Nepali and Indian ‘hackers’ attack websites over ‘boundary dispute’Although, they claim to have made peace, recent spate of attacks on government websites expose their security vulnerability.
Nepal’s move to release a new political and administrative map incorporating Limpiyadhura, Lipulekh and Kalapani has led to an escalation of tensions on both sides of the border, not just among commentators and journalists, but also among the self-proclaimed ‘hacker’ community from both Nepal and India.
Shortly after Nepal released its new map on Wednesday by incorporating the territories, currently controlled by India, ‘hackers’ from both the countries engaged in a series of attacks on government websites, defacing them with threats.
On Thursday, Shamharoosh, a hacker from India claimed to have hacked into the website of the Nepal National Library. Although the website runs normally now, the homepage still says “hacked by shamharoosh”. According to Upendra Prasad Mainali, chief at the Nepal National Library, the website hosts an archive of Nepali history books, some of them nearly 300 years old.
“I got to know about the hack on Thursday from a staffer, and our technicians are working on it now,” said Mainali.
Mainali said that the hackers could only find a way into the website, not the whole system, as the system is much secure. “We immediately conducted a meeting and now our technicians are working to make the website more secure.”
A few days ago, the website of the government-run Botanical Research Center, Banke was hacked. On a Facebook page, the self-styled “Indian Cyber Troops” claimed responsibility for the attack.
The group said that it could’ve defaced the main site, but chose not to do so. They also hinted that the reason for the hack was the border dispute between India and Nepal, and warned Nepal to “fix its map immediately.”
Indian Cyber Troops, in a separate Facebook page, also claimed to hack four other Nepali government websites in a single day, and claimed to have access to the Ministry of Home Affairs.
Meanwhile, some ‘Nepali’ hackers have also targeted Indian websites. Twitter users Brahma and Satan claimed to have leaked the API key of ABP. Although the Twitter users haven’t mentioned their nationalities in their bio, many believe they are Nepali.
One of the hackers, in a tweet, also claimed to have hacked the website of University of Ladakh.
After a series of attacks on each other’s websites, the hackers of both countries are said to have talked with each other and made peace. However, the series of attacks have exposed the security vulnerability of Nepali websites.
Nepal’s new political map was unveiled six months after India released its own political map. With both countries laying claim to the piece of land, the boundary dispute has now entered a new phase.
According to Nepal Police, without official complaints, authorities can’t conduct an investigation into such cases. “We haven’t received any official complaint from the victims, so we haven’t officially investigated the case,” said Deputy Inspector General Niraj Bahadur Shahi, spokesperson for Nepal Police. “However, if we receive any complaint from the victim, then the cyber bureau will investigate and action will be taken.”
But if a cyber crime is committed from outside Nepal, we cannot take action as it is out of our jurisdiction. However, in serious cases, we can request the country concerned to take action against such criminals, he said.
Baburam Aryal, a lawyer focusing on Information Technology and Cyber Crime, said Nepali systems are vulnerable as the government has not prioritised cyber security.
“We don’t have a dedicated response team, equipment and manpower to deal with cyber attacks in Nepal,” said Aryal. “The government does not want to spend on technology and manpower this is why police were unable to arrest the hackers who were recently involved in the hacking Foodmandu’s and Vianet’s websites.”
Although the new IT bill includes some security standards, it's not enough, he said. “There should be a security standard which should be updated every year, but private companies, as well as the government, don’t invest in such manpower and equipment,” said Aryal.
“However, if someone from abroad is found to have breached a website, then the government can arrest the person by coordinating with the country concerned.”