Oops. Bangladesh’s intelligence agency NTMC accidentally exposed an unsecured database that contained a lot of personal information: names, phone numbers, email addresses as well as vehicle details and digital fingerprint photos and other sensitive data. The exact nature and purpose of this extensive collection of information remains unclear, with some items appearing to be test data or incomplete data.
The nickel-plated feet of intelligence
Viktor Markopoulos, a security researcher for CloudDefense.AI, discovered this insecure database and linked it to NTMC. More than 120 data indices have been identified that reveal information and metadata that could reveal the behavior and interactions of the people being monitored.
In any case, this leak revealed the extent of the surveillance carried out by the NTMC and raised numerous concerns about the use and security of this data. Jeremiah Fowler, a security consultant interviewed by Wired, confirmed the database’s connection to the intelligence service and particularly noted the risks involved, including the possibility of tracking or cloning devices via exposed IMEI numbers.
The NTMC did not respond to questions about this leak, including questions about the objective pursued and the extent of the information collected. The database was taken offline before the leak was discovered and later deleted. It turns out that the database was accessible to anyone who knew how to search: hackers therefore targeted it and are now demanding a ransom. However, new entries seem to indicate that the system is still functional.
This data leak not only exposes security vulnerabilities in Bangladesh, but also government surveillance practices. The revelation of this story certainly confirms the need for greater transparency and the implementation of data protection measures.
Bangladesh prepares for 2024 elections: This extraordinary leak shows increased surveillance, particularly by political opponents. Therefore, citizens, and especially activists, need to be aware of these passive spying systems and understand how to protect themselves online. In Bangladesh as elsewhere.