NBR server breached again

A cybercriminal gang attempted to release a container of liquor worth Tk 14 crore from Chattogram Port after breaching the National Board of Revenue’s server using login credentials of two customs officials.
The gang reportedly accessed the server over 100 times, using the user IDs and passwords of the officials to release the goods, which were seized by customs on September 4.
Customs records reveal that the consignment was imported by Narayanganj-based Supreme Smart Wear Limited, a readymade garments factory, from China on December 18 last year.
A case was filed yesterday at Bandar Police Station, implicating eight individuals, including Supreme Smart Wear Limited Chairman Anisur Rahman Sinha, Ashraf Hossain Raju, Md Ripan, Mizanur Rahman, and four owners of Hafiz Trading—Khaled Hossain Mamun, Md Bakir Hossain, Abdul Gafur Bhuiyan, and Usuf Afjal.
Hafiz Trading, a clearing and forwarding agent, had submitted documents to customs to release the goods on behalf of the importer.
According to the import records, Ashraf Hossain Raju, Md Ripan, and Mizanur Rahman collected the documents from a shipping agent and submitted fake import papers to customs and the port authorities.
However, both the importer and C&F agent deny any involvement in the illegal activities.
Khaled Hossain Mamun, chairman of Hafiz Trading, said, “We are unsure who used our C&F agent license name to release the consignment of liquor. I have cooperated with customs to identify the perpetrators.”
The gang reportedly used the login ID of Mohammad Zakaria, deputy commissioner of Chattogram customs house, to register the consignment in the NBR server (ASYCUDA World System), and that of Revenue Officer Sunia Sarkar Liza to assess the consignment.
Officials explained that authorised access to the NBR server is restricted to specific IP addresses, and requires a one-time password sent to the user’s mobile phone for verification.
However, investigators revealed that the gang accessed the server from different IP addresses, and no OTPs were sent to the concerned officials’ phones.
Both Zakaria and Sonia Sarkar deny any involvement.
“I am not sure who is using my user ID because I did not receive any message from the server on my designated mobile number,” Sonia Sarkar said.
This is not an isolated incident.
In the last three years, at least 38 imported consignments were released illegally using the login credentials of eight revenue officials.
Chattogram Customs has filed several cases and formed investigation committees, but has so far failed to identify the perpetrators.
Customs Commissioner Mohammad Fyzur Rahman said, “Our preliminary investigation suggests a large gang is behind these frauds. We expect law enforcement agencies to uncover the full picture.”
Bandar Police Station Officer-in-Charge Kazi Mohammad Sultan Ahasan said, “We have received a case application from customs but no action has been taken yet. A detailed investigation will begin soon, involving senior officials.”