NBR Server Breach: Safeguards not working

At least three import consignments were released without inspection from the Chattogram Port using the login credentials of a top customs official in June-July despite the recent measures taken to thwart such cons that cost the state coffer in unpaid duties and taxes.

The ID of Abu Nur Rashed Ahmed, additional commissioner of Chattogram Custom, was used to unlock the suspended business identification number (BIN) of EA Chen Textile Corporation located in Cumilla Export Processing Zone, said customs officials who are investigating the case.

On March 1, the Chattogram Customs Bond Commissionerate locked the BIN of EA Chen Textile for evading duties and taxes amounting to Tk 8.6 crore and misusing the bond facility, according to customs documents.

A locked BIN means the company is barred from export-import activities.

The owners have left the country and the factory has been sealed off, according to Zillur Rahman, general manager of Cumilla EPZ. 

This is the first time that the consignments of a BIN-locked company have been released without any kind of supervision or inspection, according to investigators.

"This type of incident is only possible if the designated customs official voluntarily or unknowingly shares the ID and password with someone else," said an official who works with the server of the National Board of Revenue.

The NBR server is an integrated software system to process the export-import documents. A designated custom officer can enter the server by using a unique ID and password.

Only the chief of a customs station has been authorised to unlock a locked BIN.

As per the documents in the NBR server, on June 22, 10 tonnes of yarn worth Tk 13.98 lakh arrived from China for EA Chen Textile, which enjoys duty-free imports under the bond facility.

On the same day, Supersonic Freight Service, a clearing and forwarding (C&F) agent, submitted a bill of entry (BL) on the NBR server on behalf of the importer.

Five days later, on 27 June, the consignments were approved by Ahmed before Towhidul Islam completed the final assessment on June 28.

The consignment exited the Chattogram Port on June 29 after the completion of the final assessment, as per the NBR server.

The customs officials assigned to do a physical examination of the consignments gave clearance even though the submitted documents contained false bank documents and import permit from the Bangladesh Export Processing Zones Authority, shows documents.

Using customs officials' login credentials for the NBR server to release imported goods illegally is not a new phenomenon.

Last year, at least 21 import consignments were released illegally using the IDs of at least seven revenue officials.

Investigators at that time said a cyber-criminal gang was involved.

To thwart the practice, the NBR in December last year took a number of measures.

One of them was the introduction of a one-time password for customs officials for logging into the server.

The password appears on the official's registered mobile phone for accessing the server. It was done so that no one other than the concerned customs official can enter the secured server.

Besides, the basic information of a consignment is also sent to the registered mobile and email of the importer and its C&F agents to alert them against any possible intruders.

Islam denied his involvement in the incident, blaming the unlawful release of the consignments on a cybercriminal gang.

Ahmed declined The Daily Star's request for comment.

"I don't know who was involved in this incident," said Faizur Rahman, managing director of Supersonic Fried Service.

Asked how it was possible to enter the NBR server and submit the BL without the C&F's ID and password, Rahman refused to make any comment.  

Chattogram Customs has formed a four-member investigation committee to find out the culprits involved in the incident.

An official of the investigation team told The Daily Star that they were collecting the related documents and had started the hearings of the involved parties.

"It is too early to say anything about the involvement of the officials whose names have come up until the investigation is wrapped up," he said, adding that the user IDs of the two officials have been temporarily suspended.

The accused remained unidentified in the previous incidents due to incomplete investigation and not taking punitive measures against the culprits, said a customs officer on the condition of anonymity.

"It will happen this time around if the investigators delay in detaining the culprits of the incident," he said.

The Customs Intelligence and Investigation Directorate will soon form an investigation committee for all such incidents, said Masud Sadik, NBR Member for Customs Policy.

The NBR has recently approved the hiring of some IT experts and is also engaging other agencies to investigate such incidents.

"I hope if an investigation committee is formed with experts in this regard the real picture will emerge," he added.