Editorial

Why can’t the NBR protect its server?

Its vulnerability to hacking has emerged as a serious security threat
VISUAL: STAR

The ease and frequency with which cybercriminals continue to breach the National Board of Revenue (NBR) server is disquieting. According to a report by this daily, a cybercriminal gang attempted to release a container of foreign cigarettes from Chattogram Port after breaching the NBR server with the login credentials of a customs official. Acting on a tip-off, officials seized the container loaded with 50 lakh sticks of cigarettes worth about Tk 5 crore. The breach of the server came to light on Saturday after an investigation into the incident.

Despite the successful intervention, what worries us is that the breach could have led to something far more sinister. It shows once again the vulnerability of the NBR server to hacking which is proving increasingly difficult to address. Reportedly, following previous incidents of server breach, the NBR took some steps like the use of particular login IP and sending OTP to mobile phones of officials with proper authorisations. However, the latest breach has demonstrated that these measures are not enough. Criminals somehow managed to use the login credentials of a deputy commissioner of Chattogram Customs House to register the consignment with the NBR server, and also to access the server from a different IP address, while no OTP was sent to the mobile phone of the official concerned.

Over the last few years, at least 38 imported consignments of goods were released illegally by using the IDs of at least eight revenue officials. Investigators said a cybercriminal gang was involved in those incidents; however, they failed to identify the gang. After a few such incidents in 2022, it was discovered that earlier measures taken by the NBR had been insufficient to prevent its servers from being breached. The institution itself admitted that its technological safeguards could not thwart them. Even though these concerns have been well-known, the fact that the authorities have still failed to address them properly is unacceptable. Another major concern is that despite repeated breaches, the probe committees that have been formed failed to identify the perpetrators or answer many critical questions raised by the incidents.

The entire security system of the NBR seems to be way below par, and the danger that it poses to our national security is disturbing. Against this backdrop, the NBR should urgently stamp down on such breaches by strengthening the security of its servers. Customs officials and others should be more vigilant about cybercrimes. And considering the gravity of the threat posed by such crimes, the authorities should consider involving independent experts who can look into what's really happening and suggest solutions.

Comments

Why can’t the NBR protect its server?

Its vulnerability to hacking has emerged as a serious security threat
VISUAL: STAR

The ease and frequency with which cybercriminals continue to breach the National Board of Revenue (NBR) server is disquieting. According to a report by this daily, a cybercriminal gang attempted to release a container of foreign cigarettes from Chattogram Port after breaching the NBR server with the login credentials of a customs official. Acting on a tip-off, officials seized the container loaded with 50 lakh sticks of cigarettes worth about Tk 5 crore. The breach of the server came to light on Saturday after an investigation into the incident.

Despite the successful intervention, what worries us is that the breach could have led to something far more sinister. It shows once again the vulnerability of the NBR server to hacking which is proving increasingly difficult to address. Reportedly, following previous incidents of server breach, the NBR took some steps like the use of particular login IP and sending OTP to mobile phones of officials with proper authorisations. However, the latest breach has demonstrated that these measures are not enough. Criminals somehow managed to use the login credentials of a deputy commissioner of Chattogram Customs House to register the consignment with the NBR server, and also to access the server from a different IP address, while no OTP was sent to the mobile phone of the official concerned.

Over the last few years, at least 38 imported consignments of goods were released illegally by using the IDs of at least eight revenue officials. Investigators said a cybercriminal gang was involved in those incidents; however, they failed to identify the gang. After a few such incidents in 2022, it was discovered that earlier measures taken by the NBR had been insufficient to prevent its servers from being breached. The institution itself admitted that its technological safeguards could not thwart them. Even though these concerns have been well-known, the fact that the authorities have still failed to address them properly is unacceptable. Another major concern is that despite repeated breaches, the probe committees that have been formed failed to identify the perpetrators or answer many critical questions raised by the incidents.

The entire security system of the NBR seems to be way below par, and the danger that it poses to our national security is disturbing. Against this backdrop, the NBR should urgently stamp down on such breaches by strengthening the security of its servers. Customs officials and others should be more vigilant about cybercrimes. And considering the gravity of the threat posed by such crimes, the authorities should consider involving independent experts who can look into what's really happening and suggest solutions.

Comments