Cyber Attacks and Government websites vulnerability
On January 28 2023, a major hacking attack struck numerous government websites in Nepal. The attackers appear to have focused on the Government Integrated Data Centre (GIDC), the country’s sole central data bank, with a Distributed-Denial of Service (DDoS) attack, which may have originated from overseas. This resulted in the shutdown of most government ministry websites, including the Department of Immigration and Passports database.
The attack began at noon on a Saturday and lasted for around four hours. Government offices, such as the Department of Transport’s licensing department or the passport issuance office, were unaffected due to the holiday. However, the greatest impact was seen at the airport, where chaotic lines formed at immigration desks for both arrivals and departures. The servers were restored only after technicians at the GIDC made its mainframe inaccessible from abroad.
The National Information Technology Centre (NITC), responsible for protecting the ‘.gov.np’ domain, reported that the hackers had no intention of stealing information or installing malware, but simply aimed to disrupt website accessibility.
This incident highlights the vulnerability of Nepal’s government websites and the need for improved cybersecurity measures. The NITC has suffered from similar attacks in the past, along with frequent server crashes, internet disruptions, email problems, and slow website loading times. The reporting mechanism for service providers is inefficient, and the NITC system is not effectively managed, leading to further issues. The NITC’s data center is not in line with international security standards and lacks proper data security measures.
Digital Rights Nepal (DRN) is calling on the government to prioritize cybersecurity in the wake of the recent hacking attack on various government websites in the country. DRN is concerned about the security of citizens’ personal information, financial data, and critical government documents stored on these websites and the potential harm that can result from data breaches and unauthorized access. It also urges the government to comply with international security standards and implement proper data security measures to prevent future malicious attacks and protect citizens’ information.
|
|
|
NTA Prioritizes Cyber Security
The Nepal Telecommunication Authority (NTA) is establishing a cyber simulation laboratory to safeguard the telecommunication industry against cyber-attacks. The Authority has announced a public call for proposals from relevant companies. The aim of the lab is to swiftly detect and respond to security threats and vulnerabilities in the system. It will also simulate important components of the infrastructure, including computer servers and telecommunication applications such as OSS, BSS, VoIP, Software Call Manager, and Skill Gateway.
NRB Brings New Regulations for Digital Transactions
The Nepal Rastra Bank, the central bank of Nepal, has recently released new regulations for financial transactions in the country. These regulations put limits on various types of transactions, including digital payments.
The new directives state that the limit for mobile banking transactions is set at 5,000 rupees at a time, 10,000 rupees per week, and 50,000 rupees per month. The upper limit for single transfers from one bank to another through Internet banking is 100,000 rupees, with a monthly limit of 1 million rupees. The daily limit for Internet banking transactions is 100,000 rupees, while the monthly limit is set at 500,000 rupees. In addition, one can load up to 5,000 rupees at a time, with a daily limit of 15,000 rupees and a monthly limit of 25,000 rupees through agents or sub-agents into e-wallets/mobile wallets.
However, payments for taxes, revenue, fines, registration fees, and government agency service charges are allowed in accordance with the billed amount, and there is no limit for transfers from wallets to bank accounts.
Nepalgunj Sub-metro Establishes ‘Free Wi-Fi Zone’
Nepalgunj Sub-metropolitan has established seven areas as “free Wi-Fi zones” in partnership with WorldLink Communications, an internet service provider. Mayor Prashant Bista launched the service on January 31, 2023 with the aim of providing free internet access to the public at key intersections in the city. Despite the benefits of offering free Wi-Fi, it also increases the risk of data breaches. Digital Rights Nepal urges the sub-metropolitan and WorldLink Communications to put proper measures in place to ensure cyber security.
Government Withdrew Decision to Classify Information as Confidential
The government had designated 87 types of information as confidential under the Right to Information Act. As per the government’s decision, materials related to radio, communication, frequency, code keys, passwords, etc. used by security agencies will be kept confidential while they are in use. Similarly, software, programming language, host, source code, control panel network diagram, information related to information technology protection, server, network log, and system software will be kept confidential for 20 years to ensure the security and stability of the electronic system.
However, after criticism from the civil society and other stakeholders, the government withdrew the decision and said that a new classification process will start in consultation with stakeholders.
US shown Interest to Strength Cyber Security in Nepal
The US is offering additional support for Nepal’s economic and cyber security, according to Victoria Nuland, the Deputy Secretary of State for Political Affairs. During her visit to Nepal, Nuland announced that the US government is planning to invest $1 billion in the country over the next five years, as part of its long-standing friendly relationship with Nepal. Nuland expressed her willingness to help with Nepal’s cyber security, highlighting the recent cyberattacks on government websites and the US’s potential to provide technical assistance.
Act of Damaging Telecom Infrastructure is Punishable: NTA
The Nepal Telecommunication Authority (NTA), the regulator of the telecommunications sector, has issued a notice reminding that damaging telecom infrastructure is punishable. It has clarified that some organizations are imposing taxes on telecom services, hindering their operations, and causing damage to the infrastructure. NTA warned that any actions contrary to Schedule 5 of the Constitution and Section 47 of the Telecom Act 2053 will be punished and urged all parties to not engage in any activities that violate these regulations.
|
|
Internet Shutdown: Process, Impact and Resistance
The discourse on Internet freedom and digital rights is a new phenomenon in Nepal. It is important to develop and bring resources, knowledge and issues in the public domain to support the process of public discourse. To support this process, Digital Rights Nepal, in collaboration with the Engage Media, has developed a blog on Internet Shutdowns. This blog discusses not only the technical aspects of the Internet shutdowns but also its impact on civil rights and way forward for the civil society organizations.
To read the blog: Digital Rights Nepal
|
|
|
|
Digital Rights Weekly is a week-based update on Digital Rights and ICT issues, that happened throughout the week, compiled and analyzed from the digital rights perspective by Digital Rights Nepal (DRN). DRN is a not-for-profit initiative dedicated to the protection and promotion of digital rights, including the right to online freedom of expression and association, online privacy, access to information, and related issues such as internet governance, cyber laws/policies, and cyber securities in Nepal.
|
|
|
|
