Singha Durbar server continues to face cyberattacksAbout 1,500 government websites were shut down, raising questions over the cybersecurity infrastructure of Nepal.
Nepal government’s main server continues to face cyberattacks aimed at shutting it down even though a large number of official websites were restored after Saturday’s intrusion.
The cyberattacks that resulted in disruptions of hundreds of government websites across the country on Saturday had also hit international travel due to the shutdown of the immigration server.
“Server system failure affected the operation of flights throughout the day on Saturday,” said Prem Nath Thakur, general manager at the Tribhuvan International Airport. “We managed to release a few planes manually,” he said, adding that flights of Nepal Airlines, Air India and Indigo Airlines were delayed by over an hour.
Officials said it was distributed denial of service (DDoS) attacks which are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
“We have been able to reduce the size of traffic, enabling the reopening of most government websites,” said Ramesh Prasad Pokharel, assistant director at the National Information Technology Centre (NITC) under the Ministry of Communication and Information Technology. “But attacks on our main server continued even on Sunday.”
According to him, around 1,500 government websites were shut down due to cyberattacks on the government’s only central data bank at the Government Integrated Data Centre (GIDC).
The GIDC is managed by the NITC at Singha Durbar, the government’s main administrative centre.
The NITC acts as a data bank of information, helps in computerisation of records at governmental offices and in developing and expanding the contents.
“By Sunday afternoon, we had restored services of over 1,000 government websites,” said Pokharel, adding that his office was continuing to get complaints about website shutdowns from across the country.
It took nearly four hours for the NITC to restore the immigration server after it was shut down. “Our server started to work after 5:30pm on Saturday after breaking down for three and a half hours,” said Kamal Prasad Pandey, information officer at the Department of Immigration. “There has been no problem in the operation of our online services after our server was restored.”
According to officials, several of the government’s websites were shut down on Saturday as the main server was overloaded. “Massive traffic sent by attackers from multiple countries overwhelmed our system. We failed to reduce the size of traffic instantly, leading to a shutdown of government websites,” said Pokharel.
It was one of the largest cyberattacks on any country on Saturday. “On that day, it was the second largest attack on a government server after Mongolia, as per the checkpoint.com,” said Pramod Parajuli, a cyber security expert. Checkpoint.com analyses cyber threats in real time.
On Sunday, the NITC stated that it had launched a probe into the cyberattack, and pledged to find the bugs in the system that allowed the attack.
It said though its servers were overwhelmed, no data had been compromised.
Police said they are still in the process of data collection to identify who is responsible. “We will know more about the attackers of the government websites only after a detailed study,” said Superintendent of Police Pashupati Kumar Raya, who is also spokesperson for the cyber bureau of Nepal Police. “We are in the process of data collection, authentication and verification.”
It is not the first time that the government servers faced cyberattacks.
On June 17, 2017, the website of the Department of Passports got hacked. Hackers then threatened to disclose sensitive government data. On July 25 the same year, 58 government websites were reportedly hacked simultaneously by a group called ‘Paradox Cyber Ghost’.
The latest attack, however, suggests how vulnerable Nepal’s cyber infrastructure is in the face of the growing threat, experts say. Though Nepal moved up to the 94th position in the Global Cybersecurity Index 2020 from the 106th slot in the 2018 edition, the country’s overall score continues to remain low, at 44.99 out of 100 points among 182 countries, according to the International Telecommunication Union (ITU).
The United Nations specialised agency for information and communication technologies ranked Nepal 17th among the 18 countries in the Asia-Pacific.
“The ITC ranking as well as other various cyber security companies including checkpoint have produced reports putting Nepal in the high-risk category of cybersecurity,” said Parajuli. “Yet there have been few attempts to improve things.”
According to him, there has been a lack of both proactive and reactive measures. “There is no strong legal and institutional foundation and investment in the sector is also inadequate,” Parajuli, who is also the founder of Puryani Ventures, a start-up dealing with cybersecurity, said. “For example, a draft of cyber law has only just been prepared and the task of preparing a network of cyber threat intelligence has not been done.”
The Nepal Telecommunications Authority had drafted the Cybercrime Act-2018. But it has introduced the Cyber Security Bylaw 2020, which seeks to protect information and communication systems from cyberattacks and other associated risks.
The bylaw requires telecommunications and internet service providers to make use of national and international cyber risk information-sharing platforms to share information regarding security issues, vulnerabilities and cyber threat intelligence. “There are also questions over the quality of the devices being used to prevent cyberattacks,” Parajuli said.
In the latest attacks, the NITC said the data had not been compromised. But Parajuli said there can be no such guarantee.
“Sometimes, the hackers appear to have only conducted denial of service attacks to divert attention from data breaches,” he said. “So the authorities should now examine whether data has also been breached through digital forensic examinations.”