TechCrunch has learned that two senior officials working for the counter-terrorism police in Bangladesh allegedly collected and sold personal and classified information of citizens to criminals on Telegram.
The data allegedly sold included citizens’ national identity details, mobile phone call records and other “classified secret information,” according to a letter signed by a senior Bangladeshi intelligence official, seen by TechCrunch.
The letter, dated April 28, was written by Brigadier General Mohammad Baker, director of Bangladesh’s National Telecommunications Monitoring Center (NTMC), the country’s electronic eavesdropping agency. Baker confirmed the legitimacy of the letter and its contents in an interview with TechCrunch.
“Departmental investigation is ongoing for both cases,” Baker said in an online chat, adding that Bangladesh’s Ministry of Home Affairs ordered the affected police organizations to take “necessary action against those officers.”
The letter, originally written in Bengali and addressed to the principal secretary of the Public Security Division of the Ministry of Home Affairs, alleges that the two police officers accessed and transmitted “extremely sensitive information” of private citizens on Telegram in exchange for money.
According to the letter, the police officers were caught after investigators analyzed logs from NTMC’s systems and how often they accessed them.
The letter reveals the identity of the officials. One of the accused is a police superintendent working in the Anti-Terrorism Unit (ATU). The other is a deputy superintendent of police in the Rapid Action Battalion, also known as RAB 6. a controversial paramilitary unit that the US government sanctioned in 2021 over accusations that the unit is linked to hundreds of disappearances and extrajudicial executions. TechCrunch is not naming the two people charged, as it is unclear if they have been charged under the country’s legal system.
The NTMC is a government intelligence agency established under the Ministry of Home Affairs of Bangladesh. The agency’s primary task is to monitor all telecommunications traffic and intercept telephone and web communications to detect and prevent threats to national security.
Organizations like Human rights observer and freedom house have criticized the NTMC for lacking safeguards against abuses of both freedom of expression and privacy. Over the years, NTMC acquired sophisticated technology from companies in israelwhich Bangladesh does not officially recognize, as well as other western countriesto carry out mass surveillance mainly of members of opposition parties, journalists, members of civil society and activists.
As part of its mission, the NTMC manages the National Intelligence Platform, or NIP, an internal government web portal that contains classified information of citizens such as national identification details, cell phone registration and cellular data records, criminal profiles and other information.
Several law enforcement and intelligence agencies have user accounts on the PIN portal provided by the NTMC.
NTMC’s own investigation concluded that agents used the NIP platform more frequently than others and accessed and collected information that was not relevant to them.
“Considering the context, such irrelevant access and illegal delivery of extremely sensitive classified data needs to be investigated to identify all those involved in this and we also request that appropriate action be taken against all those identified/involved,” the letter said.
Baker told TechCrunch that there were “several Telegram channels,” adding that one of them was called BD CYBER GANG.
TechCrunch was unable to identify the specific channel on Telegram.
Contact Us
Do you have more information about this incident or similar incidents? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You can also contact Zulkarnain Saer Khan on Signal at +36707723819 or on X @ZulkarnainSaer. You can also contact TechCrunch via safe fall.
Baker told TechCrunch that it appears the two agents sent the information to the administrator of at least one Telegram group, who then attempted to sell it.
Baker said the two officers have been notified of the investigation.
Due to the investigation, access to all ATU and RAB 6 PIN users was suspended “until the officials involved are identified and appropriate action is taken,” according to the letter.
Baker confirmed the suspended access and said that if officers “need information for investigative purposes they can collect it through police and RAB headquarters.”
Spokespeople for Bangladesh’s Home Ministry and ATU did not respond to multiple requests for comment. A person who identified himself only as an “operations officer” at RAB 6 told TechCrunch that the agency had no comment.
Last year, a security researcher discovered that NTMC was leaking people’s personal information on an unsecured server. The leaked data includes names, phone numbers, email addresses, locations and real-world test results, according to Wired. Another Bangladeshi government agency, the Office of the Registrar General, Registry of Births and Deathsalso Sensitive citizen data leaked last year, as TechCrunch reported at the time.
In both cases, the leaks were found by Viktor Markopoulos, a researcher working at Bitcrack Cyber Security.
While those were significant cases of data exposure, this incident allegedly involving ATU and RAB 6 agents is potentially more damaging, given that the agents allegedly sold information online in an attempt to profit from their privileged access to information. classified personnel.
Although the incident is under investigation, a well-placed source within the government told TechCrunch that there are still officials offering to sell citizen data.