Bangladeshi police brokers accused of promoting residents’ private data on Telegram

Two senior officers working for anti-terror police in Bangladesh allegedly collected and bought labeled and private data of residents to criminals on Telegram, TechCrunch has realized. 

The information allegedly bought included nationwide identification particulars of residents, mobile phone name information and different “labeled secret data,” based on a letter signed by a senior Bangladeshi intelligence official, seen by TechCrunch.

The letter, dated April 28, was written by Brigadier Common Mohammad Baker, who serves as a director of Bangladesh’s Nationwide Telecommunications Monitoring Heart, or NTMC, the nation’s digital eavesdropping company. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch. 

“Departmental investigation is ongoing for each the instances,” Baker mentioned in an internet chat, including that the Bangladeshi Ministry of Dwelling Affairs ordered the affected police organizations to take “essential motion towards these officers.” 

The letter, which was initially written in Bengali and addressed to the senior secretary of the Ministry of Dwelling Affairs Public Safety Division, alleges the 2 police brokers accessed and handed “extraordinarily delicate data” of personal residents on Telegram in trade for cash.

Based on the letter, the police brokers had been caught after investigators analyzed logs of the NTMC’s programs and the way usually the 2 accessed it.

The letter reveals the identification of the officers. One of many accused is a police superintendent serving with the Anti-Terrorism Unit (ATU). The opposite is an assistant police superintendent deputy on the Speedy Motion Battalion, also called RAB 6, a controversial paramilitary unit that the U.S. authorities sanctioned in 2021 over allegations that the unit is linked to tons of of disappearances and extrajudicial killings. TechCrunch will not be naming the 2 individuals who had been accused because it’s unclear if they’ve been charged below the nation’s authorized system.

The NTMC is a authorities intelligence company established below Bangladesh’s Ministry of Dwelling Affairs. The company’s core process is to watch all telecommunications visitors and intercept telephone and net communications to detect and stop threats to nationwide safety. 

Organizations like Human Rights Watch and Freedom House have criticized the NTMC for missing safeguards towards abuses, each towards free speech in addition to privateness. Through the years, NTMC procured subtle know-how from companies in Israel, which Bangladesh doesn’t formally acknowledge, in addition to other Western countries, to conduct mass surveillance largely on opposition social gathering members, journalists, civil society members and activists.  

As a part of its mission, the NTMC runs the Nationwide Intelligence Platform, or NIP, an inner authorities net portal that holds labeled citizen data, like nationwide identification particulars, mobile phone registration and cell knowledge information, felony profiles and different data. 

Varied legislation enforcement and intelligence companies have person accounts on the NIP portal offered by the NTMC. 

NTMC’s personal investigation concluded that the brokers used the NIP platform extra steadily than others, and accessed and picked up data that was not related to them.

“Contemplating the context, such irrelevant entry and illegal handover of extraordinarily delicate labeled knowledge needs to be investigated to establish everybody concerned on this and we additionally request for acceptable motion towards all these recognized/concerned,” the letter learn.  

Baker advised TechCrunch that there have been a “variety of Telegram channels,” including that one in every of them was known as BD CYBER GANG.

TechCrunch couldn’t establish the particular channel on Telegram. 

Contact Us

Do you could have extra details about this incident, or comparable incidents? From a non-work machine, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram, Keybase and Wire @lorenzofb, or email. You can too attain out to Zulkarnain Saer Khan on Sign at +36707723819, or on X @ZulkarnainSaer. You can also contact TechCrunch by way of SecureDrop.

Baker advised TechCrunch that it seems that the 2 brokers despatched the data to the administrator of a minimum of one Telegram group, who then tried to promote it. 

Baker mentioned that the 2 brokers have been notified of the investigation. 

Due to the investigation, all NIP customers from ATU and RAB 6 have had their entry suspended “till the concerned officers are recognized, and correct motion is taken,” based on the letter.

Baker confirmed the suspended entry, saying that if brokers “want any data for investigation functions they will gather by way of Police and RAB HQ.”

Spokespeople for Bangladesh’s Ministry of Dwelling Affairs and ATU didn’t reply to a number of requests for remark. An individual figuring out solely as an “operations officer” at RAB 6 advised TechCrunch that the company had no remark. 

Final yr, a safety researcher discovered that the NTMC was leaking folks’s private data on an unsecured server. The leaked data included real-world names, telephone numbers, e mail addresses, places and examination outcomes, based on Wired. One other Bangladeshi authorities company, the Office of the Registrar General, Birth & Death Registration, additionally leaked citizens’ sensitive data final yr, as TechCrunch reported on the time.

In each instances, the leaks had been discovered by Viktor Markopoulos, a researcher who works at Bitcrack Cyber Safety. 

Whereas these had been vital instances of knowledge publicity, this incident allegedly involving the ATU and RAB 6 brokers is doubtlessly extra damaging, provided that the brokers allegedly bought data on-line in an try to revenue from their privileged entry to labeled private data.  

Though the incident is below investigation, a well-placed supply throughout the authorities advised TechCrunch that there are nonetheless officers who’re providing to promote residents’ knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *