close
close

Association-anemone

Bite-sized brilliance in every update

    • Cybergangs enter the BNR server at will
    asane

    Cybergangs enter the BNR server at will

    Online Niel Posted on

    In at least 114 cases, they bypassed “highly sophisticated” levels of security to complete customs procedures.





    Saturday, November 16, 2024, 02:00 Last updated on: Saturday, November 16, 2024, 04:18

    On 20 May 2024, Chattogram Custom House Assistant Commissioner Mohammad Zakaria was in Kolkata, India, where he had gone for treatment a week earlier.

    At 23:33 that day, someone accessed the BNR server – Automatic System for Personalized Data (ASYCUDA) – using the ID and password. After only about half an hour, the intruder logged in again, and completed the customs procedures for the release of a container of foreign cigarettes worth 6 million lei, imported by false declaration, the customs investigators found.

    Google News LinkFor all the latest news, follow The Daily Star’s Google News feed.

    It was an extremely sophisticated maneuver.

    First, the impostor had to know Zakaria’s ID and password to access the sensitive server. But even if they obtained or stole his security credentials, there were two additional layers of security that needed to be bypassed, and the intruder bypassed both.

    One of these two layers of security involves the mandatory generation of an OTP (One-time Password) which is automatically sent by the system to the mobile phone of the ID holder. Ideally, the server cannot be accessed without this OTP, an essential part of the system’s multi-factor authentication to defend against security threats.

    But Zakaria did not receive any OTP during that period, according to the BNR’s system-generated OTP report obtained by The Daily Star.

    But consider this: ASYCUDA’s user ID and password are device and IP specific, which means that even authorized users cannot access the system from any other device or using any other IP (Internet Protocol) . In this case, Zakaria’s account was retrieved from Bhandaria upazila in Pirojpur district using a different device and a different IP, the device tracking record shows.

    Customs officials eventually stopped the release of illegal cigarettes imported on behalf of battery company Hamko, but the security breach raised alarm among customs and NBR officials.

    They described it as a “serious threat to national security” because such unauthorized access at will means anyone can import or export any type and number of goods that evade customs processing.

    On October 22, the NBR authorities formed a seven-member committee to get to the bottom of the intrusion.

    In its written response to customs investigators, Hamko denied any involvement in the importation. It was said that someone must have used the company name to bring the shipment.

    The Daily Star could not reach the company for comment.

    Shezan

    “>



    Shezan

    Mohammad Azhar Uddin, founder of TiCON System Limited, which specializes in IT security, said that when a server can be accessed through an unauthorized IP, it is obvious that the server is compromised.

    β€œThe system not generating OTPs at a certain point in time primarily indicates insider involvement. But what actually happened or is happening in this case cannot be determined unless the server is audited. Servers usually leave a footprint of all activities. The earlier it is audited, the easier it will be to trace any suspicious activities,” he told The Daily Star.

    The primary investigation by Customs, led by Customs Commissioner Chattogram Mohammad Faizur Rahman, established the involvement of four persons, including the prime suspect who hacked into the BNR server in Bhandaria using mobile internet.

    The man is Sheikh Shezan, 23, from Narail district. He has been arrested several times in recent years for allegedly stealing public data from government servers, including the NID server and the land ministry’s web portal. Each time, he was out of jail on bail within months.

    He could not be reached for comments as all 10 mobile numbers registered with his NID were found switched off.

    When he hacked into the BNR server in Bhandaria using Zakaria’s ID and password, he used a private operator’s mobile internet.

    The Daily Star is not naming the operator because it has no part in the intrusion, but the operator confirmed to customs that the specific phone number used at the time was registered under Shezan’s name and NID number. This newspaper has the confirmation letter.

    NOT AN ISOLATED INCIDENT

    Data from Chattogram Customs House and Customs Intelligence shows that cybercriminals breached the NBR server to release at least 48 imported consignments and showed fake exports to launder money through at least 3,000 consignments from January 2019 to September 2024.

    The import value of the 48 lots was only Tk 9.58 million. Out of the 48 consignments, 12 were seized and their declared value was Tk 1.26 million. But following inspections, customs officials found that the shipments were carrying cigarettes and alcoholic beverages worth 124 million lei (almost 100 times), the documents show.

    Shezan accessed the NBR server using Zakaria’s ID on the night of May 20, when Zakaria was in India for treatment. The last IP ending with 216 does not belong to any NBR authorized device attributed to Zakaria.

    “>



    Shezan accessed the NBR server using Zakaria’s ID on the night of May 20, when Zakaria was in India for treatment. The last IP ending with 216 does not belong to any NBR authorized device attributed to Zakaria.

    Online Niel
    View all posts

    You Might Also Like