Data leak: Cert 'already warned' of technical vulnerability
The government's Computer Incident Response Team (BGD e-Gov. Cert) said that the government's Computer Incident Response Team (BGD e-Gov. Cert) was informed last month about the vulnerability of the website from which the information of the citizens was leaked.
Engineer Saiful Alam Khan, project director of SERT, told bdnews24.com that the weakness of the website came to their attention during regular monitoring. In the first week of June, the agency was informed about the vulnerability of the website through a letter.
“This is our regular work. Such letters are regularly issued on individual website issues.
On July 6, TechCrunch, an information technology media based in the United States, reported that the personal information of millions of citizens had been leaked from a government website in Bangladesh.
According to the report, cyber security researcher Victor Markopoulos accidentally learned that the personal information of Bangladeshi citizens, including full names, phone numbers, email addresses and national identity card numbers, was exposed on the Internet.
Researcher Victor reported that he did not receive any response despite sending mails to several e-mail addresses of Bangladesh government's Cert to inform about the matter.
However, State Minister for Information and Communication Junaid Ahmed Palak claimed in an event on Sunday that SERT officials did not receive any such e-mail.
Cert officials now say that the concerned department was informed about the technical weakness of the website in the first week of June, but the department did not take it into account.
After the news was published on TechCrunch, Cert has also come under fire.
Stating that the problem of that website has been solved, Cert official Saiful Alam Khan said on Monday evening, "We heard today that they have solved the problem. We will monitor it again from tomorrow.”
Saiful Alam, however, did not want to reveal the name of the website.
However, another Cert engineer said that the site was giving too much information to the user as opposed to a simple query due to a structural flaw. Even in Google search that information was available. But only the responsible officer was supposed to get that information. Due to the weakness of the 'API' used during the creation of the site, the information of the site is open to all, which contains the information of about five million citizens.
ICT State Minister Junaid Ahmed Palak said in an event on Sunday, “There was a technical error. Due to which the information became public. It has not been attacked by cyber criminals or hackers.
“There was a technical error. Because of that when they are inputted there to verify a piece of information, it gets exposed very easily.”
