Risk looms as Biman yet to reclaim hacked email server

The email server of Biman Bangladesh Airlines is at high risk of data loss with the national flag carrier yet to recover it several days after hackers attacked it with ransomware.

Ransomware in the server has created an opportunity for hacker intrusion and consequently theft of confidential information, and documents on irregularities of employees and money by placing fraudulent orders, officials have said.

The hackers took control of the server on March 17, and considering the severity of the situation, the Biman authorities called an emergency meeting late on Sunday with all directors, and the meeting ended without any decisions or solutions.

However, Biman did not inform the Civil Aviation Ministry and neither did it seek help from the Digital Security Agency.

On Tuesday, a team from the agency under the ICT Division visited the Biman headquarters and gave some guidelines to the airline’s data server protection team on how to recover the server.   

Who is to blame?

According to a notice sent by Biman on Thursday, six days after the incident, some of its computers and server were infected by malware on March 18, and the suspected server was immediately isolated and the email service stopped.

Email IDs related to aircraft operational activities were enabled through Microsoft cloud services.

Some employees of Biman said there were still flaws in the mail server and that the data server was disconnected as well.

Biman officials said they fear a loss of data and a possible leak if it is not immediately recovered.

However, cyber security experts said usually in any hacking incident, third parties or hacker groups disclose their identity and claim the credit.

Ransomware is a special kind of malware that can take control of a computer or server. The culprit typically demands a huge sum of money to return control and sets a deadline for the amount to be paid.

However, in this type of hacking, insider involvement cannot be ruled out, according to the experts.

They suggested an investigation by a cyber-security team to find out what kind of malware the Biman server is infected by.

Digital Security Agency officials said the government declared 29 organizations, including Biman, “critical information infrastructure” under the Digital Security Act in October 2022.

The government took the initiative for the safety of sensitive data under which any illegal access to computers, digital devices or networks is a punishable offence.

Such an offence will be punished with imprisonment for a maximum of seven years or a fine not exceeding Tk25 lakh, or both.

Accessing the systems illegally with the intent of harming them will result in a prison term of a maximum of 14 years or a fine not exceeding Tk1 crore, or both. 

Second or further attempts will lead to life imprisonment or a fine not exceeding Tk5 crore, or both.

The Digital Security Agency also provided necessary guidelines to the organizations to ensure security.

Apparently, the Biman authorities have completely failed to follow them, said Digital Security Agency officials.

Contacted, Digital Security Agency Director (Operation) Deputy Secretary Mohammed Aminul Ahesan told Dhaka Tribune: “A team is working but has yet to develop or figure out its reasons.”

But he hoped that data would be possible to recover.

State Minister for Civil Aviation Mahbub Ali on Wednesday told Dhaka Tribune: “It is not a good sign at all. A probe body will carry out investigations to find behind its scammer.”