Cyber Security has become one of the major issues in the country in recent days with the growth of internet users and with the number of hacks and data leaks. We have seen a lot of technological advancement in the country over time and this has resulted in revolutionized lifestyles. Along with a better lifestyle, these developments have even posed a threat to our security and theft of identity. In this article, we will be discussing the term Cyber Security, its importance and the situation of data security in Nepal. We will also discuss the recent activities that have been done to breach the security of big institutions in Nepal as well.
In recent days, we have seen a lot of issues regarding the data breach. An anonymous guy named SATAN has been finding out the loopholes in popular websites and sharing it on his twitter handle @satan_cyber_god. We can see how fragile is our data and the whole landscape for security requirement is going to change with the activity. We have covered every detail following the story of the guy in the article below.
Cyber Security and its importance
Looking at the definition of cybersecurity, it is the assurance of internet-connected systems that includes hardware, software, and data from cyber-threats. The practice is followed by every person and business to protect them against unlawful access to data centers and other computerized systems.
The goal of realizing and enforcing cybersecurity is to implement a good security position for computers, servers, networks, mobile devices and the data stored on these devices from intruders with ill-disposed purposes. Cyber-attacks can be devised to access, destroy, or extract an organization’s or user’s delicate data. Medical, Governmental, Corporate and financial organizations, may all hold vital personal information on an individual and these data are very delicate and should be kept secured.
Data Security threat in Nepal
In recent days there has been a lot of news coming out regarding the data breaches. Those data breaches are from the renowned companies of Nepal. The hacker named SATAN is seen warning many Nepali enterprises about the security of their data. Recently, he even exposed the data of popular ISP – Vianet Communications and it has increased the risk of exposure of the identity of their users to the public.
Earlier, the data of online food delivering company Foodmandu was also leaked and the data of almost 50K customers were exposed. Altogether 170K personal data of Vianet communications and 50K personal data of Foodmandu were exposed. These data leaked from those companies were publicly shared and this leads to data into the hands of many people. As we know, data is very important for people with bad intentions which can be easily used to harm those with exposed data. We have seen some activities like Viber hack attempt among others which seems to be troubling people.
We heard that some of the individuals are describing receiving SMS with a confirmation link in their phone, getting calls from international numbers and opening a QR scanner suddenly. This unusual behavior in some Viber account certainly leads to the hack attempt as Viber only sends verification code and links when someone tries to activate the Viber in a new device.
SATAN recent threats
The guy named as SATAN with username @satan_cyber_god is seen very active in twitter in recent days. We can see him warning many companies about their poor security and the possibility of the data breach. He seems to be a guy with a good motive and warning those companies rather than exposing the data of the users. Recently he warned about the possible threat of data breach of Kantipur Daily, Daraz.com, Mercantile. He even tweeted that he got data of every .np domains registered.
Following the tweets, he also posted about the loopholes of different government website and we found warning them. Here is the list of those companies and their websites that are under threat according to the satan hacker.
- Kantipur Daily
- Daraz
- Mercantile
- National Nepal Library
- Agricultural Department
- National Museum
- Nepal Electricity Authority
- Prabhu Money Transfer
- Nepali Congress
We also found out that he has been sharing the username and password of some of the websites of these institutions. We can see the pinned post of the hacker in which he has warned about the data leak of Nepal Electricity Authority. NEA is one of the biggest companies in Nepal with loads of data with them. Almost every household information is stored in NEA and exposure to this data can lead to a serious accident. We can also see #justicefornirmala in the same tweet and this is a good sign that he doesn’t want to breach the data.
Reason for insecurity
Reason for insecurityFollowing the story, we can easily say that the guy is reminding how poor our IT sector is. The guy is actually a need of time. He is trying to prove how fragile and delicate is our IT security infrastructure. This was surely coming and now it is exposed to every one of us. Some of the reasons for this fragility are:
- Decade-old IT systems,
- programmers trying to copy code from open sources, websites using unsecured freeware
- companies/owners not willing to invest in well-equipped security systems/services.
- Lack of preparedness/awareness in the companies/high-level executives for data security.
- No defined liability to the data holding companies (service providers)
- Unclear regulations and entities to be responsible for data security, protection.
Why the threat appears now?
The answer to the question of why this threat or discussion appears now is quite simple. It’s because more and more systems are going online, digital transactions becoming the next normal and even government starting to deliver services through digital means.
As the digital transaction, delivery is way better than the traditional ones, digital adoption will only increase further. With this COVID-19 threat, many (who were preferring traditional means) are also forced to adopt the digital system as they have no other options now. This increased usage has made the goods and the bads in the cyber expertise to put their endeavor to challenge the weak infrastructure in both negative and positive ways.
The way ahead
The recent developments in the threats have provoked widespread discussion of the data security topic. We believe this will lead us to the advancement of the security system and building trust among people for the digital systems. There is no going back for the digital adoption in the people. But if the collected data from the service providers are in potential threat, people will obviously go for the traditional way due to the trust issue.
Similarly, the legal framework to guide the data security issue also needs to be quite clear in making the stakeholders liable for such breaches. The regulation can also enforce the technical strengthening of the IT infrastructure, with multiple layered security and regular drills, tests to identify loopholes.
Here we summarize the way ahead solution for more secured cyberspace in Nepal as:
- Clear cut & stringent legal framework and regulations for data protection. (like GDPR compliance in Europe).
- Technical guidelines from the authorities in securing the data (New secured technologies in hardware, software, limitations in using, storing data for an indefinite period). They should also encourage the companies for the required investment and perform audit/drill on a regular basis.
- Preparedness and capacity building campaigns from the stakeholders.
- Awareness in customer itself to prefer secured digital services over unsecured ones. They can also initiate a boycott of the ones who do not protect their data well enough. Learn about boycotting esewa story here.
Yes, we need strict policies against data theft and the government should take data security seriously. Not pointing a single entity but all of the stakeholders should take strict measures to secure the data of individuals and prevent them from breaches.
If you have any opinion regarding the data security here in Nepal, and also about the hacker Satan, you can comment below.
