Nepal | July 15, 2020

Nepal-India cyber war might get uglier

No backing off

Shaurya Kshatri
Share Now:

Kathmandu, May 25

On May 24, a hacker took down the website of Civil Aviation Authority of Nepal (CAAN) and placed an Indian flag along with a message on its home page.

The hacker’s message read, “Just because we are silent and we don’t react doesn’t mean didn’t notice.”

This is one of the few instances of the recent Nepal-India cyber war. This past month has witnessed a barrage of cyber-attacks between unidentified hacker groups of Nepal and India. The back-and-forth digital skirmishing has been called a cyber warfare supposedly orchestrated by cyber extortionists of the two sovereign nations after Nepal released a new political and administrative map incorporating Limpiyadhura, Lipulekh and Kalapani. It all began when an Indian hacking group called ‘Indian Cyber Troops’ defaced the dprobanke website, a government website run by the Botanical Research Centre in Banke with the message: ‘Don’t mess with Indians!’

In retaliation hacker groups of Nepal were quick to make their moves where a hacker called ‘SATAN’ divulged fabric’s API Key of ABP News. Then an anonymous Nepal-based hacker by the alias Omsec5 claimed to have hacked HDFC Bank’s data while also leaking over 2,000 Aadhar card details of Indian nationals. Thankfully, though, as per ICT Frame, a cyberspace-oriented magazine, which has been reporting on cyber crimes and cyber security in Nepal, the Indian Cyber Troops, via their social media handle did try to bury the hatchet. The group’s Facebook post dated May 22: “We’ve talked to Nepali hackers and now we are going to stop attacks. We are brothers. Establish peace,” ending with #JaiHind and #Jai_Nepal.

However, things took a different turn after SATAN posted this: “We were gonna stop but some kids again started to deface our sites! We can’t just sit back and watch. This is just a demo! #BackOffIndia.”

SATAN’s retort has clearly exacerbated the situation. The Indian Cyber Troops has clearly taken offence at Nepal’s unwillingness to put an end to this warfare further threatening a possible all-out war from many hacking groups based in India. “This will lead to huge loss,” reads the Troops’ post from May 23.

While the damage from incoming cyber attacks can be considerable, so far the assaults perpetrated by the hackers of two nations haven’t yet focussed on attacking systems directly. Recently, Nepal National Library’s  (NNL) website was hacked and defaced by a hacker with alias Shamaroosh. As per Upendra Prasad Mainali, Chief at NNL, the hacker though could only find a way into the website and not the whole system.

SATAN’s attack on ABP News has been exposed by one Ravi Mandal, a Cloud Engineer at Xamariners, as being nothing quite harmful. “API Key is identification of a client and not a secret. It is like sharing mobile number with someone else so they can contact you. So sharing API keys is not hacking,” claims Mandal.


A country ill prepared

But contrary to these claims, Chiranjibi Adhikari, immediate Past President at Centre for Cyber Security Research and Innovation, and Editor of ICT Frame says it’s foolish to assume such acts of cyber crime as non-threatening. “Yes, perhaps the system wasn’t hacked, but privacy is being attacked and cyber space failure is apparent,” he purports. In Nepal data breaches aren’t uncommon but what is lacking is the proper mechanism to respond to such breaches in security. “When thousands of customer data is compromised, the company responsible to protect customer data should be held accountable. But Nepal’s Cyber Law is silent on this matter,” he says.

As per Microsoft’s Malware Infection Index 2016, Nepal was the fourth most malware infection-prone nation. Adhikari fears the country’s position might worsen as many Nepalis adjust to working from home. It’s during crisis that cyber security is mostly compromised, and given the pandemic, advocates of cyber security are certain that cyber assaults will be more lethal and frequent as unethical hackers, the black hatters will be looking to strike when the iron’s hot.

During the 2015 earthquake, Nepal had seen a surge in cyber attacks mostly email scams requesting donations for fraudulent charitable organisations with attachments directing users to malware infected websites. Back then, it was the US-CERT that had made the Nepali government aware of such activities. In the wake of the pandemic too, such scams have started circulating and with Nepal-India cyber warfare, cyber assaults are expected to rise.

After the assault on CAAN’s website, Adhikari is now concerned about a possible attack on the nation’s healthcare system. Cyber-criminals can exploit software vulnerabilities to steal patients’ data or infect the network with malware. To try and mitigate the damage of the warfare, Information Security Response Team Nepal will be in the next couple of days hosting a dialogue with cyber security professionals in India to try and talk the hackers out of the unethical and damaging cyber war. The Nepali security response team has often tried to get in contact with cyber groups like SATAN but to no avail.


A version of this article appears in e-paper on May 25, 2020, of The Himalayan Times.


Follow The Himalayan Times on Twitter and Facebook

Recommended Stories:

More from The Himalayan Times:

Manchester United, Marcus Rashford, Premier League

United stay fifth after Saints grab last-gasp leveller

MANCHESTER: Manchester United's Champions League qualification hopes suffered a blow after an equaliser deep in stoppage time from Michael Obafemi earned Southampton a 2-2 draw in the Premier League at Old Trafford on Monday. United, unbeaten in 18 games in all competitions, were poised to m Read More...

Capital budget spending at two-decade low of 40 per cent

KATHMANDU, JULY 13 With just two days remaining for the 2019-20 fiscal year to end, capital budget expenditure throughout the year stands at one of the worst ever at 39.62 per cent. Officials at the Ministry of Finance said capital expenditure during the current fiscal year, which was primaril Read More...

Mayur company resumes bus service in Kathmandu

Kathmandu, July 13 Mayur Yatayat Company resumed its bus services from today in Kathmandu valley amid the COVID-19 pandemic. The decision of Mayur Yatayat has come as a relief to commuters at a time when other public transportation entrepreneurs were refusing to operate their services citing f Read More...

‘Press freedom should involve accountability’

Kathmandu, July 13 Minister of Communications and Information Technology Dr Yubaraj Khatiwada said the CIT Ministry ought to start digitisation first, by utilising the advancement of information technology. As the government has adopted a digital framework, we should become paperless in our activ Read More...

Absconding murder suspect held after 13 years

Kathmandu, July 13 Police have nabbed one of the two prime murder suspects of the much-hyped Sitapaila murder case that had happened 13 years ago. Two workers at a saw mill had allegedly killed its owner, his wife and inflicted serious injuries to their 15-year-old son on the night of 2 Januar Read More...

US debates school reopening, WHO warns 'no return to normal'

MIAMI: The resurgence of the coronavirus in the United States ignited fierce debate Monday about whether to reopen schools, as global health officials warned that the pandemic will intensify unless more countries adopt comprehensive plans to combat it. “If the basics aren’t followed, there is Read More...

landslide

COVID-19 control, disaster management top priorities

Kathmandu, July 13 Tokha Municipality in Kathmandu has set priorities for containment of COVID-19 crisis and disaster management in the budget for the upcoming fiscal year. The municipality that is located in the northern belt of Kathmandu unveiled a budget for Rs 1.58 billion for the fiscal y Read More...

US budget deficit hits all-time high of $864 billion in June

WASHINGTON: The federal government incurred the biggest monthly budget deficit in history in June as spending on programs to combat the coronavirus recession exploded while millions of job losses cut into tax revenues. The Treasury Department reported Monday that the deficit hit $864 billion last Read More...