TechCrunch has realized that two senior officers of Bangladesh’s anti-terrorism police are suspected of amassing confidential and private info from residents and promoting it to criminals by means of Telegram.
A letter signed by a senior Bangladeshi intelligence official seen by TechCrunch reveals that the info allegedly offered included residents’ nationwide id particulars, cell phone name information and different “confidential info.”
The letter, dated April 28, was written by Brigadier Basic Mohammad Baker, who serves as director of Bangladesh’s Nationwide Telecommunications Monitoring Heart (NTMC), the nation’s digital eavesdropping company. In an interview with TechCrunch, Baker confirmed the legitimacy of the letter and its contents.
“Each instances are being investigated by the division,” Baker mentioned in a web based chat, including that Bangladesh’s inside ministry ordered the affected police organizations to “take obligatory motion in opposition to these policemen.”
The letter, initially written in Bengali and addressed to the senior secretary of the Inside Ministry’s Public Safety Division, mentioned two law enforcement officials obtained and handed on “extraordinarily delicate info” of personal residents on Telegram in alternate for cash.
In keeping with the letter, the 2 officers had been arrested after investigators analyzed logs from the NTMC system and the way usually the 2 males accessed the system.
The letter revealed the id of the officer. One of many defendants is the Superintendent of Police of the Anti-Terrorism Unit (ATU). The opposite is the assistant inspector common of police of the Speedy Motion Battalion, also called RAB 6, a controversial paramilitary unit that the US authorities imposed sanctions on in 2021 amid allegations it was linked to a whole lot of The disappearances had been linked to extrajudicial killings. TechCrunch isn’t naming the 2 folks accused as a result of it’s unclear whether or not they have been charged underneath the nation’s authorized system.
NTMC is a authorities intelligence company underneath the Ministry of Dwelling Affairs of Bangladesh. The company’s core mission is to observe all telecommunications visitors and intercept telephone and Web communications to detect and forestall threats to nationwide safety.
Organizations comparable to Human Rights Watch and Freedom Home have criticized the NTMC for missing safeguards to forestall abuses of free speech and privateness. Over time, the NTMC bought cutting-edge know-how from firms in Israel, which isn’t formally acknowledged by Bangladesh, in addition to from different Western nations, to conduct mass surveillance, primarily concentrating on opposition occasion members, journalists, civil society members and activists.
As a part of its mission, NTMC runs the Nationwide Intelligence Platform (NIP), an inner authorities portal that holds confidential citizen info comparable to nationwide id particulars, cell phone registration and cell phone information information, legal information and different info.
Varied regulation enforcement and intelligence businesses have person accounts on the NIP portal supplied by NTMC.
NTMC’s personal investigation concluded that these brokers used the NIP platform extra regularly than others and accessed and picked up info that was not related to them.
“Given the context, this unrelated entry and illegal switch of extraordinarily delicate confidential information ought to be investigated to determine everybody concerned, and we additionally request that every one individuals recognized/concerned be investigated,” the letter reads. folks take applicable motion.
Baker advised TechCrunch that “many Telegram channels” exist, including that one is named BD CYBER GANG.
TechCrunch was unable to determine a particular channel on Telegram.
contact us
Do you could have extra details about this or related incidents? On non-work gadgets, you may contact Lorenzo Franceschi-Bicchierai securely by way of Sign (+1 917 257 1382) or by way of Telegram, Keybase and Wire @lorenzofb or e-mail. You may as well contact Zulkarnain Saer Khan by way of Sign +36707723819 or X @ZulkarnainSaer. You may as well contact TechCrunch by means of SecureDrop.
Baker advised TechCrunch that the 2 brokers appeared to have despatched the knowledge to the administrator of at the least one Telegram group, who then tried to promote the knowledge.
Baker mentioned two brokers have been notified of the investigation.
Because of the investigation, entry to all NIP customers of ATU and RAB 6 has been suspended “till the officers concerned have been recognized and applicable motion taken,” the letter mentioned.
Baker confirmed the suspended entry and mentioned if brokers “want any info for investigative functions, they’ll gather it by means of police and RAB headquarters”.
Spokespersons for Bangladesh’s residence ministry and ATU didn’t reply to repeated requests for remark. An individual who recognized himself as a RAB 6 “operations official” advised TechCrunch that the company had no remark.
Final yr, a safety researcher found that NTMC was leaking folks’s private info on unsecured servers. In keeping with Wired, the leaked info included actual names, telephone numbers, e-mail addresses, places and check outcomes. One other authorities company in Bangladesh, the Basic Registrar’s Workplace of Births and Deaths, additionally had residents’ delicate information leaked final yr, TechCrunch reported on the time.
The leaks for each incidents had been found by Viktor Markopoulos, a researcher at Bitcrack Cyber Safety.
Whereas these are vital information breach instances, the incidents allegedly involving ATU and RAB 6 brokers could also be much more damaging, as these brokers allegedly offered info on-line in an try to revenue from their privileged entry to confidential private info. revenue.
Though the incident is underneath investigation, a supply throughout the authorities advised TechCrunch that there are nonetheless officers providing to promote citizen information.
