Exclusive: Documents reveal that Bangladesh has purchased phone hacking devices from Israel.
Documents obtained by the Qatari Research Unit and the Israeli newspaper Haaretz show how the Bangladeshi government has spent at least $ 330,000 on hacking equipment made by an Israeli company, even though the two sides do not have diplomatic relations.
The UFED program is a product developed by the Israeli security company Silbright and has the ability to hack and extract information from a wide range of mobile phones. The software’s ability to hack encrypted telephone information has worried civil liberties activists, who have long called for severe restrictions on its use.
Bangladesh does not recognize the state of Israel, forbids trade with it, and prevents its citizens from traveling there. The Muslim-majority country officially stands in solidarity with the Palestinians on the basis they are denied civil rights and live under Israeli military occupation.
It is unclear whether UFED was provided to Bangladesh directly by the Israeli company or via a Cellebrite subsidiary based elsewhere in the world, presumably with the intention to mask its origins.
The Ministry of Defence in Bangladesh said the equipment, a passive mobile phone monitoring system called P6 Intercept, was made in Hungary and was purchased for use on United Nations missions – a claim that was rejected by the world body.
The contract listed the manufacturer of P6 Intercept as Picsix Ltd Hungary, yet no public record of such a company exists, and all Picsix equipment is made in Israel.
Training in Singapore
The latest documents obtained showed on the Bangladesh home ministry’s own website, related to contracts signed in 2018 and 2019. They are from the Public Security Division, a department in the Ministry of Home Affairs that is in charge of domestic security and whose agencies include the Bangladesh police force and border guards.
The paperwork details how nine officers from the country’s Criminal Investigations Department were given the approval to travel to Singapore in February 2019 to receive training on UFED to allow them to unlock and extract data from mobile phones. It outlines how the Bangladeshi staff would ultimately qualify as Cellebrite Certified Operators and Cellebrite Certified Physical Analysts.
The documents also say the Rapid Action Battalion, a paramilitary force that has a well-documented record of abductions, torture, and disappearances, would be trained on the usage of Cellebrite’s hacking systems under an ongoing project that began in 2019 and is set to be completed in June 2021.
The Bangladesh government appears to be investing heavily in electronic surveillance systems and the leaked documents also outline the use of a wide range of devices – from WiFi interceptors and surveillance drones to IMSI-catchers, a tool that emulates cell towers to trick cellular devices into revealing their locations and data.
The latest revelation that Bangladesh security services are being equipped with highly intrusive devices capable of accessing encrypted phones that contain private messages comes amid growing concerns over the country’s human rights record.
Bangladesh has faced international criticism over its 2018 Digital Security Act (DSA), which gives security forces broad powers to arrest and detain journalists and political activists who are critical of the state online.
Last week, ambassadors from 13 countries called for an urgent inquiry into the death of Mushtaq Ahmed, a writer who died on February 25 after being held for nine months without charge under the DSA for criticizing, on Facebook, the government’s response to the coronavirus pandemic.
Halting exports to Bangladesh
Eitay Mack, an Israeli human rights lawyer who has been fighting the export of Israeli defense technology that could be used for human rights violations – including in Hong Kong, where pro-democracy protesters in 2019 took to the streets for months – explained how intrusive the technologies that Bangladesh has bought from Israel really are.
“You’re able to take all information about the person’s life, about their relationships, medical records, name of friends and in the case of journalists the names of a source,” Mack told Al Jazeera.
“In the case of Hong Kong, the police used Cellebrite’s systems to access the phones of 4,000 protesters.”
Cellebrite eventually stopped its exports to Hong Kong after a public outcry and a court case brought by Mack. Now, he is doing the same with Bangladesh. On Monday, Mack filed a petition with the Israeli courts, asking them to retract the export licenses of Cellebrite and Picsix to Bangladesh.
“Even if a company like Cellebrite or Picsix has branches operating in Singapore, it’s still under Israeli law,” Mack told Al Jazeera. “As long as the company is owned by Israeli citizens they need an export license from the Ministry of Defence.”
Mack argued that Israel uses the exports of these tools to build relationships with countries with poor human rights records such as Bangladesh, South Sudan, and the United Arab Emirates.
“Exporting these tools is easier than, for example, selling Bangladesh Israeli rifles. These kinds of systems are less present and this is how Israel is able to create secret relationships with these countries,” Mack said.
“But it’s important to note that this is not a relationship between the Israeli people and the Bangladeshi people, or the Emirati people. It’s a relationship between the Israeli government and the local regime.
“This kind of relationship means that Israeli is helping local repression in many places around the world.”
Sources reached out to the Bangladesh Ministry of Home Affairs as well as Cellebrite. Neither provided any comments at the time of publication.