Day: November 16, 2023

Shortly after a massive fire under the Interstate 10 freeway in downtown Los Angeles last weekend closed a 1-mile stretch normally traversed by 300,000 vehicles daily, California’s fire marshal announced that it was being investigated as possible arson.

Some locals have been eager to blame the homeless encampments that are common under California’s freeway overpasses, despite LA mayor Karen Bass saying this week that “there is no reason to assume that the reason this fire happened was because there were unhoused individuals nearby.”

Now there’s evidence that excess pandemic hand sanitizer may have contributed to the blaze. The Los Angeles Times reported this week that unnamed sources said that hand sanitizer, which is highly flammable, stored under the freeway may have worsened the I-10 destruction. The owner of a company subleasing storage space under the overpass tells WIRED he was storing half a pallet of hand sanitizer that had been left unsold after pandemic restrictions lifted.

If hand sanitizer is confirmed to have contributed to the I-10 disaster, it could be added to a growing list of tragic fires fueled by surplus sanitizer from the pandemic.

California authorities have so far released little information about the cause of the fire, citing the ongoing investigation. They have said that the space under the freeway was leased out by California’s transportation department to an entity that Governor Gavin Newsom called a “bad actor,” and who allowed many items to be stored under the overpass.

An attorney for Calabasas-based Apex Development sent out a news release Wednesday night objecting to being called a “bad actor.” In September, the state had filed a lawsuit alleging that Apex had stopped paying rent for the past year while subleasing the property out to at least five other businesses. Google Street View imagery of the stretch that burned shows plenty of boxes and wooden pallets under the freeway, leaving little room for any large encampments.

Apex Development’s CEO Anthony Nowaid has not yet returned messages from WIRED. The news release that Apex Development’s attorney sent out Wednesday night blames the fire on “public safety issues caused by the unhoused.”

Rudy Serafin, who owns one of the businesses that had been subleasing the space, tells WIRED that he did not notice any homeless people near the site the day before the fire, other than some cars parked along one street that he assumed belonged to people living in them. Serafin said he was using his lot to store the hand sanitizer he had been unable to sell after demand for it during the pandemic dropped. He estimates that he had between 100 and 125 bottles under the overpass.

The list of data is long. Names, professions, blood groups, parents’ names, phone numbers, the length of calls, vehicle registrations, passport details, fingerprint photos. But this isn’t a typical database leak, the kind that happens all the time—these categories of information are all linked to a database held by an intelligence agency.

For months, the National Telecommunication Monitoring Center (NTMC), an intelligence body in Bangladesh that’s involved in collecting people’s cell phone and internet activity, has published people’s personal information through an unsecured database linked to its systems. And this past week, anonymous hackers attacked the exposed database, wiping details from the system and claiming to have stolen the trove of information.

WIRED has verified a sample of real-world names, phone numbers, email addresses, locations, and exam results included in the data. However, the exact nature and purpose of the amassed information is unclear, with some entries appearing to be test information, incorrect, or partial records. The NTMC and other officials in Bangladesh have not responded to requests for comment.

The disclosure, which appears to have been unintentional, provides a tiny glimpse into the highly secretive world of signals intelligence and how communications may be intercepted. “I wouldn’t be expecting this to happen for any intelligence service, even if it’s not really something that sensitive,” says Viktor Markopoulos, a security researcher for CloudDefense.AI who discovered the unsecured database. “Even if many data are test data, they still reveal the structure that they’re using, or what exactly it is that they are intercepting or plan to intercept.”

After Markopoulos discovered the exposed database, he linked it back to the NTMC and login pages for a Bangladeshi national intelligence platform. Markopoulos believes the database was likely exposed due to a misconfiguration. Within the database, there are more than 120 indexes of data, with different logs stored in each. The indexes include names such as “sat-phone,” “sms,” “birth registration,” “pids_prisoners_list_search,” “driving_licence_temp,” and “Twitter.” Some of those files contain a handful of entries each, while others contain tens of thousands.

The vast majority of the data exposed in the NTMC database is metadata—the extremely powerful “who, what, how, and when” of everyone’s communications. Phone call audio isn’t exposed, but metadata shows which numbers may have called others and how long each call lasted. This kind of metadata can be used broadly to show patterns in people’s behavior and whom they interact with.