been caught after investigators analyzed NTMC system logs and discovered how usually they each accessed them.
The letter reveals the identities of the officers. One of many accused is a police superintendent serving within the Anti-Terrorism Unit (ATO). The opposite is an assistant deputy superintendent of police within the Fast Motion Battalion, often known as RAB 6. controversial paramilitary unit that the US authorities sanctions launched in 2021 over allegations that the unit is linked to tons of of disappearances and extrajudicial killings. TechCrunch is just not naming the 2 defendants as a result of it’s unclear whether or not they have been charged underneath the nation’s authorized system.
NTMC is a authorities intelligence company established underneath the Ministry of Residence Affairs of Bangladesh. The company’s major mission is to observe all telecommunications site visitors and intercept phone and net communications to detect and stop threats to nationwide safety.
Organizations similar to Human Rights Watch And Freedom Home criticized the NTMC for its lack of safeguards towards abuses of each freedom of speech and privateness. Over time, NTMC has acquired refined know-how from corporations in Israelwhich Bangladesh doesn’t formally acknowledge, and different western international locationsto hold out mass surveillance primarily on members of opposition events, journalists, members of civil society and activists.
As a part of its mission, NTMC operates the Nationwide Intelligence Platform, or NIP, an inside authorities net portal that shops delicate citizen data similar to nationwide identification knowledge, cellphone registrations and cellphone knowledge information, felony profiles and different data.
Numerous legislation enforcement and intelligence businesses have person accounts on the NIP portal supplied by NTMC.
NTMC’s personal investigation concluded that brokers used the NIP platform extra continuously than others and in addition accessed and picked up data that was not related to them.
“Given the context, such inappropriate entry and unlawful switch of extremely delicate labeled knowledge should be investigated to determine all these concerned and we additionally request that applicable motion be taken towards all these recognized/concerned,” the letter mentioned.
Baker advised TechCrunch that there are “a number of Telegram channels,” including that one among them is named BD CYBER GANG.
TechCrunch was unable to determine the particular channel on Telegram.
Join with us
Do you may have any extra details about this incident or related incidents? From a non-working gadget, you may securely contact Lorenzo Franceschi-Bicchierai on Sign at +1 917 257 1382 or through Telegram, Keybase and Wire @lorenzofb, or Electronic mail. You may also contact Zulqarnain Saer Khan on +36707723819 or X. @ZulkarnainSaer. You may also contact TechCrunch through SecureDrop.
Baker advised TechCrunch that two brokers apparently despatched the data to the administrator of no less than one Telegram group, who then tried to promote it.
Baker mentioned each brokers had been notified of the investigation.
On account of the investigation, all NIP customers from ATU and RAB 6 have had their entry suspended “till the officers concerned are recognized and applicable motion is taken,” the letter mentioned.
Baker confirmed the suspension, saying that if brokers “want any data for the needs of the investigation, they will acquire it by means of the police and RAB headquarters.”
Representatives of Bangladesh’s Residence Ministry and ATU didn’t reply to a number of requests for remark. An individual who recognized himself solely as an “operations officer” for RAB 6 advised TechCrunch the company had no remark.
Final yr, a safety researcher found that NTMC was leaking folks’s private data to an unsecured server. The information leak included Based on Wired, actual names, cellphone numbers, electronic mail addresses, areas and examination outcomes. One other authorities company of Bangladesh, Basic Registration Service, registration of births and deathsAdditionally leakage of confidential knowledge of residents final yr, as TechCrunch reported on the time.
In each instances, the leaks had been found by Victor Markopoulos, a researcher working at Bitcrack Cyber Safety.
Whereas these had been severe instances of knowledge breaches, this incident, allegedly involving ATU and RAB 6 brokers, has the potential to be extra damaging provided that the brokers had been allegedly promoting data on-line in an try to revenue from their privileged entry to delicate private data.
Whereas the incident is underneath investigation, a well-placed authorities supply advised TechCrunch that there are nonetheless officers providing to promote residents’ knowledge.