Swindlers take advantage of weak Ctg customs cyber security
Fraudsters unlocked 4,000 consignments worth Tk850cr from port using user ID of a retired customs officer
If you are so busy that you struggle to manage time for updating your Facebook status, would you give your user ID and password to others to do that for you? The answer will be a big no.
But some Chattogram Customs House officials do not mind giving the credentials of an automated revenue software to unauthorised people. Although the software means serious international trade and transport operations, they often log into the system while surrounded by clearing and forwarding (C&F) agents, and sign in to the system from outside of the office. The Customs House authorities do not even deactivate IDs of officials who are no longer with them.
Because of such unthoughtful attitudes some customs insiders having links with cybercriminals have led to breaches of the Chattogram Customs House server time and again, said officials concerned.
The breaches cost the government with either huge import duties in dodged taxes or by providing the scammers with incentives against exports that do not exist.
"There are imminent risks and vulnerabilities in the automated revenue collection. If the issues are not addressed, the purpose of the automation – which improved revenue collection – will remain elusive," M Fakhrul Alam, commissioner at the Chattogram Customs House, wrote in a letter to the National Board of Revenue on 17 November after detecting at least two breaches in that month alone.
In the latest incident, scammers breached the revenue system to falsely show export of goods worth around Tk12.78 crore. They used the credentials of two customs officers to access the server. One of the officials said he had let others update the revenue data owing to a heavy workload.
In the letter, the customs commissioner, however, added that his staff are supposed to require one-time password (OTP) for each log-in to Automated System for Customs Data (ASYCUDA) – an integrated customs management system for international trade and transport operations for import, export and transit procedures, but the users still can access to the system without an OTP.
After the scandalous discovery, a four-member probe body was formed by the Chattogram customs on 15 November as the finger was pointed at the C&F agent Prottoy International. Its officials were said to have shipped cargoes to the UAE, Singapore, Malaysia, Denmark and the Maldives.
Earlier, the fraudsters unlocked 4,000 consignments worth Tk850 crore from the port using the user ID of a customs officer who had retired four years ago. They have also used another ID of a retired official to log in to the system 3,681 times. The customs intelligence also found involvement of eight customs officials collaborating with the C&F agents in such scams.
Altaf Hossain Chowdhury Bachchu, general secretary of the Chattogram Clearing and Forwarding Agents Association, said, "We demand full implementation of the OTP system for every access to the server to prevent frauds and scams. If the OTP requirement had been there, the officials could not have claimed that their credentials had been stolen."
Chattogram Customs Commissioner Fakhrul Alam said, "Such forgeries could not have taken place if the OTP system had been fully operational."
He told The Business Standard that investigations were underway against the officials whose IDs were used and businesses who were found involved in the forgeries. Legal action will be taken against them.
Syed Golam Kibria, a member of the revenue board, said, "Some fraudsters breached the system although we upgrade the ASYCUDA software every year. The revenue board will ramp up the server security further.