The Rapid Action Battalion (RAB) has detained two hackers for allegedly hacking the Facebook accounts of showbiz celebrities and extorting money from them.
The two detained people – Mir Masud Rana, 35, and Sourav, 19 – belong to a gang named "Team Sylhet." A RAB team detained the duo from the capital's Mohakhali Bus Terminal on Saturday.
They had arrived in Dhaka from Sylhet on a bus the same day.
At a press conference, RAB officials said that each member of this gang collects around Tk1-1.5 lakh per month by extorting the victims.
RAB also confiscated four mobile phones, a laptop and 20 SIM cards from the detained duo. Law enforcers found Facebook account screenshots of various film artists, and an app for creating fake national identity cards (NID) in the laptop.
The group has already hacked the Facebook accounts of showbiz stars Misha Sawdagar, Zayed Khan, Riaz, Shahnoor, Aanchal, Resi, Keya, Mahi and Bipasha.
Mohiuddin Farooque, company commander of RAB 2, told The Business Standard, "Based on initial interrogation of the detainees, we learnt that the Team Sylhet hacking group has at least 20 active members."
"They usually target the Facebook accounts of famous celebrities'. They also hack IDs of regular Facebook users. They then extort between Tk50,000 to Tk1 lakh from the victim by promising to restore their accounts."
How the hacker group operates
RAB say that a person named Nasir is the mastermind of the hacking group. He is a cyber-criminal from the United States who was arrested a few days ago in that country for cybercrime.
Nasir recruited people into his hacking group through social media platforms, including Facebook. Nasir trained his recruits on the basics of hacking Facebook IDs through video tutorials, which he made.
Nasir co-ordinated all the processes, including the safe transaction of money and the return of hacked IDs to their original owners.
He has developed a cybercrime racket in Bangladesh. Some members of his group are Mir Masud Rana, Sourav, Bablu Rahman, Atiq, Zeena Raihan, Afraz Mim Asha, Saraka Mazumder, Cynthia, Tanvi, Sumaiya and Ruby, said RAB sources.
The RAB said that these suspected hackers send multiple reports to Facebook, claiming that their targets' account have been comprised. Most of their target accounts had a weak password or a lack of a two-step verification process.
When Facebook demands a verification document for identification of the account holder, the hackers submit a fake national identity card of the original owner. After this verification process, Facebook allows the hackers to take control of the target account.
By this stage, the owner gets locked out of his or her own account.
The hacker group then contacts the targeted Facebook account owner and demands extortion money for returning the ID. They also threaten the victims with leaking personal data and posting questionable content on their Facebook wall, if they do not pay.