A serious breach has occurred in the ASYCUDA World software system, used for customs automation, as a smuggling syndicate accessed the system using a customs officer’s credentials to release goods illegally. This incident has prompted the National Board of Revenue (NBR) to intensify its efforts to prevent such recurring irregularities.
According to an NBR report on Tuesday, November 19, the breach took place on May 20, 2024. Using the user ID of Deputy Commissioner Mohammad Zakariya from Chattogram Customs House, the perpetrators logged into the system and cleared a container of imported cigarettes valued at approximately BDT 60 million. At the time, Zakariya was receiving medical treatment in Kolkata. The entry occurred at 11:33 PM, and the unauthorized individual bypassed One-Time Password (OTP) verification, which was supposed to be automatically sent to Zakariya’s registered number.
An investigative committee, formed on October 22 with seven members, revealed that the system was not hacked but accessed using stolen login credentials from the officer’s computer. Law enforcement, including the Bangladesh Police Cyber Crime Unit, is assisting NBR in identifying and prosecuting the culprits.
NBR’s public relations officer, Syed A Mumen, emphasized the gravity of the incident and highlighted ongoing measures to hold the perpetrators accountable. Two separate investigative teams, led by customs intelligence and an NBR member, are currently conducting parallel inquiries.
This is not the first breach of ASYCUDA World. In prior incidents, smugglers attempted to release contraband, including alcohol, and even utilized the IDs of deceased customs officers to process illegal shipments. Over the last six years, more than 50 similar breaches have been reported, including the disappearance of 222 containers in 2019.
To mitigate these risks, NBR has introduced stricter security protocols, including prohibiting social media usage on systems linked to ASYCUDA, mandating strong passwords with automated resets every 21 days, and disabling reuse of the last three passwords. The three-tiered security now also includes Two-Factor Authentication (2FA) and IP device binding, restricting access to authorized devices only.
About ASYCUDA
The Automated System for Customs Data (ASYCUDA) is a computerized customs management platform that handles trade operations, clearance, and tax declarations. It is integral for statistical economic analyses and ensures streamlined trade processes through advanced security measures.
