Throughout the year 2023, the country’s cyberspace was turbulent. Four events in this year and six other events during the previous year have shaken the cyber ground of Bangladesh alarmingly. Among those, the months of July and August were at the center of discourse. The month has been discussed over the fact that more than 5 crore Bangladeshi citizens’ information was leaked online and the voters’ information was exposed on the ‘Telegram channel’. Scams in Krishi Bank, Beximco, Biman Bangladesh have been discussed a lot. The incidents of hacking many social media pages also came in the discussion. Manufacturing factories have also been affected.
The year 2023 is being over through various incidents related to data theft. Bangladesh has been hit by ransomware attacks throughout the year. New risks in attacks using AI must be forewarned in 2024. While looking back, it will be evident that in 2023 cyber crooks targeted the government service sectors as well as banks or financial institutions. However, in each of these cases, ignorance, laxity and unawareness of the netizens have been seen as major flaws. So, the whole nation has to meet the challenge of keeping every sensitive information secure – be that personal, institutional or business related. Imdadul Haque has shed light over the matter.
Look back Cyber Bangla 2023
Incident-1
Smart NID data leak: In July 2023, more than 50 milion data of Bangladeshi citizens were leaked online. The information of the voters was again exposed in the Telegram channel. Sensitive personal information of millions of Bangladeshi citizens was exposed on the Internet mainly due to security lapses in a Bangladeshi government website. The leaked data included more than fifty million user names, dates of birth and National Identity Card (NID) numbers, which came within reach through a Google search. By entering the 10-digit NID number in Telegram, the person’s name, gender, parents’ names, phone number, address, photo and other details were matched. According to a public report, the hackers have leaked sensitive personal information for months through an unsecured database of National Telecommunication Monitoring Center (NTMC).
Incident-2
Recovery of 26,777 hacked documents of RAJUK
On December 29, 2022, the leading national daily Prothom Alo revealed the loss of ‘30,000 customer documents’ by the Capital Development Authority (RAJUK). The High Court then sought an explanation regarding the disappearance of customer records from RAJUK’s servers on January 2, 2023. A period of 30 days was given for the explanation about this.
According to RAJUK’s affidavit, documents stored in BDCSL’s data center were deleted on December 6, 2022 and the Construction Permit (CP) system was shut down after the malicious attack. The system was later reactivated on 21 December. Meanwhile, out of 30 thousand documents hacked last year, 26 thousand 7 documents have been recovered. In response to the allegations of data theft, the RAJUK chairman said that RAJUK does not have its own server. In other words, vendor dependency and lack of security awareness were the main reasons behind the cyberattacks.
Incident-3
Ransomware attack on airline e-mail server under investigation
On March 17 this year, the e-mail server of Biman Bangladesh Airlines was hacked. After the attack, its servers went down and all internal communications were disrupted. Hackers gave 10 days ultimatum to release 100GB data of hacked information to public. And the hackers demanded a ransom of 5 million dollars to regain access to the server.
According to news reports, in addition to the March 17 cyberattack on Biman, hackers sent a message that read ‘Hello’ and had a yellow, parallelogram-shaped logo using the unique malware ‘Zero Day Attack’. On March 22, the alleged hackers sent a message to Biman, which read, ‘You said in the media that, no information has been leaked. But you are wrong.’
The hacked information included passengers and employees passport details and other carrier reports. The attackers claimed to have access to Biman’s software for human resource management, financial resource management and enterprise resource planning. The software was integrated with other systems including planning, financing and inventory maintenance. Hackers claimed to have access to ‘BimanProd, BGDBF and TRAIN’ databases.
Incident-4
Krishi Bank’s server hijack
On June 21, 2023, Bangladesh Krishi Bank’s servers were hijacked by notorious blackcat hackers. They stole 170 GB of sensitive data from the Bank. The group is also known as the ransomware group ALPHV. In a post of ALPHV on July 7, it is said that we have been in Krishi Bank’s network for 12 days after successfully breaching the bank’s security. Accessed over 170GB of sensitive data here. Any document using this data is sufficient to disable the download and operation.
Incident-5
25 government websites of Bangladesh were hacked by Indian hackers
A group of hackers from India stole the information of 25 government and private institutions in Bangladesh through a coordinated cyberattacks. In this attack, the information of sensitive institutions like the Investment Corporation of Bangladesh and the Department of Health were leaked. Among them, the official website of Investment Corporation of Bangladesh has information of about 10,000 investors and investment applicants. According to the investigation, Bangladesh has had to be grinded in the cyber world in stages throughout the year due to lack of security knowledge, reliance on third parties and shortage of cyber security experts.
Incident 6
At least 147 Bangladeshi institutions have been affected by recent cyber attacks
Bangladesh recently witnessed a large and coordinated cyberattacks, affecting at least 147 public and private institutions, including banks and non-bank financial institutions (NBFIs). Various public and private institutions including Bangladesh Bank, Bangladesh Telecommunication Regulatory Commission, Lanka Bangla Finance, Standard Bank, Trust Bank, Bank Asia, Dhaka Bank, Evercare Management Group, Evercare Hospital Dhaka, Bangla Track Communications, Agni Systems were in this list. Not only in Bangladesh but all over the world these attacks have been carried out and hackers have taken advantage of MES vulnerabilities.
The observation says that there has been ‘tremendous development’ in terms of IT infrastructure in the banking sector. Still, banks lack sufficient security measures to protect them from cyberattacks. However, cyber security awareness and successful preparation can significantly reduce the risk of an attack. For this reason, employees should be provided with proper training or strong safety protocols. Up front can make social engineering or phishing situations even riskier.
Advising Engineer Mushfiqur Rahman of Cybercrime Awareness Foundation on risk management said, organizations using information technology must be very careful about security. Because 98% of the technology used in Bangladesh is made by foreigners. So, using our open-source technology and making customized software and apps will be possible to protect ourselves from cyberwar as well as earn foreign currency.
He said that the country’s information technology experts should also take the industry along in creating the university curriculum with configuring the information technology. Initiatives should be taken to develop domestic software and apps.
On the other hand, Additional Deputy Commissioner of CTTC of Dhaka Metropolitan Police Nazmul Islam said that, although ChatGPT or Artificial Intelligence is the cause of headaches for law enforcement all over the world, the solution is also hidden. We can create an integrated defense system by using a pattern of immediate crimes and possible response combinations using machine learning methods with known issues using reverse engineering mechanisms. Therefore, I call upon the technicians of Bangladesh that we can work together to create a competent system. If those who are interested respond, then everyone should get into the field before it takes too much time to act for funding.