Discover more from Ujasusi Blog
Bangladesh: Spy agency NTMC's database exposed and data compromised
Just as we were still reeling from the data breach in China, another one has surfaced online – In Bangladesh. An intelligence agency collecting Bangladeshi Citizen’s data has had its database exposed online, which later went on to be exploited by hackers.
The essential discovery was made by CloudDefense.AI’s cybersecurity researcher, Viktor Markopoulos. Viktor expressed his shock to find an Intelligence agency being so careless with its data, “I wouldn’t be expecting this to happen,” he said.
What Did The Database Contain?
The National Telecommunications Monitoring Center (NTMC) has been collecting calls and internet activities of Bangladeshis for a long time. The data consisted of the citizens’ names, professions, parents’ names, and more sensitive information such as their phone numbers, exam details, vehicle registration numbers, IMEI numbers, passport details, and biometric data, including fingerprints.
The database contained about 120 indexes of data, with each one storing different logs. The logs included “sat-phone,” “birth registration,” “SMS,” “pids_prisoners_list_search,” “Twitter,” and “driving_licence_temp.” While most of these logs contained test entries and incomplete data, the information can still provide the structure the agency follows to collect the data and its goals.
Call data that was exposed mainly consisted of metadata and not the actual call recordings. This might be less dangerous but still can be used to derive the call durations and other data, such as who called who. Hackers can use such data to derive behavioral patterns in the victims and with whom they interact the most.
Real Data Was Available As Well:
The logs might have been used to create a probable structure for collecting citizen information, but there were still entries of real citizen information from the last few months. Wired contacted one of the victims using the data they found on the database. The victim confirmed that the data belonged to them and mentioned that they are subscribed to Bangladesh Telecommunication Company Limited (BTCL), a government-owned telecommunication service provider.
Viktor mentioned the database contained educational information on victims, while some dated back to the 1990s. The numbers on the database were contacted to check if they were real, and the SMSs went through. One of the numbers was listed online as a business contact, including an encoded passport photo seemingly belonging to the owner.
As reported on Wired, Jeremiah Fowler expressed his concerns about the IMEI numbers that were available as well. Jeremiah is a security consultant and the cofounder of the data breach firm Security Discovery. He noted that IMEI numbers can be used for several malignant activities, including cloning a device or tracking an existing one.
Ujasusi Blog is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Then the Data Got Stolen:
Viktor had contacted Bangladesh’s Computer Incident Response Team to report the breach, for which they expressed their gratitude and assured him of prompt action back on November 8. However, Viktor noted that on the 12th of November, he noticed that the database was still available online, and all the data was wiped off with a ransom note left behind. The note demanded a payment of 0.01 bitcoins (which roughly converts to $360).
The data was threatened to be exposed on public channels or even deleted if the ransom was not paid. NTMC continued using the database even after the data got hijacked. They made new entries and even added a search log feature, hinting that the database was still in use. As for now, we have no update on whether the data was secured, as the database was later removed from the public eye.
How Did the Breach Happen?
In his report, Viktor mentioned the database was unintentionally made available online due to a misconfiguration in their system. Lack of access controls, use of Virtual Private Networks, Data encryption, and authentication methods resulted in a vulnerable repository. Such carelessness was not expected from a governmental intelligence agency, as they are known to collect highly sensitive data on their respective citizens.
Learning From The Incident:
Data breaches like these are a regular occurrence in today’s world, mainly caused by carelessness on the part of organizations or companies. This incident could have been averted if fine granular access controls, misconfiguration scanners, access controls, strong authentication, and data encryption methods were present in NTMC’s arsenal.
NTMC is known to buy high-tech surveillance equipment from many military contractors worldwide, some of which aren’t available in most European countries. Being a leading intelligence agency in the South Asian region, they should have invested more towards securing their cyberspace.
Data protection laws are not as strong in Asia as they are in the EU or the US. Lack of strong compliance regulations, such as GDPR, CCPA, etc., in Asia results in companies or governmental organizations being less accountable for mess-ups on their end. Telling us how important industry regulations are for ensuring data protection, confidentiality, and privacy.
How can CloudDefense.AI Help?
CloudDefense.AI is known to be the go-to CNAPP to protect companies and organizations from having to face such humiliating scenarios. Through the implementation of AI and machine learning models, we are able to provide you with top-notch security solutions.
Hacker’s VIew™, a state-of-the-art feature by CloudDefense.AI that allows you to scan your system from a hacker’s perspective – Enables you to outsmart threat actors and outsecure your resources. Our Cloud Security Posture Management (CSPM) tool is known to help you scan for misconfigurations and remediate them in real-time.
Achieve rapid detection of all threats to your system and understand their severity through our comprehensive all-in-one suite. Let us protect you from unauthorized access through our Zero Trust-dependent platform.
CloudDefense.AI has once again proven its sheer dedication to data security in the cyber world. If not for Viktor Markopoulos, thousands of sensitive information of Bangladeshi Citizens would’ve continued to stay online with more data being added with it. NTMC was a bit late but has already taken down the database, preventing more data leakage.
We hope companies educate themselves through data breaches like these, allowing themselves to be more aware of cybersecurity and the importance of implementing robust security measures around sensitive data.