Cybercriminals breach NBR server again

A "cybercriminal gang" attempted to release a container of cigarettes from Chattogram Port after breaching the server of the National Board of Revenue with the login credentials of a customs official.

Acting on a tip-off, customs officials seized the container loaded with 50 lakh sticks of Mond cigarettes, worth about Tk 5 crore, at the port on Thursday, hours after a ship carrying the container reached the port.

The breach of the server came to light on Saturday after the officials launched an investigation into the incident. They found that Hamko Corporation Limited imported the cigarettes by providing false declaration and fake LC (letter of credit) documents.

The "gang" used the login ID of Mohammad Zakaria, deputy commissioner of Chattogram Customs House, to register the consignment with the NBR server (ASYCUDA World System), said customs officials involved in the investigation.

However, the importer and Zakaria denied their involvement in the incident.

Chattogram Customs House Commissioner Mohammad Fyzur Rahman has sent a primary report on the breach of the server to the NBR chairman with a recommendation that an investigation committee consisting of IT experts be formed to identify the "cybercriminal gang".

According to the primary report, the shipment was imported from Thailand with a declaration of carrying water purifiers. The consignment was registered with the server at 11:45pm on May 20 by using the ID of Zakaria. The data on the consignment was accessed again by the same user at midnight on May 21 to complete the clearing process.

According to officials, an authorised individual can access the NBR server only from a specific IP address. Once the individual uses his user ID to log into the server, an OTP (one time password) is sent his mobile phone for verification. This is done to restrict any unauthorised access to the server.

However, in this particular case, the "gang" accessed the server from a different IP addresses and no OTP was sent to the mobile phone of the official concerned, said investigators.

Customs Commissioner Mohammad Fyzur Rahman said, "The NBR had taken some steps after a large numbers of consignments were cleared from the port by using the IDs of customs officials to evade tax. Use of the particular IP and sending OTP to mobile phone are among those.

"After the latest incident of breaching the server, it seems that those measures are not enough," he told The Daily Star.

Mamunor Rahman, manager (supply) of Hamco Corporation, told The Daily Star, "We are not sure who used our company's name to import the consignment of cigarettes. We have requested the customs officials to investigate the incident to identify the culprits."

The use of the login credentials of customs officials to release imported goods is not a new phenomenon.

Over the last three years, at least 38 imported consignments of goods were released illegally by using the IDs of at least eight revenue officials.

Investigators had said a "cybercriminal gang" was involved in those incidents. However, they failed to identify the "gang".

Customs Commissioner Fyzur said, "I hope if an investigation committee consisting of experts is formed in this regard, we will get the real picture."