Two senior officials working for the counter-terrorism police in Bangladesh allegedly collected and sold private and personal information of citizens to criminals on Telegram, according to TechCrunch.
The data allegedly sold included citizens’ national IDs, cellphone call records and other “classified secret information,” according to a letter signed by a senior Bangladeshi intelligence official seen by TechCrunch.
The letter, dated April 28, was written by Brigadier General Mohammad Baker, who serves as director of Bangladesh’s National Telecommunications Monitoring Center, or NTMC, the country’s wiretapping agency. Baker confirmed the legitimacy of the letter and its content in an interview with TechCrunch.
“The ministry’s investigation is ongoing in both cases,” Baker said in an online chat, adding that Bangladesh’s interior ministry had ordered the affected police organizations to take “necessary action against these officers.”
The letter, originally written in Bengali and addressed to the senior secretary of the Home Ministry’s Directorate of Public Security, alleges that the two officers accessed and shared “highly sensitive information” of private individuals on Telegram in exchange for money.
According to the letter, the police agents were arrested after investigators analyzed logs of NTMC’s systems and how often the two accessed them.
The letter reveals the identity of the officials. One of the accused is a police chief serving in the Anti-Terrorism Unit (ATU). The other is an Assistant Superintendent of Police in the Rapid Action Battalion, also known as RAB 6, a controversial paramilitary unit that the US Govt sanctions in 2021 for allegations that the unit is linked to hundreds of disappearances and extrajudicial killings. TechCrunch is not naming the two people charged as it is unclear whether they have been charged under the country’s legal system.
NTMC is a government intelligence agency established under the Ministry of Home Affairs of Bangladesh. The agency’s primary task is to monitor all telecommunications traffic and monitor telephone and Internet communications to detect and prevent threats to national security.
Organizations such as Human Rights Watch and Freedom House criticized the NTMC for lacking safeguards against abuses, both against free speech and privacy. Over the years, NTMC has sourced sophisticated technology from companies in Israelwhich Bangladesh does not officially recognize as well other western countriesfor conducting mass surveillance largely of opposition party members, journalists, members of civil society and activists.
As part of its mission, the NTMC manages the National Information Platform, or NIP, an internal government portal that contains sensitive citizen information such as national identity details, mobile phone registration and mobile data records, criminal profiles and other information.
Various law enforcement agencies and intelligence agencies have user accounts on the NIP portal provided by NTMC.
NTMC’s own investigation concluded that agents used the NIP platform more often than others and accessed and collected information that did not relate to them.
“Considering the context, such unrelated access and illegal delivery of highly sensitive classified data should be investigated to identify all those involved in it and we also request appropriate action against all those identified/involved,” the letter said.
Baker told TechCrunch that there were “a number of Telegram channels,” adding that one of them was called BD CYBER GANG.
TechCrunch was unable to identify the specific Telegram channel.
Contact us
Do you have more information about this incident, or similar incidents? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact Zulkarnain Saer Khan on Signal at +36707723819 or X @ZulkarnainSaer. You can also contact TechCrunch via SecureDrop.
Baker told TechCrunch that it appears the two agents sent the information to the administrator of at least one Telegram group, who then tried to sell it.
Baker said the two agents have been notified of the investigation.
Due to the investigation, all NIP users from ATU and RAB 6 have had their access suspended “until the officials involved are identified and appropriate action is taken,” according to the letter.
Baker confirmed the suspension of access, saying that if agents “need any information for investigative purposes, they can collect it through the police and RAB headquarters.”
Spokesmen for Bangladesh’s Ministry of Home Affairs and the ATU did not respond to multiple requests for comment. A person identified only as an “operations officer” at RAB 6 told TechCrunch the agency had no comment.
Last year, a security researcher found that NTMC was leaking people’s personal information on an unsecured server. The leaked details are included real names, phone numbers, email addresses, locations and test scores, according to Wired. Another government agency of Bangladesh, the Office of the General Registry, Registry of Births & Deathsit also leaked sensitive citizen data last year, as TechCrunch reported at the time.
In both cases, the leaks were discovered by Victor Markopoulos, a researcher working at Bitcrack Cyber Security.
While these were significant cases of data exposure, this incident allegedly involving ATU and RAB 6 agents is potentially more damaging since the agents allegedly sold information online in an attempt to profit from their privileged access to classified personal information. information.
Although the incident is under investigation, a well-placed source inside the government told TechCrunch that there are still officials offering to sell citizens’ data.
