Biman's server comes under cyber attack

Biman Bangladesh Airlines
File photo

The e-mail server of National flag carrier Biman Bangladesh Airlines came under cyber attack by hackers a week ago and it is yet to be restored.

The hackers demanded a large sum of money for not disclosing the confidential information restored in the hacked server. Biman has only three days left to pay off the ransom, informed an internal source.

Biman's e-mail server was attacked by ransomware, the malicious software aka malware that hinders entry into saved data of computers, smartphones or digital devices.

The source informed, after hacking the server the hackers cautioned Biman several times and demanded five million dollars. At around 2:00 pm on 17 March, hackers demanded for the first time before claiming to Biman that they have over 100 gigabytes of personal and confidential information of Biman.

Moreover, they downloaded huge amounts of data from the internal network of Biman and if it does not pay them they will reveal those information through their blogs.  

Hackers also told Biman that they will return all the information to Biman and activate the server once they receive the demanded sum.

Later on they will destroy the collected information. Hackers claim they have information regarding flights of Biman and they also claim they have information about passengers, passports of the staff and about the carriers. 

The hackers gave Biman 10 days to pay the money. So, the national flag carrier has only three days in hand now. According to sources, Biman has written to the Digital Security Agency regarding the matter and they started working. 

Meanwhile, Biman claimed in a media release that the media is spreading misleading information about the cyber attack on their server. It said their server along with some computers came under malware attack on 18 March. They disconnected the server immediately and closed the email service. 

The email accounts associated with the operation of Biman are kept functional with help of Microsoft cloud service, it added. 

However, Biman managing director Shafiul Azim told Prothom Alo on Friday that their server has not been hacked, rather it came under malware attack. They disconnected the server and it led to some complications in the email service. 

“The issue has been resolved. But rumours are being spread over server hacking and demanding money,” he added. 

It was learnt that the Biman did not issue any letter to the Digital Security Agency immediately after sensing the issue. Rather, they reported the issue to the agency after the mishap was reported in the media. 

The government declared 29 organisations, including Biman Bangladesh Airlines, as critical information infrastructure in September last year. There is a draft policy on how the organizations will run. 

According to the Digital Security Guidelines - 2020, the critical information infrastructures would report to the national computer emergency response team (N-CERT) if their digital security is compromised. 

Information technology and security expert Suman Ahmed told Prothom Alo that Biman has to identify the extent of loss and take decision accordingly. In many cases the best practice of cyber security is not adhered here. Important organisations should ensure their own cyber security by recruiting experts.

Among the important government bodies, Bangladesh Bank faced a massive cyber-attack on 5 February in 2016. In the incident of cyber heist, $81 million was theft from the central bank.  It was later learnt that the money was transferred to four fake bank accounts of Philipines’s Rizal Bank. Only $15 million could be recovered. Intensive investigation is going on and cases are underway in over this cyber heist.

Other than government bodies, many private organisations were also victims of cyber-attack. BGD e-GOV CIRT in last September published a report titled ‘Ransomware landscape Bangladesh 2022’ on the cyber security situation in Bangladesh. The report said Beximco Group, Akij Group and Digicon Technologies Limited were also attacked by ransomware.

The report said the cyber ​​threat assessment and detection systems in the country’s organisations are not adequate. Also, there is also a lack of awareness among the high-level officials of the organisations regarding capacity building on cyber security.