Nepal cyberspace crimes, security and threat challenges
Whether it is to achieve something great, to protest or maybe to gain a world-wide recognition everything becomes easier with a computer and access to internet. Nepalese society is exposed to many cyber risks from the moment they connect to the internet. The rate of technological advancement is rapidly increasing revolutionizing the life styles of people of Nepal. Nepal is entering digital world in spite of the fact that the recent earthquake destroyed most of its infrastructure. Cyber space in Nepal is developing briskly and along with the development, proper law with proper provisions is necessary, without a proper law there’s a high risk of cyber- crimes. Cyber Security breaches has been very risky and challenging critical cyber space Nepal faces despite their high regards for cyber security. Even when a router is turned on and modem obtain an IP address and connect to the world, the whole network is at risk at instances like this only a network security professional would be able to secure this network. This is where professionals can become crucial in making the nation’s cyber space an enjoyable and secure environment. Hidden to the general population a new threat might be growing and could soon lead to the spread of mass security issues. The number of internet subscribers in the country has crossed a 10 million mark with the internet penetration rate of about 38+ per cent. More than one-third of the nation’s population is at risk with unsecured network.
In today’s economy, the cost of high end protections may go up but Nepal still have options to encourage its security experts to create powerful algorithms and encryption techniques to protect data and network. While creating a software or system it takes a lots of money and time, cracking it may require a work of few hours so only developing systems won’t be a step to next level of cyber space, maintaining its security is important as well. Hacking and denial-of-service attacks, these all are being a challenging issue to Nepal. Hacking or cracking software is near to impossible for anyone. So knowing this helps to realize that a hacker or a cracker is an experienced person in computing and his/her reasons for those cyber-crimes are not vague and childish.
Therefore, to understand what really makes them good or bad, we have to explore the motivation that drives them to involve into cyber-crimes.
Current State (Short Summary)
Most of the online banking portal’s data transmission are not protected by secure sockets layer (SSL) resulting a big risk of sensitive information like credit card numbers, login credentials being hacked. The cyber law Act 2007/2006 needs to be upgraded with new policies and provisions as it provides very few provision for today’s cyber space. In Nepal, news and reports of cyber-crime had been regularly published to the public in the recent days from which most of the crimes were related with Social Networks. As online payments are not considered trustworthy by government, Nepal is lagging behind in electronic payment (e-Payment) systems. With an average internet download speed of 121 kB/s and upload speed 87 kilo-byte/s, 77% of internet users are not able to get stable, fast and reliable internet. There’s a lack of awareness on user end about cyber security and user’s privacy.
BIG CHALLENGES TO NEPAL GOVERNMENT
- Most of the experts and IT Professional are shifting to abroad because nation’s government was not able to provide a good environment.
- All of the government’s current IT infrastructures are out dated.
- Cyber criminals are increasing rapidly and current cyber law does not provide any powerful actions against them.
ONLINE BANKING IN NEPAL
Recently, many banks launched the online banking portals to their customers for seamless banking experience but still there’s a big problem and that is security. Most of the portals are only configured for ensuring the identity of user’s devices which does not provides optimal protection. Current Online portals of banks of Nepal lacks the following important protection practices:
- Two-Factor Authentication
- Risk-Based Authentication
- Fraud detection systems
These are the most important systems that needs to be implemented for optimal protection of user’s data as well as bank’s data(s). About 20-30% of Banks are facing problems because of CRYPTO LOCKER virus.
Crypto Locker is a file-encrypting ransom ware, which will encrypt the personal documents found on victim’s
computer using RSA-2048 key (AES CBC 256-bit encryption algorithm). Crypto Locker then displays a message which offers to decrypt the data if a payment of 2.2330749 BTC (around 499 USD) is made within 96 hours, otherwise the data will be destroyed.
Crypto Locker will add the .7z.encrypted extension to all data.
This concludes banks of Nepal also needs better server security solutions (Anti-Malware, Fire-wall and Spam protection).
Electronic Transaction Act (ETA) 2063 protects online users against cyber criminals but due to lack of proper upgrades and tracking, its unable to protect users completely. Under Act of 2004, government can punish cyber offenders with up to 5 years’ imprisonment and/or fine up to 50 thousand rupees which has clenched the security a little bit but Nepal faces a huge challenge when it comes to overcoming the cyber threats and crimes.
SOFTWARE CRACKERS / PIRACY / HACKING
An ethical hacker (white hat) is an example of personal who has expertise to provide the community with tools to prevent harmful attacks from malefic individuals while a black hat (cracker) hacker is considered as malicious kind of hacker. Although many crackers can break into software, create malwares and viruses, and bypass internet protection, but their harmful work can also be useful to create a better “encryption” methods. More than 90% of computer users of nation uses pirated software which works as a gateway to cyber threats and big risk of data leaks.
THE REAL COST OF USING PIRATED SOFTWARE
You may think that you’re getting a good deal when purchasing pirated software, however it can in fact end up setting you back a costly sum. Here are a few reasons why:
- Pirated software can cause your computer to crash. This can, in turn, cost you a lot of time and there’s even the possibility that you could lose files or data that cannot be replaced. In the worst case scenario, counterfeit software could cause irreparable damage to your PC and all other software installed.
- Counterfeit software can contain spyware which loads onto your computer and reports personal information without your knowledge. This data includes credit card and bank account numbers, passwords and address books, all of which can be immediately exploited by identity thieves.
- Cyber thieves occasionally find vulnerabilities in software. Software vendors provide patches in order to fix these vulnerabilities. However, if your software is counterfeit, these legitimate updates are unable to be incorporated, making your PC vulnerable to attacks.
MOTIVATION BEHIND PIRACY AND HACKING
Every hacker starts hacking for love of knowledge, to explore how secure the software is and how the program coding works, there are other motives for doing so:
- Social status: Hackers who publish their work for others to download, like to have recognition of their work and how good it is. In many cases this is a big factor for a cracker to keep up with their work and try to get the best results in the least amount of time. They usually put their nickname in the name of the file containing the cracked software, that way when someone looking for a certain software sees their name, that person can recognize and know, because of previous released software, if it will be a working program with no problems. In downloading sites, it is easy to spot the names of some of the crackers in the field by just reading the comments, in which the users thank and praise the crackers work. These comments are used to rate the cracker in a level according to the proper work, ease of use, and amount of time that took for the release of the cracked software.
- Personal Challenge: As stated before, crackers start their work to use and gain knowledge. This is said to be one main reason for many to start hacking software. Just as in any other person, the feeling of achieving something that looked quite impossible to do, can bring that person’s ego up high and gives the drive to keep on trying new and more challenging stuff.
- Software cost and demand: This category mostly relates to the targeted software, but it also plays a part for the motivation of many crackers. Anyone that uses a computer for work, school, or entertainment, can agree that certain software is needed in order to fully use a computer. For example, when it comes to work and school, there is a need for programs like Word, Excel, PowerPoint, etc. By doing a little research in Microsoft’s website, we can see that the price range for Office 2016 ranges from 15 thousand rupees to 25 thousand rupees according to their package. So, taking in count these 2 factors (demand and price), it is easy to realize that there is a need for these programs. There is where the crackers step in, whether is for personal use or for others, crackers take in count those factors and begin their work on the software. This is how crackers choose they target, because depending on the demand of the software in the market, means that more users are going to try to download it; therefore, the cracker will gain more recognition if they do a good job.
TECHNIQUES USED BY HACKERS
When performing an attack on a desired target, there are a variety of techniques that a hacker can perform. Before an attack take place however, a hacker would want to perform some reconnaissance on the specified target. The first of these steps is something called Network Enumeration, in this step we find out as much as we can about the specified target. It is with this step that a hacker can begin to figure the type of attack and which tools may be necessary to perform the desired attack. An example of an attack that a hacker may want to perform on a network could be a DoS attack, injecting a virus to a network or simply hijacking a victim computer to gain unauthorized remote access to a computer. The second step that can be performed would be social engineering; this sole step if performed correctly could prevent all other of the steps from needing to be used as access would be gained simply by using social engineering. Not all the time however is this step very successful. most of the time potential hackers will not gather the sufficient information that is needed in order to gain the access that they want to these specific computers. It is because of this as to why hackers would need to proceed to the other steps of gaining access to a network. Several tools are available for hackers to use depending on the type of attack that they want to perform. There exist programs that can be used to crack passwords such as ophcrack, or cain and abel. Other programs exist if you know certain exploits that a network may have, a program that you may use to take advantage of these exploits would be metasploit. Moreover, if you happen to have the tool of backtracker now known as Kali Linux, you have almost all of the tools needed to perform any type of attack all bundled together into one program. By using Kali Linux, you now have the platform needed to launch an attack. Let’s say for example you wanted to crack some passwords to gain access to a secured computer, you could easily use ophcrack located within Kali Linux to perform the attack.
OVERALL CYBER THREATS LANDSCAPE (NEPAL)
As per the reports, Nepal was the 47th most attacked country in the world (2015), About 50% of attacks were Trojan attacks, 22.7% were Spam attacks, 7.9%~8% were DDOS attacks and rest of attacks were adware/rootkits attacks.
Nepal’s cyber space is at risk; government must be concerned about the current state of online security of Nepal. For safe e-Banking, Cyber Law must be upgraded with some criteria for bank’s online portal so that the security will be optimum. Overall landscape shows Nepal is most attacked with Trojans and Spams so, proper awareness is required among active internet users. As internet is updated in real-time, government must update all its outdated systems with advance systems which ensures maximum protection. To gain equal space in cyber world, government must act now to improve overall IT industry along with Cyber security.
- NORTON ARTICLES (COUNTERFEIT SOFTWARE) https://norton.com
- SYMANTEC https://knowledge.symantec.com
- Threat Expert http://threatexpert.com