Info of 50 m citizens leaked on dark web!

Circulates tender to for sale

Special Correspondent: Data of 50 million citizens stored in the government’s ‘Sukrasha’ vaccination management system for Covid-19 is feared to be leaked on the dark web. Recently, a site was also advertised for the sale of these data. These leaked information includes citizen’s name, father’s name, mother’s name, date of birth, mobile number etc. In this regard, the government’s ICT department officials said that the security server has no chance to be hacked by hackers. Despite this, it is not possible to say anything clearly about these information being leaked on the dark web.
According to information and communication technology department sources, security system information has been circulating on the dark web for two weeks. The value of this information is $1,302 dollars.
The information of five crore Bangladeshi citizens was exposed for sale on a dark web market site from an ID named McAnthony. A video related to this has come to the hands of media.
Two officials of the Directorate of Information and Communication Technology said that the private technology company Tiryak Private Limited is in charge of managing the security system. While the Department of Information and Communication Technology is in charge of the security system, Tiriya as a vendor is responsible for the maintenance of the security system. Currently only four people in the department have access to that server.
They are the system manager of the department Masum Billah, programmer Haroon Or Rashid, Abdullah Al Rahman and Gholam Mahbub. When asked about the matter, programmer Haroon Or Rashid told, “We started this program during the time of Covid. It has been almost three years. Now there is no protection anymore. The system is idle. But a few days ago, we checked the security system, we did not find any incident of hacking.
On the question whether it is possible to get data in any other way than hacking, he said, “I don’t know if there is any other way to get data other than hacking.” We had a cyber-attack from Hungary during the pandemic, when the servers were operating normally. Data theft was not yet possible.
The government’s cyber threat intelligence unit is being run by the Bangladesh e-Government Computer Incident Response Team (BGD e-Gov SERT). On the condition of anonymity, an official of the unit told, “Since the start of the Covid vaccination campaign, hackers have created some domains matching the domain of the security system. At that time, if you search by writing security, these domains will come up in Google. Citizens would unknowingly enter these domains and provide information and it would go to hackers. Filling the information in these domains did not work. Now they can leave this information on the dark web. Besides, there is a possibility that someone who has access to the server can download the data and sell it. However, it will retain the download footprint. If someone deletes the download history, it will be possible to find out his identity through forensic search.
Officials of Tiryak Private Limited, the vendor of the security system, claim that their system is secured in several steps. No one is supposed to hack it or gain access to it at will. The cyber security unit of the government will be contacted in this regard. They will take the next steps in this regard.
When asked, Tiryak’s Chief Executive Officer (CEO) Rifat Rahman said, “Our system is secured in several steps including VPN (Virtual Private Network). Anyone can gain access here. If such a big event has happened, then we should definitely know. Our security system has not been hacked yet. The server is very secure. If someone responsible has downloaded the data without being hacked, his footprint will also be here. Government’s Cyber Threat Intelligence Unit has BGD e-Gov cert, we will contact them. They will check and take the next steps.
An official of the Bangladesh Computer Council (BCC) said on condition of anonymity that the main security server is secured through the VPN network of Tiryak Private Limited. Since there is no direct internet connection with it, it is not possible for any hacker to enter here even if he wants to.
When contacted to know about this, BGD E-Gov Cert Director Engineer Mohammad Saiful Alam Khan said, “Many such advertisements are available on the dark web. It is fake.’ No further statement could be obtained from him.