NBR strengthens ASYCUDA World System security

FE Report | Published: November 19, 2024 23:34:18

The National Board of Revenue (NBR) has strengthened the security of the Automated System for Customs Data (ASYCUDA) World System in the wake of a password theft in May this year.
To enhance the system's overall security and prevent misuse, the NBR has implemented several measures.
At the first level of security involving password authentication, officials granted a user ID must use their confidential password to log into the ASYCUDA World System.
The two-factor authentication is the next step involving the assistance of a robust middleware. This step is mandatory. After entering the password, a one-time password (OTP) is automatically sent to the user's verified mobile number, which must be entered to access the system.
The third level of security is IP address device binding, where the system registers the IP details of the authorised user's desktop or laptop. This prevents access from unauthorised devices, such as other computers or mobile phones.
To further strengthen these measures and prevent misuse, the NBR has also implemented password management, code signing certificate, etc. Besides, using social media on computers used for the ASYCUDA World System is prohibited.
Furthermore, the Bangladesh Computer Council is conducting vulnerability assessment and penetration testing (VAPT). The NBR is committed to swiftly implementing the council's recommendations.
The ASYCUDA World System, developed by the United Nations Conference on Trade and Development (UNCTAD), is a trusted and secure platform that has been used by Bangladesh Customs and nearly 100 other countries since 1993.
Meanwhile, the NBR has taken steps to identify the real culprits behind the password theft and their collaborators.
In a press statement, it said it had formed two committees, one led by the Customs Intelligence and Investigation Directorate's director general and another by a member of the NBR, to investigate the incident.
Additionally, Bangladesh Police's cyber crime unit is providing necessary support for the investigation.
On May 20, a group of fraudsters exploited the ASYCUDA World System ID of an official at the Custom House, Chattogram to submit a bill of entry and release a container of cigarettes without the official's knowledge.
Initial investigations revealed that the perpetrators did not hack the system but stole the official's ID and password from the computer in his/her absence to carry out the illicit release of the goods.
In addition to revenue collection, the NBR is dedicated to ensuring the secure use of all automated systems and enhancing cyber security, the press statement said.
It also said any group involved in embezzling state resources or committing cybercrimes would be identified and held accountable with the support of stakeholders and other government agencies.
The NBR believes the steps already taken will make the ASYCUDA World System more secure and resilient.
doulotakter11@gmail.com