It has been reported that two high-ranking anti-terrorism police officers in Bangladesh collected confidential and personal information of citizens through Telegram and sold it to criminals.
The data sold included citizens' national identity information, cellphone call records and other “confidential secret information,” according to a letter signed by a senior Bangladeshi intelligence official and seen by TechCrunch.
The letter dated April 28 was written by Brigadier General Mohammad Baker, who serves as director of the National Telecommunications Monitoring Center (NTMC), Bangladesh's electronic surveillance agency. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch.
“Departmental investigations into both incidents are ongoing,” Baker said in an online chat, adding that Bangladesh’s Ministry of Home Affairs had ordered the affected police agencies to take “necessary action against those officers.”
The letter, originally written in Bengali and addressed to the Principal Secretary to the Home Ministry's Public Security Department, alleges that two police agents accessed and passed on “highly sensitive information” of civilians on Telegram in return for money.
The police agent was arrested after investigators analyzed NTMC system logs and how often the two accessed the system, according to the letter.
The letter identifies the official. One of the defendants is a police chief from the Anti-Terrorism Unit (ATU). The other is a deputy chief constable of the Rapid Action Battalion (RAB 6), also known as RAB 6. The unit is a controversial paramilitary force that was sanctioned by the US government in 2021 over claims it was linked to hundreds of disappearances and extrajudicial killings. TechCrunch is not naming the two people charged because it is unclear whether they have been charged under the country's legal system.
NTMC is a government intelligence agency established under the Ministry of Home Affairs of Bangladesh. The agency's core mission is to detect and prevent threats to national security by monitoring all communications traffic and intercepting telephone and web communications.
Organizations such as Human Rights Watch and Freedom House have criticized the NTMC for lacking safeguards against abuses of freedom of expression and privacy. Over the years, NTMC has procured sophisticated technology from Israeli companies and other Western countries that Bangladesh does not officially recognize to carry out mass surveillance, primarily of opposition lawmakers, journalists, civil society members, and activists.
As part of its mission, NTMC operates the National Intelligence Platform (NIP), an internal government web portal that holds confidential citizen information such as national identity information, cell phone registration and cell phone data records, criminal profiles, and other information.
Various law enforcement and intelligence agencies have user accounts on the NIP portal provided by NTMC.
NTMC's own investigation found that its agents used the NIP platform more frequently than other agents and accessed and collected information that did not pertain to them.
“Considering the context, the improper access and unlawful transfer of highly sensitive and confidential data must be investigated and all persons involved in it identified and we also request that appropriate action be taken against all persons identified/involved,” it read. there is.
Baker added that TechCrunch has “several Telegram channels,” one of which is BD CYBER GANG.
TechCrunch cannot identify specific channels on Telegram.
Contact us
Do you have any additional information about this or similar incidents? If it is not a work device, you can contact Lorenzo Franceschi-Bicchierai securely via Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact Zulkarnain Saer Khan via Signal (+36707723819) or X @ZulkarnainSaer. You can also contact TechCrunch through SecureDrop.
Baker told TechCrunch that two agents sent the information to at least one Telegram group administrator, who appears to have attempted to sell the information.
Baker said both agents were notified of the investigation.
As a result of the investigation, all NIP users at ATU and RAB 6 have had access suspended “until relevant officials are identified and appropriate action is taken,” according to the letter.
Baker confirmed that access had been suspended, saying agents “may collect information through police and RAB HQ if information is required for investigative purposes”.
Spokespeople for Bangladesh's Ministry of Home Affairs and ATU did not respond to multiple requests for comment. A person who identified only as RAB 6's “director of operations” told TechCrunch the agency had no comment.
Last year, a security researcher discovered that NTMC was leaking people's personal information from unsecured servers. According to Wired, the leaked data included real names, phone numbers, email addresses, locations and test results. As TechCrunch reported at the time, another Bangladeshi government agency, the Office of the Registrar General, Birth & Death Registration, also had its citizens' sensitive data leaked last year.
In both cases, the leaks were discovered by Viktor Markopoulos, a researcher working at Bitcrack Cyber Security.
Although this was a high-profile case of data exposure, the incident, which reportedly involved ATU and RAB 6 agents, given that the agents are believed to have sold the information online in an attempt to profit from privileged access to confidential personal information. It could potentially cause more damage.
The incident is under investigation, but a source within the government told TechCrunch that there are still officials offering to sell citizens' data.
