Bangladesh is using sophisticated Israeli malware to spy on its citizens, a new documentary by the Al Jazeera Investigative Unit revealed on Monday.
Classified documents shown in the documentary reveal that Bangladesh secretly bought powerful surveillance equipment from an Israeli cyberwarfare firm.
Israeli espionage experts then secretly trained Bangladeshi intelligence officers.
Bangladesh has no diplomatic relations with Israel and no formal trade relations. Bangladeshi passports even state that they are “valid for all countries of the world except Israel.”
The documentary, titled All the Prime Minister’s Men, exposes the close ties between a Bangladeshi organized crime family, the Ahmed brothers, and the country’s prime minister, Sheikh Hasina.
The undercover Al Jazeera reporter “Sami” – who is not fully identified for safety reasons – was negotiating a business relationship with Haris Ahmed, one of the brothers, when he found out that Haris is a fugitive convicted murderer.
Sami attempted to sever ties with the family, but received threatening emails from Aziz Ahmed, the chief of staff of the Bangladeshi army, who is also Haris’ brother.
In collaboration with the Al Jazeera Investigative Unit, Sami became an undercover reporter who continued to pose as a close associate of Haris.
In this role, Sami uncovered details about how Haris maintained investment portfolios in Europe under a false identity, while working closely with the Bangladeshi government and the army headed by his brother.
Experts interviewed in the documentary say the pattern of transactions engaged in by Haris are characteristic of money laundering schemes.
Al Jazeera obtained classified documents exposing how Aziz Ahmed’s armed forces gathered information on Sheikh Hasina’s political opponents.
The documents include a contract in which Bangladesh secretly buys surveillance equipment from Israeli cyberwarfare company Picsix.
Picsix was founded by former Israeli intelligence experts, according to its website.
It is well-established that Israel’s tech industry has deep ties to and recruits directly from the country’s military and intelligence apparatus.
Equipment manufactured by Picsix “behaves like a cell tower,” Eliot Bendinelli of the technology watchdog Privacy International says in the documentary. “All the phones in a certain area are going to connect to it.”
Instead of breaking into encrypted programs, it glitches them to render them useless and drive users to use non-encrypted programs that can be easily intercepted.
Ithai Kenan, the vice president of Picsix, explains it as follows.
“We won’t just block WhatsApp entirely. Instead, we’ll let you make a WhatsApp call, and 10 seconds in, we’ll drop it. Maybe we’ll let you make another call, and in 20 seconds we’ll drop it,” he told MIT Technology Review, explaining how the tool creates a fake cell tower to intercept data.
“After your third failed call, trust me – you’ll make a regular call, and we will intercept it. It’s a smart and cost-effective way to go about interception.”
This is especially dangerous, since it cannot be as easily prevented through security updates.
The surveillance technology can connect to hundreds of phones at once, and intercept voice calls, texts messages and websites visited, among other information.
The product bought by Bangladesh is called P6 Intercept, according to the contract.
Bendinelli says that “this specific model is capable of interfering with communications.”
This means that those doing the spying can not only monitor targeted devices, but can also interfere with their content – for example, editing a text message or impersonating a user.
“Israeli technology can now be used to monitor and quell further protests” in Bangladesh, Al Jazeera states.
“It is a tool of mass surveillance,” Bendinelli adds.
The contract is dated 26 June 2018, one day after Aziz Ahmed was sworn in as the chief of staff of the Bangladeshi army. It also includes a condition that the Israeli company and the Bangladeshi military sign a nondisclosure agreement.
The country of origin is falsified in the contract – stating that the spyware was manufactured in Hungary rather than Israel.
Sami revealed another layer of the transaction.
He said he was contacted in February 2019 – a few months after the contract was signed – by a friend from the Bangladesh military’s Directorate General of Forces Intelligence.
Sami was told that four military intelligence officers were traveling to Budapest, so he invited them for dinner.
The officers said they were bringing three guests, two Israeli intelligence experts and an Irish national.
The Israelis never showed up. Only James Moloney, the Irish CEO of the Singapore-based company Sovereign Systems, accompanied the Bangladeshi intelligence personnel.
Moloney and the Bangladeshi intelligence officers were discussing the transaction for the spyware, in which Moloney acted as middleman.
“My company is based in Singapore. So I am the selling agent,” Moloney is heard saying in a recording provided by Sami.
Despite Sovereign Systems acting as a facilitator, its website does not mention Picsix.
“It’s from Israel, so we don’t advertise that technology,” Moloney says during the meeting recorded by the undercover journalist.
“We are very careful about our public profile.”
There is good reason for his caution. Moloney understands the frightening power of the surveillance tool.
“The technology is very aggressive and intrusive,” Moloney says of the Israeli spyware at the dinner hosted by Sami.
“You don’t want the public to know that you are using that equipment.”
The two Israelis trained the four Bangladeshi intelligence officers in a warehouse near Budapest in 2019.
Al Jazeera obtained a picture of the Bangladeshi intelligence officers with Moloney and the two Israeli intelligence experts. It was not able to identify the Israelis.