Documents obtained by Al Jazeera’s Investigative Unit (I-Unit) and Israeli newspaper Haaretz reveal how the Bangladesh government spent at least $330,000 on phone-hacking equipment made by an Israeli company, even though the two countries do not have diplomatic relations.
Developed by the Cellebrite security firm, UFED is a product that is capable of accessing and extracting data from a wide range of mobile phones. Its ability to hack encrypted phone data has worried civil rights campaigners, who have long called for its use to be more strictly regulated.
Bangladesh does not recognise the state of Israel, forbids trade with it and prevents its citizens from travelling there. The Muslim-majority country officially stands in solidarity with the Palestinians on the basis they are denied civil rights and live under Israeli military occupation.
It is unclear whether UFED was provided to Bangladesh directly by the Israeli company or via a Cellebrite subsidiary based elsewhere in the world, presumably with the intention to mask its origins.
In February, Al Jazeera revealed how the Bangladesh military in 2018 signed a contract to acquire mobile phone interception equipment from Israeli firm Picsix Ltd. In February 2019, Bangladeshi officers received training by Israeli intelligence experts in the Hungarian capital, Budapest.
The Ministry of Defence in Bangladesh said the equipment, a passive mobile phone monitoring system called P6 Intercept, was made in Hungary and was purchased for use on United Nations missions – a claim that was rejected by the world body.
The contract listed the manufacturer of P6 Intercept as Picsix Ltd Hungary, yet no public record of such a company exists and all Picsix equipment is made in Israel.
Training in Singapore
The latest documents obtained by I-Unit, which Al Jazeera also found on the Bangladesh home ministry’s own website, relate to contracts signed in 2018 and 2019. They are from the Public Security Division, a department in the Ministry of Home Affairs that is in charge of domestic security and whose agencies include the Bangladesh police force and border guards.
The paperwork details how nine officers from the country’s Criminal Investigations Department were given the approval to travel to Singapore in February 2019 to receive training on UFED to allow them to unlock and extract data from mobile phones. It outlines how the Bangladeshi staff would ultimately qualify as Cellebrite Certified Operators and Cellebrite Certified Physical Analysts.
The documents also say the Rapid Action Battalion (RAB), a paramilitary force that has a well-documented record of abductions, torture and disappearances, would be trained on the usage of Cellebrite’s hacking systems under an ongoing project that began in 2019 and is set to be completed in June 2021.
The Bangladesh government appears to be investing heavily in electronic surveillance systems and the leaked documents also outline the use of a wide range of devices – from WiFi interceptors and surveillance drones to IMSI-catchers, a tool that emulates cell towers to trick cellular devices into revealing their locations and data.
The latest revelation that Bangladesh security services are being equipped with highly intrusive devices capable of accessing encrypted phones that contain private messages comes amid growing concerns over the country’s human rights record.
Bangladesh has faced international criticism over its 2018 Digital Security Act (DSA), which gives security forces broad powers to arrest and detain journalists and political activists who are critical of the state online.
Last week, ambassadors from 13 countries called for an urgent inquiry into the death of Mushtaq Ahmed, a writer who died on February 25 after being held for nine months without charge under the DSA for criticising, on Facebook, the government’s response to the coronavirus pandemic.
