Bangladesh Intelligence Agency Exposes Personal Data via Unsecured Database

The Unsecured Database Exposed

A database belonging to the National Telecommunication Monitoring Center (NTMC), an intelligence agency in Bangladesh, was recently found to be unsecured, leading to the disclosure of personal data. This breach, which appears to have been unintentional, uncovered a vast array of information linked to the NTMC’s systems. Although the exact nature and purpose of the amassed information remain unclear, a security researcher who discovered the exposed database believes that even the test data within it provides insight into the agency’s operations.

A Glimpse into Signals Intelligence

This incident provides a small glimpse into the secretive world of signals intelligence and intercepting communications. While the exposed database does not include audio recordings of phone calls, it does contain metadata such as phone numbers and call durations. This metadata can be used to identify patterns in people’s behavior and their connections with others. In addition to call metadata, the leaked data includes personal details such as names, birth dates, sex, birthplaces, and parents’ names.

Numerous Entries and Some Test Data

The unsecured database contains over 120 indexes of data, each storing different logs. These indexes include categories such as satellite phone usage, SMS records, birth registration, prisoners’ lists, driving license information, and Twitter-related data. While some entries appear to be incomplete or incorrect, others contain valid information. Test data is also present in the database, providing clues about the intelligence agency’s interception strategies.

Unanswered Questions

There is still much that remains unknown about the exposed data. It is unclear why this data was collected, where it originated from, and how it was being used. No indication of any wrongdoing has been discovered, but the lack of clarity of purpose raises concerns about the potential misuse of personal information.

Security Consequences and Ransom Note

As an intelligence agency database, the exposure of IMEI numbers (unique identifiers for cell phones) could have serious security ramifications. These numbers can be used to track or clone devices. On November 12, the database was suddenly wiped, and a ransom note appeared demanding payment. While the database currently appears to be offline, new entries have reappeared, indicating the possibility that the system is still in use.

Concerns Regarding Privacy and Surveillance

As tensions rise in Bangladesh ahead of the upcoming elections, concerns about surveillance and individual targeting are growing. The NTMC’s collection capabilities extend beyond call records to include detailed logs and session histories from internet providers. As the researcher interviewed in this article mentioned, Bangladesh lacks strong data protection laws similar to those found in Europe. Activists and individuals experiencing targeted surveillance must be educated about safe online practices while fighting for their basic rights.

Source: A Spy Agency Leaked People’s Data Online—Then the Data Was Stolen