The black hatter: SATAN
KATHMANDU: Cyber extortionist the anonymous SATAN has over time garnered polarising responses from IT professionals and commoners alike. At times he has been seen as a hero exposing Nepal’s vulnerability to cyber threats, while more often than not has come off as a notorious villain compromising thousands of sensitive data.
As per ICT Frame, a cyberspace-oriented magazine, which has been discretely reporting on cyber crimes and cyber security, via his/her twitter handle on April 13, the hacker informed Daraz of its site’s vulnerability to XSS. As per Chiranjibi Adhikari, immediate Past President at Centre for Cyber Security Research and Innovation, and Editor of ICT Frame, XSS refers to cross-site scripting vulnerabilities allowing an attacker to masquerade to carry out any action that the user is able to perform, and to access any of the user’s data. Likewise, on the same date, the hacker even tweeted threatening Kantipur daily to “properly set” its Firebase JSON file’s permission stressing that, if they didn’t fix it, SATAN would.
Regardless of his/her so-called heroic acts in bringing the importance of cyber space security to public consciousness, professionals in the IT field do not agree with the hacker’s methods. “Whatever people say, the path s/he’s following is definitely wrong and illegal. S/He should inform the website developers about the bugs and not post these things on social media,” opines Adhikari.
IT professionals like him also suggest Nepali websites introduce bug bounty, an initiative that rewards individuals for discovering and reporting software bugs.
A version of this article appears in e-paper on May 25, 2020, of The Himalayan Times.