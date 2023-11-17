Reports Wired magazine; agency chief says it’s sample, incorrect data

"People's personal data" linked to the National Telecommunications Monitoring Centre, the state's lawful communication interception and intelligence agency, have been leaked.

US-based tech magazine Wired released a report yesterday stating that the leaked data contains people's names, addresses, national identity card details, phone numbers, duration of phone calls made, fingerprint photos, and passport and bank account details.

The data also details lists of cell towers and the components of mobile phone networks used.

Security researcher Viktor Markopoulos who works with CloudDefense.AI discovered the leak, reported Wired.

It said the leaked database had over 120 indexes (a kind of cross-referenced folder) with different files in each. Some of the indexes had tens of thousands of entries.

NTMC Director General Maj Gen Ziaul Ahsan admitted to The Daily Star that there has been a leak of some data, but it was not from the NTMC system.

"We have a seven-layer security system and there is no scope for leakage from our system."

He also insisted that it was just sample data and incorrect data.

"We have to give data to our vendors so that they can develop their products. We do not give them authentic data. It is some of that data which got leaked," he said insisting that the leak was inconsequential.

Maj Gen Ahsan claimed that the NTMC system was not linked to any cloud or even the internet, which highly placed sources inside the government's ICT ministry refuted.

Markopoulos and Wired vetted the data to see if it was in fact citizen's personal data and found instances of it being so. They contacted some of the people via the phone numbers listed.

The majority of the data leaked is metadata, reported Wired, which they called "the extremely powerful -- "who, what, how, and when" of everyone's communications.

Wired reported that the database has existed online for several months and over the past week, anonymous hackers found it, stole the data, and are holding it hostage for ransom.

Markopoulos had alerted the government's Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) on November 8 who acknowledged the message.

Maj Gen Ahsan said they were notified of the breach two days ago (from yesterday).

The project director of BGD e-GOV CIRT was called and texted for comments but he is yet to respond.