Probashi smart card fraud: BMET finds solution in shifting server
There have been frequent frauds regarding the smart cards that the migrant workers have to collect from the Bureau of Manpower, Employment and Training (BMET) while going abroad.
A total of 44 smart cards – 24 in the first phase and 20 in the second – have recently been compromised to a fraud group, bringing the issue to the limelight.
The smart cards can be availed in both online and offline. The BMET and the district manpower offices provide the cards in person, while the Amiprobashi app facilitates the online service. However, the BMET stores the information collected through both the channels in its server at the headquarters.
The mobile app, operated by a private agency, is seemingly involved with the recent round of frauds. According to sources, a total of 20 smart card applications through the Amiprobashi app were rejected initially, but were approved later between 27 December and 4 January.
The BMET formed a six-member committee to look into the incident on 10 January, while the committee reported back on 7 February.
According to the report, the 20 cards were approved by the BMET’s additional director general. The bureau’s director (employment) and additional director general (employment) have the authority to approve the rejected applications through due verification.
Two separate internet protocol (IP) addresses were used to approve 19 of the 20 cards through android handset, while the remaining one received approval through the additional director general’s computer. There was a scope to avail his system account and password as these were saved in his computer.
A responsible source of the BMET said the additional DG was on vacation during the period and additional DG (training) Ashraful Islam was in charge.
However, Ashraful Islam claimed before the investigation committee that he cleared no rejected applications during the period. He mentioned that there is an instance of hacking in the Amiprobashi mobile app’s server.
The app’s chief technical officer told the investigation committee that none of the app officials has the scope to do such things, except for the users of the server system.
Contacted, BMET Director General Saleh Ahmed Mujaffor refused to make any comment officially.
BMET to shift its server
According to a BMET source, among the 20 compromised cards, seven were issued in favour of recruiting agency Bangladesh Export Corporation (RL-803) on 2 January and one on 3 January. Besides, seven cards were issued in favour of Saad International Limited (RL-1068) on 1 January and five on 3 January.
Shamim Mahmud Patwary, managing director of Saad International, said they always maintain the rules in the application process and there are no allegations against them.
He further said that the recent smart cards were cleared through due application. He has no idea about the irregularities as none from the BMET contacted him in this regard.
When contacted, the other recruiting agency did not provide any comment over the frauds.
The investigation committee comprised representatives from the expatriate’s welfare ministry, the Amiprobashi app and the Bangladesh Computer Council (BCC) of the information and communication technology (ICT) division.
They did not blame anyone for the frauds, but mentioned that the Amiprobashi system does not have any one-time password (OTP) verification or automatic session out system. Taking advantage of the technical flaws, the hackers accessed the system using the additional DG’s account and got the cards approved.
Against such a backdrop, the BMET has taken an initiative to shift the server from its headquarters to the BCC custody. Individuals concerned said it is too tough to ensure safety to the server since it is operated through a much older version of software management. Hence, the fraudulent activities do not stop and the associated individuals do not get exposed.
One third of the server has already been shifted to the BCC custody, while the remaining portion is expected to be completed by this month.
Once everything is settled, the issuance of fraud cards will stop and the fraudsters will be identified easily thanks to the latest technology, said two responsible BCC officials.
24 cards through server hacking
Alif Overseas (RL-847) got a total of 24 smart cards issued on 31 December. The BMET officials sensed the issue while verifying documents in the third week of January as they did not find any input in the server against the cards.
The issue was reported in writing to the director general on 28 January, but no action was taken immediately to cancel the cards, according to a source.
However, Saleh Ahmed Mojaffar sent a letter to the deputy commissioner (city cyber crime investigation) of Dhaka Metropolitan Police (DMP) on 5 February, requesting an investigation into the 24 cards. The letter described the incident as unwarranted and embarrassing and sought action as per the law.
Alif Overseas owner Monirul Haque is now abroad for treatment. His son Akib Jabed told that they have no capacity to hack the BTME server and that they did not even apply for the 24 cards. He suspected that someone associated with the BMET might have done this.
On the condition of anonymity, a senior official of the BMET said the cyber police have been asked to investigate not only the 24 cards, but also the entire system of fraud. Also, the BCC was asked to look into the server one and a half months ago and submit their findings.
AFM Al Kibria, the DMP deputy commissioner, said the letter is yet to reach his office. They will consider the issue once the letter is received at the office.
Demand for punishment
Tasneem Siddiqui, founding chair of the Refugee and Migratory Movements Research Unit, said the workers might be deceived if they are sent abroad without proper verification.
“It is a good initiative that the BMET took note of the issue and is going to take action. The agencies involved with the frauds should be investigated and booked. Besides, it needs to introduce developed technologies in BMET management and ensure its security as an important site,” she added.
I have read so many articles regarding the blogger lovers
however this post is really a pleasant article, keep it up.
My blog post: vpn special code
I was suggested this website by my cousin. I
am not sure whether this post is written by him as no one else know such detailed about my trouble.
You’re wonderful! Thanks!
my web site – vpn 2024
Thank you a bunch for sharing this with all of us you really understand
what you’re talking approximately! Bookmarked. Kindly also discuss
with my website =). We could have a hyperlink trade arrangement between us
Feel free to surf to my blog: vpn special coupon code 2024 (vpnspecialcouponcode.wordpress.com)
obviously like your web site however you have
to test the spelling on several of your posts. A number of them are rife
with spelling problems and I in finding it very bothersome to tell the reality then again I will definitely come back again.
Also visit my site: what is vpn meaning
Hi, of course this piece of writing is genuinely good and I have learned
lot of things from it on the topic of blogging.
thanks.
Also visit my web blog vpn special coupon code
Highly energetic article, I enjoyed that bit. Will there be a part 2?
Feel free to visit my web blog vpn ucecf
After I initially commented I seem to have clicked on the -Notify me when new comments are
added- checkbox and now every time a comment is added
I recieve four emails with the same comment. Is there a means you are able to remove
me from that service? Cheers!
my homepage; eharmony special coupon code 2024
Hey there would you mind sharing which blog platform you’re using?
I’m planning to start my own blog soon but I’m having a hard time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs and I’m looking for something unique.
P.S Apologies for being off-topic but I had to ask!
Stop by my website nordvpn special coupon code 2024