Feature Img

Nizamul-Huq-nasimFour digits led to tech reporter Mat Honan’s digital life falling apart earlier this year: the four digits of a credit card that Amazon considers unimportant enough to display in the clear, but Apple considers secret enough to authenticate one of their customers. The people who wanted to hack Honan, used this flaw to take over Honan’s Apple ID account, which gave them access to his Gmail, which in turn allowed them access to his Twitter – which was what they were after in the first place.

Mat Honan is hardly a beginner when it comes to the Internet – and got hacked. His story shows how seriously we need to be taking privacy and sensitive information on the Internet. When communicating via the Internet, it’s usually best to assume that everything is public. When writing on Facebook, imagine your post turning up on the front page of the newspaper the next day. When accessing your Gmail account, remember that Google’s programmes are reading through every message to generate advertising for you. And when talking on skype, imagine the whole world is listening in.

Justice Nizamul Huq would have done well to remember all this when discussing the cases before the International Crimes Tribunal with Ziauddin Ahmed via skype and exchanged messages via e-mail. The reports had me facepalming at the naive belief, that this would somehow be a secure channel on which such sensitive issues could be discussed.

HackingTo be clear, I’m not arguing that Justice Huq got what he deserved. It is always wrong to get robbed, but you should seriously consider not leaving your front door unlocked. Especially, if you have valuables at home that would be irreplaceable if lost. A judge using unencrypted e-mail and skype* to correspond regarding one of the most important trials in the history of Bangladesh was essentially doing exactly that.

E-mail is like a postcard

This is because skype and e-mail – as generally used – are some of the most insecure forms of communication available.

The real-world equivalent of an e-mail is a postcard. E-mails are usually passed from server to server in the clear and any administrator of any one of these servers can read through the message, if he or she likes. Your e-mail company does this to weed out spam, if you’re living in certain countries your government is probably reading your messages and even in countries like Germany, ISP’s are obliged by counter-terrorism laws to search their users’ e-mail correspondence for certain keywords.

Same with skype. Forget that skype has repeatedly given out user data to security firms and national agencies. It’s been only a few weeks since reports surfaced about how a skype account could be stolen by anyone using only the e-mail address of their victim (Security hole allows anyone to hijack your Skype account using only your email address). The hole has since been plugged, but you really don’t want to be using skype to make sensitive calls.

Both e-mail and chat/voice conversations on the Internet can easily be made much more secure by using programs that support a form of public key encryption (Public-key cryptography). What it does is scramble the communication so that it can only be accessed by someone who is in possession of the right key. Since you generate your own keys, there’s no reason why they shouldn’t be completely secret – unless your computer has somehow been compromised. In which case there’s not much hope anyway (if you think this is the case, format your hard drive and reinstall your operating system).

The pitfalls of “Digital Bangladesh”

Digital-BangladeshBut the problem in Bangladesh is broader. This government’s catchphrase of a “Digital Bangladesh” conjures up ideas of technological progress, but fails to remember that living with the Internet and with a widespread computerization of our daily life also means that people need to be aware of what risks they’re getting themselves into. More importantly, the government needs to be putting in place standards that protect privacy and personal data – and enforcing them.

This, however, is hardly the case. One part of the “Digital Bangladesh” project seems to be a massive overhaul of the government’s websites. This has, shockingly, included the publication of thousands of sensitive data points. The fact that you can find the residential phone numbers of all the officers of the foreign ministry (including the minister’s) online, is just the tip of the iceberg. What is far more concerning is that many government institutions have published their employees’ “Personal Data Sheets” online – a record that includes sensitive contact information (including postal addresses, e-mail and mobile numbers), their National ID numbers, details on their education and details on their parents.

Remember Mat Honan? His hackers had far less information on him and took apart his life.

*I have absolutely no knowledge whether Mr. Huq was using encryption. I assume he wasn’t.

Lalon Sander is a Bangladeshi-German journalist.

12 Responses to “Why judges should not be skyping about work”

  1. mithun ahmed

    The important point is not that the conversation got hacked. It is getting hacked all over the world. The important point is the content of the conversation and what it shows. There must be something seriously wrong in the state of Bangladesh. It looks like a cuckoo’s land.

  2. Munim

    The government must provide some sort of training to all its officials as regards internet security.

  3. Samir Ahsan

    This write-up should act as a wake-up call for our “Digital Bangladesh” authority. We must be aware of the loopholes and fragility of online communication. Otherwise incidents like this will continue to take place.

  4. CCU

    Excellent write-up. Thank you Mr Lalon. I really hope our policymakers read this piece and take note. Thank you once again.

  5. Tania

    This is very important for everyone, especially for people who are in the sensitive department regardless of your profession. If you go online even for facebooking make sure your precious VPN is on.

    Also use a secured password manager.

    But at the end of the day, If they want to see, they will see your inside out. These are usually third party firms who did the hacking of this judge. But those top notch government and especially private intelligence firms could surprise us all. Cause their method is provocative and genuine that even if your cellphone is turned off they can pin point you in the map. They can monitor your total online activity, in that case cracking or hacking gmail/skype is totally unnecessary or is just a pres of a button.

    let’s not even talk about satellites.

    As a citizen of this modern age sometimes i do feel quite insecure whenever my thoughts arise against the status quo. What a cat and mouse game we are playing. Like lalon Sandar is already being watched by someone in this government probably, and they are also being watched by other international predatory eyes.
    It is the age of the stupid.

  6. Tarin

    A very interesting article which I am sure more than half of the ministry staff are unaware of critically…a huge contrast to the image of DIGITAL BANGLADESH rightly portrayed!!!

  7. Yamuna Zaman

    This Judge is a national/international disgrace. He deliberately “hit and run” the image of true ICT along with Bangladesh overall judicial process.

  8. Ahmed Ziauddin

    Another pointless opinion piece from the government mouthpiece bdnews24. How about publishing comment about the content of the conversations.

Comments are closed.