"The biggest thing I saw that was really dangerous was a bunch of IMEI numbers," he says, referring to the identifying code given to each individual cell phone. "With those, you can actually track the device or clone the device." The NTMC has not acknowledged or responded to WIRED's questions about the leaked information, including those about its purpose and the amount that has been gathered. The press office of the government of Bangladesh and the Bangladesh High Commission in London also did not respond to requests for comment. Markopoulos reported the exposed information to Bangladesh's Computer Incident Response Team on November 8, and it acknowledged his message and thanked him for disclosing the "Sensitive exposure." In an email to WIRED, the CIRT said it had "Notified the issue" to the NTMC. The database appeared to be offline ahead of the publication of this article. Markopoulos says that on November 12, the database was wiped and in its place appeared a ransom note by an unknown attacker or group of attackers. The note demanded payment of 0.01 bitcoin, or the "Data will be publicly disclosed and deleted." Both Markopoulos and Fowler say this is common for exposed databases of this kind. New entries have started appearing in the wiped database, Markopoulos says, and they include a "Search log" index that may indicate the system is still in use. The NTMC, which emerged from a previous monitoring body in 2013, describes itself as an organization that provides "Lawful communication interception facilities" to other agencies in Bangladesh, which has a population of 167 million. It is responsible for setting up and developing an "Interception platform," and ensuring that it operates 24/7, according to its website. Recent reporting has claimed that 30 agencies are linked to the NTMC using APIs, and that it incorporates records from mobile operators, passport and immigration services, and other bodies. In January, the NTMC reportedly purchased surveillance technology from companies headed by Israelis, and government ministers have discussed the NTMC intercepting social media data. A telecoms expert who has worked in Bangladesh, who requested anonymity over fears of government retaliation against their family, alleges that as a "Lawful intercept center," the NTMC can collect huge volumes of data. "They are not only collecting call data records from mobile companies, but also, they are collecting logs and detailed records, session history, from internet providers," they claim. "It's really powerful, and the kind of surveillance that they do is more powerful than European countries," they add, citing Bangladesh's lack of legislative parallels to Europe's strict data protection laws. In recent weeks, protests against the current government have rocked Bangladesh as a crackdown has happened against those in opposition, ahead of the country's next round of elections in 2024. One Bangladesh-based researcher who asked not to be named, fearing repercussions, says they "Expect to see more surveillance and targeting of individuals" ahead of the elections next year. "I think the number one priority has to be to make individuals, especially activists aware of the surveillance system and understand how to be safe online," the researcher says when asked about digital rights. "When, in the country, people are fighting for their basic rights-such as securing their daily livelihood and fighting for their political rights-digital rights come much later."
This Cyber News was published on www.wired.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000