Beanibazarview24.com Desk, 02 Jan 2017,
Hackers have launched a brazen attack on as many as four dot bd domain websites in a virtual mockery of Bangladesh’s digital security arrangements.
Search engine giant Google’s dot bd version is among the sites affected.
The other sites are robi.com.bd, banglalink.com.bd and ittefaq.com.bd.
Although telecom operator Robi has managed to recover their website, the other three sites have been in blackout even after 17 hours.
The attack comes within 10 days of a similar cybercrime.
Asked about the incident, International Internet Gateway (IIG) organisation Fiber@Home’s Chief Strategy Officer Sumon Ahmed Sabir told bdnews24.com, “This time the hacking was done from Bangladesh. A person has written on his Facebook profile that he has done it to protest against the BTCL callousness (regarding digital security).”
The BTCL has so far been tightlipped about the issue. Banglalink officials have said that they are working to resolve the problem.
All non-government .bd website search requests are routed through the BTCL gateway.
Owing to inadequate security arrangements, if anyone can gain access into the BTCL DNS entry, they can redirect the search request so that the user cannot access the desired site.
The search request is instead redirected to a hacker-selected website.
Using this security vulnerability, a Pakistani hacker on Dec 20 redirected search requests away from google.co.bd.
He also left the words “Security is just an illusion” posted on the redirected destination.
The incident apparently failed to have served as a wake-up call for the BTCL.
With the security loophole still unplugged, the latest hacker, who goes by the name “Akash” on his Facebook profile, mounted another attack on as many as four .bd websites .
He has redirected the four sites of Robi, Ittefaq, Banglalink and Google Bangladesh to his own Facebook page, making a mockery of digital security arrangements boasted of by the authorities.
Explaining why he went on to do such a thing, he said he had spotted the security lacunae on Sep 23 and had called up BTCL and asked them to fix it.
But that warning failed to move them.
“As a result, on Dec 20, a Pakistani hacker mounted a hack. I wonder when the callousness regarding security is at home, and someone from outside hacks into our sites and puts us to shame, whose fault is it anyway?
“The fault is of those in the BTCL who are being careless about security.
“Now the prime minister has launched dot bangla. She is taking the country towards a digital Bangladesh. But the callousness of a handful is leading to a collapse of cyber security in the country,” the hacker observed on his Facebook page.”
He said just as he had redirected the four sites, any number of sites could be made to do the same.
Writing on his Facebook page, he also observed that all one needs is to use the loophole of the BTCL.
He urged the authorities to ponder over the danger that looms due to the security snag.
He asked the authorities to think over the catastrophic situation that would arise if someone fancied hacking into the various government and other important websites.
“Pakistani hacker shames us. Yet no lesson is learnt. They say when you cannot do something the straight way, you need to bend your ways. So here on the last day of the year, #31st, I am forced to do it,” he wrote.
Clarifying that what he has done is not hacking nor is he a hacker, he said the developer on duty can fix the bug quickly.
He said he did this in an attempt to expose the security lapse that could threaten the digital security of Bangladesh and make it vulnerable to attacks by hackers from outside the country.
Urging the state minister for telecoms and state minister for information to take corrective action, he ended his message with “Joy Bangla.”
Fiber@Home’s Sabir said he doubts if BTCL has the know-how to deal with the technical nitty-gritty of the issue.
A Robi official said they have taken corrective measures after receiving inputs about the attack on Sunday morning. A Banglalink official has also said they are looking into the issue.
However, when contacted, BTCL Director (Public Relations and Publicity) Mir Mohammed Morshed declined comment.